MailScanner Configuration Index

 Do you want to add the Envelope-From: header?
 This is very useful for tracking where spam came from as it
 contains the envelope sender address.
 This can also be the filename of a ruleset.

 Do you want to add the Envelope-To: header?
 This can be useful for tracking spam destinations, but should be
 used with care due to possible privacy concerns with the use of
 Bcc: headers by users.
 This can also be the filename of a ruleset.

 Do you want to add the plain text contents of Microsoft Word documents?
 This feature uses the 'antiword' program available from
 http://www.winfield.demon.nl/
 For those of you running on Linux, you can get RPMs and SRPMs from
 http://www.volny.cz/zellerin/rpmmenu.html
 It is switched off by default, as it causes a slight performance hit.
 This can also be the filename of a ruleset.

 Do you want to add a watermark to each email message?
 Setting this enables delivery error messages to be identified as yours
 so you want to see them. Delivery error messages without valid watermarks
 are treated as spam (or whatever you set below), as you probably don't
 want to see them. Spammers can send vast quantities of spam claiming to
 come from you so that you get all the delivery errors (known as a "joe-job"
 attack).
 This can also be the filename of a ruleset.

 Anything on the next line that appears in brackets at the end of a line
 of output from Sophos will cause the error/infection to be ignored.
 Use of this option is dangerous, and should only be used if you are having
 trouble with lots of corrupt PDF files, for example.
 If you need to specify more than 1 string to find in the error message,
 then put each string in quotes and separate them with a comma.
 For example:
Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date", "Password protected file"

 Do you want to allow messages whose body is stored somewhere else on the
 internet, which is downloaded separately by the user's email package?
 There is no way to guarantee that the file fetched by the user's email
 package is free from viruses, as MailScanner never sees it.
 This feature is dangerous as it can allow viruses to be fetched from
 other Internet sites by a user's email package. The user would just
 think it was a normal email attachment and would have been scanned by
 MailScanner.
 It is only currently supported by Netscape 6 anyway, and the only people
 who use it are the IETF. So I would strongly advise leaving this switched off.
 This can also be the filename of a ruleset.

 Allow any attachment MIME types matching any of the patterns listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filetype of a ruleset.

 Allow any attachment filenames matching any of the patterns listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filename of a ruleset.

 Allow any attachment filetypes matching any of the patterns listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filetype of a ruleset.

 Do you want to allow <Form> tags in email messages? This is a bad idea
 as these are used as scams to pursuade people to part with credit card
 information and other personal data.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
                   Note: Disarming can be defeated, it is not 100% safe!
 This can also be the filename of a ruleset.

 Do you want to allow <IFrame> tags in email messages? This is not a good
 idea as it allows various Microsoft Outlook security vulnerabilities to
 remain unprotected, but if you have a load of mailing lists sending them,
 then you will want to allow them to keep your users happy.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
 This can also be the filename of a ruleset, so you can allow them from
 known mailing lists but ban them from everywhere else.

 This option can be used to stop any duplication of en email signature
 appearing in the HTML of an email message. It looks for the "alt"
 attribute in the <img> tag specifying the image to be inserted int the
 HTML signature. If you want to use this option without inserting an image
 into the signature, simply specify an <img> tag without a "src" attribute.

 If the "alt" tag appears, and contains the word "MailScanner" and the
 word "Signature" and the %org-name% you specified at the top of this file,
 then the message is considered to already be signed. If this option is
 also set to "yes", then it will not be signed again. Multiple image
 signatures at the bottom of a message can make the message very large and
 ugly once it has been replied to a couple of times.
 This can also be the filename of a ruleset.

 Do you want to allow <Object Codebase=...> or <Object Data=...> tags
 in email messages?
 This is a bad idea as it leaves you unprotected against various
 Microsoft-specific security vulnerabilities. But if your users demand
 it, you can do it.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
 This can also be the filename of a ruleset, so you can allow them just
 for specific users or domains.

