Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
DSPAM(1)			     DSPAM			      DSPAM(1)

       dspam - DSPAM Anti-Spam Agent

       dspam [--mode=teft|toe|tum|notrain|unlearn] [--user user1
       user2 ... userN]	[--feature=noise|no,tb=N,whitelist|wh]
       [--class=spam|innocent] [--source=error|corpus|inoculation] [--pro-
       file=PROFILE] [--deliver=spam,innocent|nonspam,summary,stdout] [--help]
       [--version] [--process] [--classify] [--signature=signature] [--stdout]
       [--debug] [--daemon] [--nofork]]	[--client] [--rcpt-to recipient-ad-
       dress(es)] [--mail-from=sender-address] [passthru-delivery-arguments]

       The  DSPAM  agent  provides a direct interface to mail servers for com-
       mand-line spam filtering. The agent can masquerade as the mail server's
       local delivery agent and	will process any email passed to it. The agent
       will then call whatever delivery	agent was specified at compile time or
       quarantine/tag/drop  messages  identified  as spam. The DSPAM agent can
       function	locally	or as a	proxy. It is also responsible  for  processing
       classification errors so	that DSPAM can learn from its mistakes.

       --user user1 user2 ... userNSpecifies  the destination users of the in-
       coming message. In most cases this is
	      the local	user on	the system, however some  implementations  may
	      call  for	 virtual usernames, specific to	DSPAM, to be assigned.
	      The agent	processes an incoming message once for each user spec-
	      ified. If	the message is to be delivered,	the $u (or %u) parame-
	      ters of the argument string will be interpolated for the current
	      user being processed.

       --mode=toe|tum|teft|notrainConfigures  the training mode	to be used for
       this process, overriding	any defaults in
	      dspam.conf or the	preference extension:

	      teft : Train-Everything. Trains on all messages processed.  This
	      is  a  very  thorough training approach and should be considered
	      the standard training approach for most users.  TEFT  may,  how-
	      ever,  prove  too	 volatile on installations with	extremely high
	      per-user traffic,	or prove not very scalable on systems with ex-
	      tremely  large user-bases. In the	event that TEFT	is proving in-
	      effective, one of	the other modes	is recommended.

	      toe : Train-on-Error. Trains only	 on  a	classification	error,
	      once  the	user's metadata	has matured to 2500 innocent messages.
	      This training mode is much less resource intensive, as only  oc-
	      casional	metadata  writes  are  necessary.  It is also far less
	      volatile than the	TEFT mode of training. One drawback,  however,
	      is  that	TOE  only learns when DSPAM has	made a mistake - which
	      means the	data is	sometimes too  static,	and  unable  to	 "ease
	      into" a different	type of	behavior.

	      tum : Train-until-Mature.	This training mode is a	hybrid between
	      the other	two training modes and provides	a  great  balance  be-
	      tween  volatility	 and  static  metadata.	 TuM  will  train on a
	      per-token	basis only tokens which	have had fewer than 25	"hits"
	      on  them,	 unless	 an error is being retrained in	which case all
	      tokens are trained. This training	mode provides a	solid core  of
	      stable  tokens  to keep accuracy consistent, but also allows for
	      dynamic adaptation to any	new types of  email  behavior  a  user
	      might be experiencing.

	      notrain  : No training. Do not train the user's data, and	do not
	      keep totals. This	should only be used in cases where you want to
	      process  mail for	a particular user (based on a group, for exam-
	      ple), but	don't want the user to accumulate any learning data.

	      unlearn :	Unlearn	original training. Use this if you wish	to un-
	      learn   a	 previously  learned  message.	 Be  sure  to  specify
	      --source=error and --class to whatever the original  classifica-
	      tion  the	message	was learned under. If not using	TrainPristine,
	      this will	require	the original signature from training.

       --feature=noise|no,whitelist|wh,tb=NSpecifies the features that	should
       be activated for	this filter instance. The following
	      features may be used individually	or combined using a comma as a

	      (no)ise :	 Bayesian Noise	Reduction (BNR). Bayesian Noise	Reduc-
	      tion kicks in at 2500 innocent messages and provides an advanced
	      progressive noise	logic to reduce	Bayesian Noise	(wordlist  at-
	      tacks)  in  spams.  See
	      for more information.

