# Your options should be saved to $HOME/.spamtestbuddy
# This CONFIGURATION file can be copied as .spamtestbuddy and modified.
#
# Emails start with a score of 0. Define overall threshold for OVER/UNDER.
# Beware floating point comparisons (e.g. 1 + 0.9999 does not exceed 2)

SpamThreshold	0.9

# In order to test the IP address which sent this message, SpamTestBuddy
# has to extract the right IP address from email headers. The last IP address
# found within square brackets on Received lines will be used. Indicate the
# network(s) to skip, so that local hops or forwarding servers are ignored.
# Use a comma separated list of full or partial IP addresses. Each will be
# compared in string style, so it's best to include the dots at the end of
# the network (e.g. 24.19. instead of 24.19). The parsed IP is output in
# X-SpamTestBuddy headers. Currently used by TestFileIP, TestDnsProblems,
# and TestDNSBL. List must be under 1000 chars.

SkipReceived	127., 192.168.

###################
##  TEST FORMAT  ##
###################
#
# Each matching test increases (+) or decreases (-) total score by a floating
# point amount. The score starts at zero, and is compared to the SpamThreshold
# once all tests are done. The score may go negative or positive during tests.
#
# Each test can have an arbitrary user-defined weighting, any floating point
# multiplier. The default weight is 1.0 for each test. Most tests are binary
# in nature and either contribute to the score or do nothing. The exception is
# TestHeaderFloat which evaluates to a floating point value [0, 1] which will
# be multiplied by the indicated weighting.
#
# Each test is given a name (arbitrary, shown in all capitals) which is output
# upon match in the X-SpamTestBuddy-Tests: header.
#
# Example simple test definition which adds (subtracts) 1.0 on a match:
#	+TestName	LABEL	parameter
#	-TestName	LABEL	parameter
# Example weighted test definition which adds (subtracts) +0.5 or -0.3 on match:
#	+0.5 * TestName	LABEL	parameter
#	-0.3 * TestName	LABEL	parameter
#
# Where TestName is replaced with TestDnsProblems, TestFileIP, etc from below.
#
# It is best to specify a weight for each test rather than using the default,
# coarse increments/decrements of 1.0
#
#
####################
##   TEST NAMES   ##
####################
#
# Summary of supported tests, all described below:
$
#	TestHeaderFloat - Check for header containing value [0,1] and add/subtract from score
#	TestDnsProblems - Check for existing reverse dns and consistent forward dns
#	TestFileIP - Check if connecting IP address (parsed from Received:) is in local text file
#	TestHeaderSubstr - Check for header substring match
#	TestHeaderYes - Check for header with right hand side "Yes/True/Spam"
#	TestDNSBL - Check if connecting IP address is in DNS based real-time blacklist
#
#
# One common use of SpamTestBuddy is filtering based on the score from a
# statistical filter (such as Bayesian). TestHeaderFloat will test an email
# header for a floating point number between 0 and 1.0001
# The first number found in the header is read (ignored if > 1) and then
# multiplied by the weighting if indicated. The header parameter can not
# contain whitespace and is case sensitive.
#
# The example below adds the score read from SpamProbe (near 0.0 if non-spam,
# near 0.5 if unsure, near 1.0 if spam). No weight is specified so the value
# is simply added to the score. Similar spam probabilities can be easily 
# parsed from other similar filters such as DSPAM (X-DSPAM-Probability:)

+TestHeaderFloat	SPAMPROBE	X-SpamProbe:

# Test for DNS problems. Matches if there is no reverse DNS, or if forward
# and reverse DNS don't match. Beware that non-functioning DNS on the local
# system will trigger this test to match on every email sent through. As
# long as your DNS functions properly, this test should only match emails
# sent through hosts with questionable DNS configuration. Such hosts are
# rarely legitimate mail relays, since proper forward and reverse DNS are
# a requirement for any normal mail server.
#
# The example below, based on a SpamProbe starting point [0, 1] increases the
# score by +0.2 if there are DNS problems, making a spam result more likely.