 Do you want to allow partial messages, which only contain a fraction of
 the attachments, not the whole thing? There is absolutely no way to
 scan these "partial messages" properly for viruses, as MailScanner never
 sees all of the attachment at the same time. Enabling this option can
 allow viruses through. You have been warned.
 This can also be the filename of a ruleset so you can, for example, allow
 them in outgoing mail but not in incoming mail.

 Should archives which contain any password-protected files be allowed?
 Leaving this set to "no" is a good way of protecting against all the
 protected zip files used by viruses at the moment.
 This can also be the filename of a ruleset.

 Do you want to allow <Script> tags in email messages? This is a bad idea
 as these are used to exploit vulnerabilities in email applications and
 web browsers.
 Value: yes     => Allow these tags to be in the message
        no      => Ban messages containing these tags
        disarm  => Allow these tags, but stop these tags from working
                   Note: Disarming can be defeated, it is not 100% safe!
 This can also be the filename of a ruleset.

 Do you want to allow <Img> tags with very small images in email messages?
 This is a bad idea as these are used as 'web bugs' to find out if a message
 has been read. It is not dangerous, it is just used to make you give away
 information.
 Value: yes     => Allow these tags to be in the message
        disarm  => Allow these tags, but stop these tags from working
                   Note: Disarming can be defeated, it is not 100% safe!
 Note: You cannot block messages containing web bugs as their detection
       is very vulnerable to false alarms.
 This can also be the filename of a ruleset.

 While detecting "Phishing" attacks, do you also want to point out links
 to numeric IP addresses. Genuine links to totally numeric IP addresses
 are very rare, so this option is set to "yes" by default. If a numeric
 IP address is found in a link, the same phishing warning message is used
 as in the Find Phishing Fraud option above.
 This can also be the filename of a ruleset.

 Do you want to always include the Spam Report in the SpamCheck
 header, even if the message wasn't spam?
 This can also be the filename of a ruleset.

 This option is intended for people who want to log more information
 about messages than what is put in syslog. It is intended to be used
 with a Custom Function which has the side-effect of logging information,
 perhaps to an SQL database, or any other processing you want to do
 after each message is processed.
 Its value is completely ignored, it is purely there to have side
 effects.
 If you want to use it, read CustomConfig.pm.

 This option is intended for people who want to log per-batch information.
 This is evaluated after the "Always Looked Up Last" configuration option
 for each message in the batch. This is looked up once for the entire batch.
 Its value is completely ignored, it is purely there to have side effects.
 If you want to use it, read CustomConfig.pm.

 Location and full command of the "antiword" program
 Using a ruleset here, you could have different output styles for
 different people.
 This can also be the filename of a ruleset.

 The maximum length of time the "antiword" command is allowed to run for 1
 Word document (in seconds)

 Space-separated list of any combination of
 1. email addresses to which mail should be forwarded,
 2. directory names where you want mail to be stored,
 3. file names (they must already exist unless "Missing Mail Archive Is =
    directory" is set below) which mail will be appended
    in "mbox" format suitable for importing into most mail systems.

 Any of the items above can contain 3 magic strings, which are subsituted
 as follows:
 _DATE_       will be replaced with the current date in yyyymmdd format.
              This will make archive-rolling and maintenance much easier,
              as you can guarantee that yesterday's mail archive will not
              be in active use today.
 _TOUSER_     will be replaced with the left-hand side of the email
              address of each of the recipients in turn.
 _TODOMAIN_   will be replaced with the right-hand side of the email
              address of each of the recipients in turn.
 _FROMUSER_   will be replaced with the left-hand side of the email
              address of the sender.
 _FROMDOMAIN_ will be replaced with the right-hand side of the email
              address of the sender.

 If you give this option a ruleset, you can control exactly whose mail
 is archived or forwarded. If you do this, beware of the legal implications
 as this could be deemed to be illegal interception unless the police have
 asked you to do this.

 Note: This setting still works even if "Scan Messages" is no.

