Spamassassin - Network Test Options

use_dcc ( 0 | 1 ) (default: 1)
Whether to use DCC, if it is available.
dcc_timeout n (default: 10)
How many seconds you wait for dcc to complete before you go on without the results
dcc_body_max NUMBER
dcc_fuz1_max NUMBER
dcc_fuz2_max NUMBER
DCC (Distributed Checksum Clearinghouse) is a system similar to Razor. This option sets how often a message's body/fuz1/fuz2 checksum must have been reported to the DCC server before SpamAssassin will consider the DCC check as matched.

As nearly all DCC clients are auto-reporting these checksums you should set this to a relatively high value, e.g. 999999 (this is DCC's MANY count).

The default is 999999 for all these options.

use_pyzor ( 0 | 1 ) (default: 1)
Whether to use Pyzor, if it is available.
pyzor_timeout n (default: 10)
How many seconds you wait for Pyzor to complete before you go on without the results.
pyzor_max NUMBER
Pyzor is a system similar to Razor. This option sets how often a message's body checksum must have been reported to the Pyzor server before SpamAssassin will consider the Pyzor check as matched.

The default is 5.

pyzor_options options
Specify options to the pyzor command. Please note that only [A-Za-z0-9 -/] is allowed (security).
trusted_networks ip.add.re.ss[/mask] ... (default: none)
What networks or hosts are 'trusted' in your setup. Trusted in this case means that relay hosts on these networks are considered to not be potentially operated by spammers, open relays, or open proxies. DNS blacklist checks will never query for hosts on these networks.

If a /mask is specified, it's considered a CIDR-style 'netmask', specified in bits. If it is not specified, but less than 4 octets are specified with a trailing dot, that's considered a mask to allow all addresses in the remaining octets. If a mask is not specified, and there is not trailing dot, then just the single IP address specified is used, as if the mask was /32.

Examples:

    trusted_networks 192.168/16 127/8           # all in 192.168.*.* and 127.*.*.*
trusted_networks 212.17.35.15 # just that host
trusted_networks 127. # all in 127.*.*.*

This operates additively, so a trusted_networks line after another one will result in all those networks becoming trusted. To clear out the existing entries, use clear_trusted_networks.

If you're running with DNS checks enabled, SpamAssassin includes code to infer your trusted networks on the fly, so this may not be necessary. (Thanks to Scott Banister and Andrew Flury for the inspiration for this algorithm.) This inference works as follows:

  • if the 'from' IP address is on the same /16 network as the top Received line's 'by' host, it's trusted
  • if the address of the 'from' host is in a reserved network range, then it's trusted
  • if any addresses of the 'by' host is in a reserved network range, then it's trusted
clear_trusted_networks
Empty the list of trusted networks.
use_razor2 ( 0 | 1 ) (default: 1)
Whether to use Razor version 2, if it is available.
razor_timeout n (default: 10)
How many seconds you wait for razor to complete before you go on without the results
use_bayes ( 0 | 1 ) (default: 1)
Whether to use the naive-Bayesian-style classifier built into SpamAssassin.
skip_rbl_checks { 0 | 1 } (default: 0)
By default, SpamAssassin will run RBL checks. If your ISP already does this for you, set this to 1.
rbl_timeout n (default: 15)
All RBL queries are made at the beginning of a check and we try to read the results at the end. This value specifies the maximum period of time to wait for an RBL query. If most of the RBL queries have succeeded for a particular message, then SpamAssassin will not wait for the full period to avoid wasting time on unresponsive server(s). For the default 15 second timeout, here is a chart of queries remaining versus the effective timeout in seconds:
  queries left    100%  90%  80%  70%  60%  50%  40%  30%  20%  10%  0%
timeout 15 15 14 14 13 11 10 8 5 3 0

In addition, whenever the effective timeout is lowered due to additional query results returning, the remaining queries are always given at least one more second before timing out, but the wait time will never exceed rbl_timeout.

For example, if 20 queries are made at the beginning of a message check and 16 queries have returned (leaving 20%), the remaining 4 queries must finish within 5 seconds of the beginning of the check or they will be timed out.

check_mx_attempts n (default: 2)
By default, SpamAssassin checks the From: address for a valid MX this many times, waiting 5 seconds each time.
check_mx_delay n (default: 5)
How many seconds to wait before retrying an MX check.
dns_available { yes | test[: name1 name2...] | no } (default: test)
By default, SpamAssassin will query some default hosts on the internet to attempt to check if DNS is working on not. The problem is that it can introduce some delay if your network connection is down, and in some cases it can wrongly guess that DNS is unavailable because the test connections failed. SpamAssassin includes a default set of 13 servers, among which 3 are picked randomly.

You can however specify your own list by specifying

dns_available test: server1.tld server2.tld server3.tld

Please note, the DNS test queries for MX records so if you specify your own list of servers, please make sure to choose the one(s) which has an associated MX record.