	      (tb)=N :	Sets the training loop buffering level.	Training  loop
	      buffering	is the amount of statistical sedation performed	to wa-
	      ter down statistics and avoid false positives during the	user's
	      training	loop. The training buffer sets the buffer sensitivity,
	      and should be a number between 0 (no buffering whatsoever) to 10
	      (heavy buffering).  The default is 5, half of what previous ver-
	      sions of DSPAM used. To avoid dulling  down  statistics  at  all
	      during the training loop,	set this to 0.

	      (wh)itelist  :  Automatic	whitelisting. DSPAM will keep track of
	      the entire "From:" line for each message received	per user,  and
	      automatically  whitelist messages	from senders with more than 20
	      innocent messages	and zero spams.	Once the user reports  a  spam
	      from  the	 sender,  automatic whitelisting will automatically be
	      deactivated for that sender. Since DSPAM uses the	entire "From:"
	      line,  and  not  just  the  sender's  email  address,  automatic
	      whitelisting is a	very safe approach to improving	accuracy espe-
	      cially during initial training.

	      NOTE:  :	 None  of  the present features	are necessary when the
	      source is	"error", because the original training	data  is  used
	      from  the	 signature to retrain, instantiating whatever features
	      (such as whitelisting) were active at the	time  of  the  initial
	      classification.	Since  BNR is only necessary when a message is
	      being classified,	the --feature flag can be safely omitted  from
	      error source calls.

       --class=spam|innocentIdentifies the disposition (if any)	of the message
       being presented.	This flag
	      should be	used when a misclassification has  occured,  when  the
	      user  is corpus-feeding a	message, or when an inoculation	is be-
	      ing presented. This flag should not be used  for	standard  pro-
	      cessing. This flag must be used in conjunction with the --source
	      flag. Omitting this flag causes DSPAM to determine the  disposi-
	      tion of the message on its own (the standard operating mode).

	      --class  is  used, the source of the classification must also be
	      provided.	The source tells dspam how to learn the	message	 being

	      error  :	The  message  being presented was a message previously
	      misclassified by DSPAM. When 'error' is provided	as  a  source,
	      DSPAM  requires  that the	DSPAM signature	be present in the mes-
	      sage, and	will use the signature to recall the original training
	      metadata.	  If the signature is not present, the message will be
	      rejected.	In this	source mode, DSPAM will	 also  decrement  each
	      token's  previous	classification's count as well as the user to-

	      You should use error only	when DSPAM has made an error in	 clas-
	      sifying  the message, and	should present the modified version of
	      the message with the DSPAM signature when	doing so.

	      corpus : The message being presented is from a mail corpus,  and
	      should be	trained	as a new message, rather than re-trained based
	      on a signature. The message's full headers and body will be ana-
	      lyzed  and the correct classification will be incremented, with-
	      out its opposite being decremented.

	      You should use corpus only when feeding messages in from corpus.

	      inoculation : The	message	being presented	is in  pristine	 form,
	      and should be trained as an inoculation. Inoculations are	a more
	      intense mode of training designed	to cause DSPAM	to  train  the
	      user's  metadata	repeatedly on previoulsy unknown tokens, in an
	      attempt to vaccinate the user from future	 messages  similar  to
	      the one being presented. You should use inoculation only on hon-
	      eypots and the like.

       --profile=PROFILESpecify	a storage profile from dspam.conf. The storage
       profile selected	will be	used
	      for  all database	connectivity. See dspam.conf for more informa-

	      DSPAM to deliver the message if its result falls within the cri-
	      teria   specified.  For  example,	 --deliver=innocent  or	 --de-
	      liver=nonspam will cause DSPAM to	only deliver  the  message  if
	      its  classification  has	been determined	as innocent. Providing
	      --deliver=innocent,spam  or  --deliver=nonspam,spam  will	 cause
	      DSPAM  to	 deliver the message regardless	of its classification.
	      This flag	provides a significant amount of flexibility for  non-
	      standard	implementations,  where	false positives	may not	be de-
	      livered but spam is, and etcetera.