Archive Mail = /var/spool/MailScanner/archive

 Normally, you would only want to attach the image to messages with an
 HTML part, as plain text messages clearly cannot display an image.
 However, if you find some other use for this feature, you may want to
 attach an image to a message which is just text.
 See "Attach Image To Signature" for notes on how to use this.
 This can also be the filename of a ruleset.

 If you are using HTML signatures, you can embed an image in the signature.
 For the filename(s) of the image, see the settings "Signature Image
 Filename" and "Signature Image <img> Filename".
 In your HTML, you must refer to the image with an HTML tag that looks like:
     <img alt="MailScanner Signature" src="cid:signature.jpg">
 where "signature.jpg" is the name of the image set in the
 "Signature Image <img> Filename" setting above. If used correctly, Mail-
 Scanner will notice if the image is already present and not add it again.
 
 This can also be the filename of a ruleset.

 What character set do you want to use for the attachment that
 replaces viruses (VirusWarning.txt)?
 The default is ISO-8859-1 as even Americans have to talk to the
 rest of the world occasionally :-)
 This can also be the filename of a ruleset.

 Attachments whose filenames end in these strings will not be zipped.
 This can also be the filename of a ruleset.

 If the original total size of all the attachments to be compressed is
 less than this number of bytes, they will not be zipped at all.
 This can also be the filename of a ruleset.

 If the attachments are to be compressed into a single zip file,
 this is the filename of the zip file.
 This can also be the filename of a ruleset.

 When a virus or attachment is replaced by a plain-text warning,
 and that warning is an attachment, this is the filename of the
 new attachment.
 This can also be the filename of a ruleset.

 Do you want to automatically do a syntax check of the configuration files
 when MailScanner is started up? It will still start up, regardless, but it
 will print plenty of errors and warnings if anything important is wrong in
 your setup, instead of just logging it to your system's mail logs. It does
 slightly slow down the startup of MailScanner, of course, but that is only
 done once and so it does not really matter.
 This makes it easier for novice users.
 This cannot be a ruleset, only a simple value.

 Should encrypted messages be blocked?
 This is useful if you are wary about your users sending encrypted
 messages to your competition.
 This can be a ruleset so you can block encrypted message to certain domains.

 Should unencrypted messages be blocked?
 This could be used to ensure all your users send messages outside your
 company encrypted to avoid snooping of mail to your business partners.
 This can be a ruleset so you can just check mail to certain users/domains.

 When you bounce a spam message back to the sender, do you want to
 encapsulate it in another message, rather like the "attachment" option
 when delivering spam to the original recipient?
 NOTE: If you enable this option, be sure to whitelist your local server
       ie. 127.0.0.1 as otherwise the spam bounce message will be detected
       as spam again, which will cause another spam bounce and so on
       until your mail queues fill up and your server crashes!
 This can also be the filename of a ruleset.

 Many naive spammers send out the same message to lots of people.
 These messages are very likely to have roughly the same SpamAssassin score.
 For extra speed, cache the SpamAssassin results for the messages
 being processed so that you only call SpamAssassin once for all of the
 messages.
 This can also be the filename of a ruleset.

 Normally, you can still get the filenames out of a password-protected
 archive, despite the encryption. So by default filename checks are still
 done on these files. However, some people want to suppress this checking
 as they allow a few people to receive password-protected archives that
 contain things such as .exe's as part of their business needs. This option
 can be used to suppress filename checks inside password-protected archives.
 This can also be the filename of a ruleset.

 If the message sender is on any of the Spam Lists, do you still want
 to do the SpamAssassin checks? Setting this to "no" will reduce the load
 on your server, but will stop the High Scoring Spam Actions from ever
 happening.
 This can also be the filename of a ruleset.

 Enable this feature if you have more then one Mailscanner installation
 (or you have a trust relationship with another Mailscanner user). An
 example would be a secondary MX with MailScanner installed which relays
 to the primary MX for delivery. For this to work you need to use the
 same value for "Watermark Header", and have the same "Watermark Secret".