+0.2 * TestDnsProblems	DNSPROBLEM

# Test the connecting IP address (see SkipReceived) against a local text file
# containing a list of IP addresses. The file must contain one IP per line and
# must match exactly between line start and line end. This can be used to
# consult a local blacklist (+) or whitelist (-). The parameter is the file
# name to read, errors to stderr if can't fopen()
#
# The example below consults a local whitelist file, and subtracts -0.4 if the
# IP address parsed from this email appears in the file.

-0.4 * TestFileIP	WHITELIST	/home/user/sender.ip.whitelist

# Test a header for substring match (case sensitive). Must match exactly from
# the start of the line to the end of the parameter below. e.g. CRM-114
# The header parameter can contain whitespace and ends at the newline
#
# The example below adds +0.5 to the score if the header matches.

+0.5 * TestHeaderSubstr	CRM114		X-CRM114-Status: SPAM

# Test a header for "Yes/True/Spam" (case insensitive) on the right. e.g QSF.
# The header parameter (case sensitive) can not contain whitespace.
#
# The example below adds +0.5 to the score if the header ends in "Yes/True/Spam"

+0.5 * TestHeaderYes	QSF		X-Spam:

# Test the IP address parsed (see SkipReceived) against DNS based blocklists.
# A whitelist can be used as shown by associating a negative score on match.
# These are light weight remote database queries.
#
# Testing DNSBLs takes time to do DNS queries and could even wait and timeout
# if you use the wrong DNS zone. Failure to get a reply does not impact the
# score at all. SpamTestBuddy caches the last lookup, so group your TestDNSBL's
# for the same zone together to benefit. Of course each new email causes a new
# instance of SpamTestBuddy to run, and there is no caching between instances.
#
# When a DNSBL is queried with an IP address, it returns another IP address
# which is a coded response. The positive response is usually 127.0.0.2 though
# any code could be returned. By default, SpamTestBuddy takes any 127.0.x.y
# response as a match when used in the form:
#	+TestDNSBL	LABEL	zone.example.com
# To match a specific code from left-to-right, add ^string after the zone.
# The following matches any response 127.1.x.y (but would not match 127.0.0.2)
#	+TestDNSBL	LABEL	zone.example.com^127.1.
# You can also match from right-to-left by adding a $string after the zone.
# The following matches any response ending in .1.1 as a right aligned string.
#	+TestDNSBL	LABEL	zone.example.com$.1.1
#
# See: http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
#
# There are many useful lists available with different policies. Don't go
# overboard and query too many though, because this adds lookup delays.
# It is suggested that you associate a relatively small weight beside each
# DNSBL lookup, so that no single blacklist alone causes spam detection.
# Please carefully read each DNSBL's policy and understand what they list.
#
# Examples of real DNSBL definitions that could be useful if you are starting
# with a statistical spam score between [0, 1]. Notice that if the statistical
# filter gives a low score (such as 0.0) the IP address can appear on several
# blacklists and still not cause the score to go over the spam threshold!
#
# If the sender is listed on Spamhaus ZEN, add +0.4 to the score.

+0.4 * TestDNSBL	ZEN	zen.spamhaus.org

# If the sender is listed on SORBS, add +0.1 to the score.

+0.1 * TestDNSBL	SORBS	dnsbl.sorbs.net

# If the sender is listed on WPBL, add +0.1 to the score.

+0.1 * TestDNSBL	WPBL	db.wpbl.info

# Use the dnswl.org service reduce the score depending on degree of
# confidence (represented in last octet of dnswl response code).
# Subtract -0.1 for 'none' level, -0.5 for low, etc.
# These definitions should be grouped together to benefit from
# caching of lookups, which only sends one DNS query for the batch.

-0.1 * TestDNSBL        DNSWL.none      list.dnswl.org$.0
-0.5 * TestDNSBL        DNSWL.low       list.dnswl.org$.1
-0.8 * TestDNSBL        DNSWL.med       list.dnswl.org$.2
-1.0 * TestDNSBL        DNSWL.high      list.dnswl.org$.3