	      summary :	Deliver	(to stdout) a summary indentical to the	output
	      of message classification:

	      X-DSPAM-Result: User; result="Innocent"; class="Innocent"; prob-
	      ability=0.0000;		  confidence=1.00;		signa-

	      stdout : Is a shortcut for for --deliver=innocent,spam --stdout

       --stdout	If the message is indeed deemed	"deliverable" by the
	      --deliver	 flag,	this flag will cause DSPAM to deliver the mes-
	      sage to stdout, rather than the configured delivery agent.

	      DSPAM to process the message. This is the	default	behavior,  and
	      the flag is implied unless --classify is used.

	      DSPAM  to	 only classify the message, and	not perform any	writes
	      to the user's data or attempt to deliver/quarantine the message.
	      The  results  of	a  classification are printed to stdout	in the
	      following	format:

	      X-DSPAM-Result: User; result="Spam"; probability=1.0000;	confi-

	      NOTE :  The output of the	classification is specific to a	user's
	      own data,	and does not include the output	 of  any  groups  they
	      might  be	 affiliated  with, so it is entirely possible that the
	      message would be caught as spam by a group the user belongs  to,
	      and appear as innocent in	the output of a	classification.	To get
	      the classification for the group , use the  group	 name  as  the
	      user instead of an individual.

       --signature=signatureIf	only  the signature is available for training,
       and not the entire message, the
	      --signature flag may be used to feed the	signature  into	 DSPAM
	      and  forego  the reading of stdin. DSPAM will process the	signa-
	      ture with	whatever commandline classification was	specified.

	      NOTE :  This should only be used with --source=error

	      DSPAM was	compiled with --enable-debug then using	 --debug  will
	      turn on debugging	messages.

	      DSPAM was	compiled with --enable-daemon then using --daemon will
	      cause DSPAM to enter daemon mode,	where it will listen for DSPAM
	      clients to connect and actively service requests.

	      DSPAM was	compiled with --enable-daemon then using --nofork will
	      cause DSPAM to not fork the daemon  into	backgound  when	 using
	      --daemon switch.

	      DSPAM was	compiled with --enable-daemon then using --client will
	      cause DSPAM to act as a client and attempt  to  connect  to  the
	      DSPAM  server  specified	in  the	 client's configuration	within
	      dspam.conf. If client behavior is	desired, this option  must  be
	      specified,  otherwise the	agent simply operate as	self-contained
	      and processes the	message	on its own, eliminating	any benefit of
	      using the	daemon.

       --rcpt-to recipient-address(es)If
	      DSPAM  will be configured	to deliver via LMTP or SMTP, this flag
	      may be used to define the	RCPT TOs which will be	used  for  the
	      delivery of each user specified with --user If no	recipients are
	      provided,	the RCPT TOs will match	the username.

	      NOTE :  The recipient list should	always be  balanced  with  the
	      user list, or empty.  Specifying an unbalanced number of recipi-
	      ents to users will result	in undefined behavior.

	      DSPAM will be cofigured to deliver via LMTP or SMTP,  this  flag
	      will  set	the MAIL FROM sent on delivery of the message. The de-
	      fault MAIL FROM depends on how the message  was  originally  re-
	      layed  to	DSPAM. If it was relayed via the commandline, an empty
	      MAIL FROM	will be	used. If it was	relayed	via LMTP, the original
	      MAIL FROM	will be	used.

       0      Operation	was successful.
       other  Operation	 resulted  in an error.	If the error involved an error
	      in calling the delivery agent, the exit value  of	 the  delivery
	      agent will be returned.

       Copyright (C) 2002-2012 DSPAM Project
       All rights reserved.

       For more	information, see

       dspam_admin(1),	   dspam_clean(1),     dspam_crc(1),	dspam_dump(1),
       dspam_logrotate(1), dspam_merge(1), dspam_stats(1), dspam_train(1)

DSPAM				 Aug 14, 2010			      DSPAM(1)


Want to link to this manual page? Use this URL:

home | help