 This could be achieved by using a ruleset.

 This feature skips Spam Checks if the Watermark is trusted. The trust
 only works between servers so will not apply to replies to emails.

 If the Watermark has expired or is invalid then the message is processed
 as normal.
 This can also be the filename of a ruleset.

 Do you want to check watermarks?
 This can also be the filename of a ruleset.

 There are now sets of signatures available from places such as
 www.sanesecurity.co.uk which use ClamAV to detect spam. Some of these
 signatures rely on being passed the whole message as one file. By setting
 this option to "yes", each entire message is written out to the scanning
 area, thus enabling these signatures to work reliably.
 It has a slight speed impact but is worth it for the extra spam-spotting
 ability.

 This option cannot be the filename of a ruleset, it must be "yes" or "no".

 ClamAVModule only: set limits when scanning for viruses.

 The maximum recursion level of archives,
 The maximum number of files per batch,
 The maximum file of each file,
 The maximum compression ratio of archive.
 These settings *cannot* be the filename of a ruleset, only a simple number.

 Clamd only: configuration options for using the clamd daemon.
 1. The port to use when communicating with clamd via TCP connection
 2. The Socket, or IP to use for communicating with the clamd Daemon.
    You enter either the full path to the UNIX socket file or the IP
    address the daemon is listening on.
 3. The ClamD Lock file should be created by clamd init script in most
    cases. If it is not then the entry should be blank.
 4. If MailScanner is running on a system with more then 1 CPU core (or
    more than 1 CPU) then you can set "Clamd Use Threads" to "yes" to
    speed up the scanning, otherwise there is no advantage and it should
    be set to "no".

 None of these options can be the filenames of rulesets, they must be just
 simple values.

 Set the "Mail Header" to these values for clean/infected/disinfected messages.
 This can also be the filename of a ruleset.

 If an attachment triggered a content check, but there was nothing
 else wrong with the message, do you want to modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This makes filtering in Outlook very easy.
 This can also be the filename of a ruleset.

 This is the text to add to the start of the subject if the
 "Content Modify Subject" option is set.
 You might want to change this so your users can see at a glance
 whether it just was just the content that MailScanner rejected.
 This can also be the filename of a ruleset.

 This option interacts with the "Allow ... Tags" options above like this:

 Allow...Tags    Convert Danger...    Action Taken on HTML Message
 ============    =================    ============================
    no              no                Blocked
    no              yes               Blocked
    disarm          no                Specified HTML tags disarmed
    disarm          yes               Specified HTML tags disarmed
    yes             no                Nothing, allowed to pass
    yes             yes               All HTML tags stripped

 If an "Allow ... Tags = yes" is triggered by a message, and this
 "Convert Dangerous HTML To Text" is set to "yes", then the HTML
 message will be converted to plain text.  This makes the HTML
 harmless, while still allowing your users to see the text content
 of the messages.  Note that all graphical content will be removed.

 This can also be the filename of a ruleset, so you can make this apply
 only to specific users or domains.

 Do you want to convert all HTML messages into plain text?
 This is very useful for users who are children or are easily offended
 by nasty things like pornographic spam.
 This can also be the filename of a ruleset, so you can switch this
 feature on and off for particular users or domains.

 This file lists all the countries that use 2nd-level and 3rd-level
 domain names to classify distinct types of website within their country.
 This cannot be the name of a ruleset, it is just a simple setting.

 Where to put the code for your "Custom Functions". No code in this
 directory should be over-written by the installation or upgrade process.
 All files starting with "." or ending with ".rpmnew" will be ignored,
 all other files will be compiled and may be used with Custom Functions.

 How long should the custom spam scanner take to run? If it takes more
 seconds than this, then it should be considered to have crashed and
 should be killed. This stops denial-of-service attacks.

