sa-heatu(1) Spamasassin Heuristic Email Address Tracker Utility

SYNOPSIS


sa-heatu [options] [dbfile [timestamp-file]]

DESCRIPTION

Check or clean a SpamAssassin auto-whitelist (AWL) database file.

The Auto-WhiteList (AWL) feature in Spamassassing tracks scores from messages previously received and adjusts the message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously. This not only treats some senders as if they were whitelisted but also treats spammers as if they were blacklisted. To enable AWL in spamassassin, read dcoumentation:

    perldoc Mail::SpamAssassin::Conf

This is an enhanced version of the original AWL tool. The AWL database can be examined and pruned; single email entries can be removed. This is useful when a spammer sends one or more ham messages before sending spam.

Without special options, the program generates a summary of the database (see FILES):

    $ sa-heatu -D -n /var/spool/spamassassin/auto-whitelist
       0 entries removed.
       0 entries would be expired.
       0 timestamps would be added.
       0 timestamps would be updated.
     308 entries input.
     308 entries output = input - expired - removed.

With option --verbose it generates output:

     AVG   TOTSCORE COUNT  EMAIL IPBASE

AVG is the average score; TOTSCORE is the total score of all mails seen so far; COUNT is the number of messages seen from that sender; EMAIL is the sender's email address, and IPBASE is the AWL base IP address.

AWL base IP address is a way to identify the sender's IP address they frequently send from, in an approximate way, but remaining hard for spammers to spoof. The algorithm is as follows:

    - Take the last Received header that contains a public IP address;
      namely one which is not in private, unrouted IP space.
    - Chop off the last two octets, assuming that the user may be in
      an ISP's dynamic address pool.

Negative values indicate senders of ham:

    average    total count
       6.8       6.8   1   [email protected]                     72.26
      -8.1     -16.2   2   [email protected]    98.109
       1.4      15.9  11   [email protected]                 38.105
      13.9      13.9   1   [email protected]                         89.185

OPTIONS

-D, --DONTupdatetimestamps
No timestamps processing is done. Alias for --noTimestamps.
-e, --expireOlderThan NUMBER
Expire entries older than NUMBER of days.
-f, --firstTimes
Use this for the first run to avoid reading timestamps.
-h, --help
Display short help.
-n, --noTimestamps
No timestamps processing.
-p, --prune NUMBER
Clean out infrequently-used AWL entries. The NUMBER can be used to select the threshold at which entries are kept or deleted. Value 1 means that entries seen once are deleted.
-q, --quiet
Be quiet.
-r, --remove EMAIL
Remove EMAIL from database.
-s, --showUpdates
Output entries updated or added or removed, in addition to the summary.
-v, --verbose
Display more information. Note that this may display lot of information from the database.

EXAMPLES

To see valid senders:

   sa-heatu --verbose -D | sort -n | head -n 20

To see top spammers:

   sa-heatu --verbose -D | sort -n | tail -n 20

To display single record:

    sa-heatu --verbose -n | grep -i [email protected]

To remove of [email protected] entry:

    $ sa-heatu -n --remove [email protected]
    Using $HOME/.spamassassin/auto-whitelist
    average    total count found
    34.5      34.5   1     [email protected] 41.202
        1 deleted.
      259 keys with 1 entry.
      658 keys with 2 entries.
     1675 entries.

To shrink the database considerably by removing entries that only have one hit:

    sa-heatu --prune

Average total count email address ip network address last time updated: Note: the date and time stamp is the time sa-heatu was run, not the time the email was received:

   sa-heatu --verbose -D | sort -n | head -5

ENVIRONMENT

None.

FILES

$HOME/.spamassassin
The default working directory of program where dbfile etc. are expected.

If dbfile is not given the "$HOME/.spamassassin/auto-whitelist" is used. See also option auto_whitelist_path in Spamassasin Perl module Mail::SpamAssassin::Plugin::AWL which typically points to "/var/spool/spamassassin/auto-whitelist".

AVAILABILITY

See STANDARDS for download link.

The original version this program is based on is at http://svn.apache.org/repos/asf/spamassassin/branches/3.2/tools/check_whitelist

AUTHORS

Program was written by Dennis G German <[email protected]>

This manual page was written by Jari Aalto <[email protected]>. Released under license GNU GPL version 2 or (at your option) any later version. For more information about license, visit <http://www.gnu.org/copyleft/gpl.html>.