NAME

spamtrak-mssg - Email processor for the Spamtrak spam tracking system.

SYNOPSIS

spamtrak-mssg [-iftu] [-a peer_address] [-T ndays] < email-message

DESCRIPTION

The spamtrak-mssg program is email handler for the Spamtrak system. By default it reads a spam (email) message from standard input, identifies the IP address of the host that passed this spam to the local network, updates statistics for that source, and produces a summary.

Here is a sample summary, as produced by spamtrak-mssg:

    host 64.86.155.141 count 3 score 2.90, net 64.86.155 count 30 score 18.29

The count is the total number of messages associated with that source. The score approximately represents the amount of spam received from that source over the past 90 days.

The following options modify this behavior:

-a

Address. Specifies peer-address as the address of the host sending the spam. When this option is given, no input is read. This option cannot be used with filter mode (-f).

-f

Filter mode. Instead of a line of statistics output, spamtrak-mssg copies the spam message to its standard output, with an ``X-Spamtrak:'' header added. The header contains the statistics summary.

-i

Inhibit mode. The database is not updated. The spam source is identified and statistics are presented on existing data for the source. This is mainly useful for testing.

-T

Specify time. Specify how many days ago the message was received. The default behavior is equivalent to -T 0. A negative time may be specified; it unreceives a message. For example, -T -30 is equivalent to -u -T 30. You can use negative zero (-T -0) which is equivalent to -u -T 0.

-t

Calculate time. By default, spamtrak-mssg assumes it is being run as the message is received. This option tells spamtrak-mssg to inspect the ``From'' line at the top of the message, and use the delivery date found there. This information will be used to calculate the 90-day average score.

-u

Unreceive mode. This mode may be used to back out a message previously received. Statistics are reduced, thus removing the message from the data.

EXAMPLE

If you have a collection of spam (in mailbox format) that you would like to use to initialize the database, you can run:

        formail -s spamtrak-mssg -t </path/to/spam/folder

If you are running spamassassin(1) under procmail(1), you can process the identified spam messages with this .procmailrc recipe:

        :0
        * ^X-Spam-Flag: YES
        {
            # run through spamtrak
            :0 fw
            | /usr/local/bin/spamtrak-mssg -f

            # save to the spam folder
            :0:
            spam-folder
        }

BUGS

spamtrak-mssg is typically invoked by the spamtrak-wrapper. It is important that its ``SPAMTRAK_LOCAL_ADDRS'' be set correctly, or else spamtrak-mssg may identify hosts on your network as spam sources.

If you hand spamtrak-mssg an email that was generated on your network, it will complain that it cannot find a peer address. That's because after removing the addresses on your network, there isn't anything left.

When spamtrak-mssg is used in filter mode -f it is important to check for a zero exit status. If the exit status is non-zero, then the calling program should ignore any output and recover the original message. In procmail(1), this is done by including the ``w'' flag in the recipe.

SEE ALSO

 spamtrak(1), spamtrak-dbop(1), spamtrak-query(1)
 spamassassin(1), procmail(1)

AUTHOR

 Chip Rosenthal
 Unicom Systems Development
 <chip@unicom.com>

 $Id: spamtrak-mssg.pl,v 1.2 2002/07/29 03:14:55 chip Exp $