 The total number of Custom Spam Scanner attempts during which "Max
 Custom Spam Scanner Timeouts" will cause the Custom Spam Scanner to
 be marked as "unavailable". See the previous comment for more information.
 The default values of 10 and 20 mean that 10 timeouts in any sequence of
 20 attempts will trigger the behaviour described above, until the next
 periodic restart (see "Restart Every").

 Do you want to scan the messages for potentially dangerous content?
 Setting this to "no" will disable all the content-based checks except
 Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
 This can also be the filename of a ruleset.

 Set Debug to "yes" to stop it running as a daemon and just process
 one batch of messages and then exit.

 Do you want to debug SpamAssassin from within MailScanner?

 Setting this to yes means that spam found in the blacklist is treated
 as "High Scoring Spam" in the "Spam Actions" section below. Setting it
 to no means that it will be treated as "normal" spam.
 This can also be the filename of a ruleset.

 Set where to find the message text sent to users when one of their
 attachments has been deleted from a message.
 These can also be the filenames of rulesets.

 Do you want to deliver messages once they have been cleaned of any
 viruses?
 By making this a ruleset, you can re-create the "Deliver From Local"
 facility of previous versions.

 Should I attempt to disinfect infected attachments and then deliver
 the clean ones. "Disinfection" involves removing viruses from files
 (such as removing macro viruses from documents). "Cleaning" is the
 replacement of infected attachments with "VirusWarning.txt" text
 attachments.
 Less than 1% of viruses in the wild can be successfully disinfected,
 as macro viruses are now a rare occurrence. So the default has been
 changed to "no" as it gives a significant performance improvement.

 This can also be the filename of a ruleset.

 When attempting delivery of outgoing messages, should we do it in the
 background or wait for it to complete? The danger of doing it in the
 background is that the machine load goes ever upwards while all the
 slow sendmail processes run to completion. However, running it in the
 foreground may cause the mail server to run too slowly.

 Some versions of Microsoft Outlook generate unparsable Rich Text
 format attachments. Do we want to deliver these bad attachments anyway?
 Setting this to yes introduces the slight risk of a virus getting through,
 but if you have a lot of troubled Outlook users you might need to do this.
 We are working on a replacement for the TNEF decoder.
 This can also be the filename of a ruleset.

 Attempt immediate delivery of messages, or just place them in the outgoing
 queue for the MTA to deliver when it wants to?
      batch -- attempt delivery of messages, in batches of up to 20 at once.
      queue -- just place them in the queue and let the MTA find them.
 This can also be the filename of a ruleset. For example, you could use a
 ruleset here so that messages coming to you are immediately delivered,
 while messages going to any other site are just placed in the queue in
 case the remote delivery is very slow.

 Deny any attachment MIME types matching any of the patterns listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filetype of a ruleset.

 Deny any attachment filenames matching any of the patterns listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filename of a ruleset.

 Deny any attachment filetypes matching any of the patterns listed here.
 If this setting is empty, it is ignored and no matches are made.
 This can also be the filetype of a ruleset.

 Do you want the full spam report, or just a simple "spam / not spam" report?

 If HTML tags in the message were "disarmed" by using the HTML "Allow"
 options above with the "disarm" settings, do you want to modify the
 subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This can also be the filename of a ruleset.

 This is the text to add to the start of the subject if the
 "Disarmed Modify Subject" option is set.
 This can also be the filename of a ruleset.

 Set where to find the message text sent to users explaining about the
 attached disinfected documents.
 This can also be the filename of a ruleset.

 If any of these headers exist, then the message is actually a reply and
 so we may not want to sign it with an HTML signature. Plain text sig-
 natures will still apply, but HTML signatures, which may include an image,
 will not.
 By default, this feature is disabled by specifying no header names.
 This should be a space or comma-separated list of header names.
 This can also be the filename of a ruleset.

