Spamasassin heuristic email address tracker utility
sa-heatu [options] [dbfile [timestamp-file]]
Check or clean a SpamAssassin auto-whitelist (\s-1AWL\s0) database file.
The Auto-WhiteList (\s-1AWL\s0) feature in Spamassassing tracks scores from messages previously received and adjusts the message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously. This not only treats some senders as if they were whitelisted but also treats spammers as if they were blacklisted. To enable \s-1AWL\s0 in spamassassin, read dcoumentation:
perldoc Mail::SpamAssassin::Conf
This is an enhanced version of the original \s-1AWL\s0 tool. The \s-1AWL\s0 database can be examined and pruned; single email entries can be removed. This is useful when a spammer sends one or more ham messages before sending spam.
Without special options, the program generates a summary of the database (see \s-1FILES\s0):
$ sa-heatu -D -n /var/spool/spamassassin/auto-whitelist
0 entries removed. 0 entries would be expired. 0 timestamps would be added. 0 timestamps would be updated.
308 entries input. 308 entries output = input - expired - removed.
With option --verbose it generates output:
AVG TOTSCORE COUNT EMAIL IPBASE
\s-1AVG\s0 is the average score; \s-1TOTSCORE\s0 is the total score of all mails seen so far; \s-1COUNT\s0 is the number of messages seen from that sender; \s-1EMAIL\s0 is the sender's email address, and \s-1IPBASE\s0 is the \s-1AWL\s0 base \s-1IP\s0 address.
\s-1AWL\s0 base \s-1IP\s0 address is a way to identify the sender's \s-1IP\s0 address they frequently send from, in an approximate way, but remaining hard for spammers to spoof. The algorithm is as follows:
- Take the last Received header that contains a public IP address; namely one which is not in private, unrouted IP space.
- Chop off the last two octets, assuming that the user may be in an ISP's dynamic address pool.
Negative values indicate senders of ham:
average total count 6.8 6.8 1 [email protected] 72.26 -8.1 -16.2 2 [email protected] 98.109 1.4 15.9 11 [email protected] 38.105 13.9 13.9 1 [email protected] 89.185
No timestamps processing is done. Alias for --noTimestamps.
Expire entries older than \s-1NUMBER\s0 of days.
Use this for the first run to avoid reading timestamps.
Display short help.
No timestamps processing.
Clean out infrequently-used \s-1AWL\s0 entries. The \s-1NUMBER\s0 can be used to select the threshold at which entries are kept or deleted. Value 1 means that entries seen once are deleted.
Be quiet.
Remove \s-1EMAIL\s0 from database.
Output entries updated or added or removed, in addition to the summary.
Display more information. Note that this may display lot of information from the database.
To see valid senders:
sa-heatu --verbose -D | sort -n | head -n 20
To see top spammers:
sa-heatu --verbose -D | sort -n | tail -n 20
To display single record:
sa-heatu --verbose -n | grep -i [email protected]
To remove of [email protected] entry:
$ sa-heatu -n --remove [email protected]
Using $HOME/.spamassassin/auto-whitelist
average total count found 34.5 34.5 1 [email protected] 41.202
1 deleted. 259 keys with 1 entry. 658 keys with 2 entries. 1675 entries.
To shrink the database considerably by removing entries that only have one hit:
sa-heatu --prune
Average total count email address ip network address last time updated: Note: the date and time stamp is the time sa-heatu was run, not the time the email was received:
sa-heatu --verbose -D | sort -n | head -5
None.
The default working directory of program where dbfile etc. are expected. If dbfile is not given the \*(C`$HOME/.spamassassin/auto-whitelist\*(C' is used. See also option auto_whitelist_path in Spamassasin Perl module Mail::SpamAssassin::Plugin::AWL which typically points to \*(C`/var/spool/spamassassin/auto-whitelist\*(C'.
spamassassin\|(1) Mail::SpamAssassin::Plugin::AWL\|(3p)
http://wiki.apache.org/spamassassin/AutoWhitelist
See \s-1STANDARDS\s0 for download link.
The original version this program is based on is at http://svn.apache.org/repos/asf/spamassassin/branches/3.2/tools/check_whitelist
Program was written by Dennis G German <[email protected]>
This manual page was written by Jari Aalto <[email protected]>. Released under license \s-1GNU\s0 \s-1GPL\s0 version 2 or (at your option) any later version. For more information about license, visit <http://www.gnu.org/copyleft/gpl.html>.