 You can use this ruleset to enable the "bounce" Spam Action.
 You must *only* enable this for mail from sites with which you have
 agreed to bounce possible spam. Use it on low-scoring spam only (<10)
 and only to your regular customers for use in the rare case that a
 message is mis-tagged as spam when it shouldn't have been.
 Beware that many sites will automatically delete the bounce messages
 created by using this option unless you have agreed this with them in
 advance.
 If you enable this, be prepared to handle the irate responses from
 people to whom you are essentially sending more spam!

 This is the name of the Envelope From header
 controlled by the option above.
 This can also be the filename of a ruleset.

 This is the name of the Envelope To header
 controlled by the option above.
 This can also be the filename of a ruleset.

 Expand TNEF attachments using an external program (or a Perl module)?
 This should be "yes" unless the scanner you are using (Sophos, McAfee) has
 the facility built-in. However, if you set it to "no", then the filenames
 within the TNEF attachment will not be checked against the filename rules.

 Where the "file" command is installed.
 This is used for checking the content type of files, regardless of their
 filename.
 To disable Filetype checking, set this value to blank.

 If an attachment triggered a filename check, but there was nothing
 else wrong with the message, do you want to modify the subject line?
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This makes filtering in Outlook very easy.
 This can also be the filename of a ruleset.

 
 Set where to find the attachment filename ruleset.
 The structure of this file is explained elsewhere, but it is used to
 accept or reject file attachments based on their name, regardless of
 whether they are infected or not.

 This can also point to a ruleset, but the ruleset filename must end in
 ".rules" so that MailScanner can determine if the filename given is
 a ruleset or not!

 This is the text to add to the start of the subject if the
 "Filename Modify Subject" option is set.
 You might want to change this so your users can see at a glance
 whether it just was just the filename that MailScanner rejected.
 This can also be the filename of a ruleset.

 The maximum length of time the "file" command is allowed to run for 1
 batch of messages (in seconds).

 Set where to find the attachment filetype ruleset.
 The structure of this file is explained elsewhere, but it is used to
 accept or reject file attachments based on their content as determined
 by the "file" command, regardless of whether they are infected or not.

 This can also point to a ruleset, but the ruleset filename must end in
 ".rules" so that MailScanner can determine if the filename given is
 a ruleset or not!

 To disable this feature, set this to just "Filetype Rules =" or set
 the location of the file command to a blank string.

 Find zip archives by filename or by file contents?
 Finding them by content is a far more reliable way of finding them, but
 it does mean that you cannot tell your users to avoid zip file checking
 by renaming the file from ".zip" to "_zip" and tricks like that.
 Only set this to no (i.e. check by filename only) if you don't want to
 reliably check the contents of zip files. Note this does not affect
 virus checking, but it will affect all the other checks done on the contents
 of the zip file.
 This can also be the filename of a ruleset.

 Do you want to check for "Phishing" attacks?
 These are attacks that look like a genuine email message from your bank,
 which contain a link to click on to take you to the web site where you
 will be asked to type in personal information such as your account number
 or credit card details.
 Except it is not the real bank's web site at all, it is a very good copy
 of it run by thieves who want to steal your personal information or
 credit card details.
 These can be spotted because the real address of the link in the message
 is not the same as the text that appears to be the link.
 Note: This does cause extra load, particularly on systems receiving lots
       of spam such as secondary MX hosts.
 This can also be the filename of a ruleset.

 A few viruses store their infected data in UU-encoded files, to try to
 catch out virus scanners. This rarely succeeds at all.
 Setting this option to yes means that you can apply filename and filetype
 checks to the contents of UU-encoded files. This may occasionally be
 useful, in which case you should set to yes.
 This can also be the filename of a ruleset.

 Do the spam checks first, or the MCP checks first?
 This cannot be the filename of a ruleset, only a fixed value.

 Options specific to F-Protd-6 Anti-Virus
 ----------------------------------------

 This is the port number used by the local fpscand daemon. 10200 is the
 default value used by the F-Prot 6 installation program, and so should
 be correct.
 This option cannot be the filename of a ruleset, it must be a number.

 Where the "gunzip" command is installed.
 This is used for expanding .gz files.
 To disable gzipped file checking, set this value to blank
 and the timeout to 0.

 The maximum length of time the "gunzip" command is allowed to run to expand
 1 attachment file (in seconds).

 Hide the directory path from all virus scanner reports sent to users.
 The extra directory paths give away information about your setup, and
 tend to just confuse users.
 This can also be the filename of a ruleset.

 Hide the directory path from all the system administrator notices.
 The extra directory paths give away information about your setup, and
 tend to just confuse users but are still useful for local sys admins.
 This can also be the filename of a ruleset.

 If a phishing fraud is detected, do you want to highlight the tag with
 a message stating that the link may be to a fraudulent web site.
 This can also be the filename of a ruleeset.

 This is just like the "Spam Actions" option above, except that it applies
 when the score from SpamAssassin is higher than the "High SpamAssassin Score"
 value.
    deliver                 - deliver the message as normal
    delete                  - delete the message
    store                   - store the message in the (spam) quarantine
    store-nonmcp            - store the message in the non-MCP quarantine
    store-mcp               - store the message in the MCP quarantine
    store-nonspam           - store the message in the non-spam quarantine
    store-spam              - store the message in the spam quarantine
    store-<directory-path>  - store the message in the <directory-path>
    forward user@domain.com - forward a copy of the message to user@domain.com
                              See the note below about the keywords that
                              can be used.
    striphtml               - convert all in-line HTML content to plain text.
                              You need to specify "deliver" as well for the
                              message to reach the original recipient.
    attachment              - Convert the original message into an attachment
                              of the message. This means the user has to take
                              an extra step to open the spam, and stops "web
                              bugs" very effectively.
    notify                  - Send the recipients a short notification that
                              spam addressed to them was not delivered. They
                              can then take action to request retrieval of
                              the original message if they think it was not
                              spam.
    header "name: value"    - Add the header
                                name: value
                              to the message. name must not contain any spaces.
    custom(parameter)       - Call the CustomAction function in /usr/lib/Mail-
                              Scanner/MailScanner/CustomFunctions/CustomAction
                              .pm with the 'parameter' passed in. This can be
                              used to implement any custom action you require.

 "forward" keywords
 ==================
 In an email address specified in the "forward" action, several keywords can
 be used which will be substituted with various properties of the message:
 _FROMUSER_   The left-hand side of the address of the sender.
 _FROMDOMAIN_ The right-hand side of the address of the sender.
 _TOUSER_     The left-hand side of each of the recipients in turn.
 _TODOMAIN_   The right-hand side of each of the recipients in turn.
 _DATE_       The date the message was received by MailScanner.
 This means that you can forward messages to email addresses which show the
 original recipients of the message, which could be very useful when
 delivering into spam archive management systems.

 The default value I have set here enables Thunderbird to automatically
 handle spam when set to trust the "SpamAssassin" headers.

 This can also be the filename of a ruleset, in which case the filename
 must end in ".rule" or ".rules".

 This is just like the "Spam Modify Subject" option above, except that
 it applies when the score from SpamAssassin is higher than the
 "High SpamAssassin Score" value.
 This can be 1 of 4 values:
      no    = Do not modify the subject line, or
      start = Add text to the start of the subject line, or
      yes   = Add text to the start of the subject line, or
      end   = Add text to the end of the subject line.
 This can also be the filename of a ruleset.

 This is just like the "Spam Subject Text" option above, except that
 it applies when the score from SpamAssassin is higher than the
 "High SpamAssassin Score" value.
 The exact string "_SCORE_" will be replaced by the numeric
 SpamAssassin score.
 The exact string "_STARS_" will be replaced by a row of stars
 whose length is the SpamAssassin score.
 This can also be the filename of a ruleset.

 If a message achieves a SpamAssassin score higher than this value,
 then the "High Scoring Spam Actions" are used. You