PathToVadeRetro = {path to file}

Path to the VadeRetro anti-spam library.

It is possible to enable dynamic updates with Dr.Web Updater component. It will download a new library version, replace the old library with it and send SIGHUP signal to drweb-maild process.

FullCheck = {logical}

The parameter determines strategy of message check for spam. If the parameter is set to No, a message is checked for spam only if the total sum of "positive" message scores (for example, scores given is the message sender is specified in the white list) is under the threshold set in the VadeRetro library. Otherwise (if the parameter value is set to Yes), a message is checked for all spam attributes, regardless of the total value of its "positive" scores.

Please note that enabled full check (when Fullcheck = Yes) can slow down the overall operation speed.

Also if this parameter value is set to Yes, specifying the message sender in the white list (see below) might have no effect: the message can be classified as spam based on the analysis of its inner content, even if its sender belongs to the white list.

NoHamFrom = {logical}

Yes value of this parameter disables check of messages sent to the addresses specified in the embedded ham list of VadeRetro library (for example, nospam@domain.ru).

AddXHeaders = {logical}

Add X-Drweb-SpamState  and X-Drweb-SpamScore headers to a message.

The first one contains information whether or not a message is spam. The second one contains the total message  score after full check.

AddVersionHeader = {logical}

Add X-Drweb-SpamVersion  header with information on Vaderetro version.

AddXDrwebSpamStateNumHeader = {logical}

Add X-Drweb-SpamState-Num  header to a message.

It includes numerical value assigned by the VadeRetro library according to the classification results (a message can be classified as one of the following):

•0  - this message is not spam;

•1  - this message is spam;

•2  - this message is infected with virus;

•3  - this is DSN.

AddXSpamLevel = {logical}

Add X-Spam-Level header to a message. It consists of * symbols.

Each * symbol means 10 score points.

For example, message with 110 score points will get X-Spam-Level: *********** header.

CheckForViruses = {logical}

Enable heuristic check for viruses by the VadeRetro library.

Upon detection of a virus, the library classifies the message to group 2.

CheckDelivery = {logical}

Enable spam check for those messages that are classified by the VadeRetro library as DSN (messages of group 3).

If spam attributes are found, the message is classified to group 1.

AllowRussian = {logical}

Determines whether to add extra scores to a message with Cyrillic text (if the value is set to Yes, the scores are not added).

AllowCJK = {logical}

Determines whether to add extra scores to a message with Chinese, Japanese or Korean text or not  (if the value is set to Yes, the scores are not added).

WhiteList = {LookupLite}

White list of sender addresses.

Sender addresses are taken from Return-Path and From headers of an email message. If an email message does not contain the headers or there is one or more empty strings before the From field, then sender address is not searched in the white list. If a message contains more than one From field, the address is taken from the first field.

It is allowed to use search templates (wildcards) *@<domain> as elements of the list. For example, *@mycompany.com string matches all addresses from domain mycompany.com.

Specified domains must be FQDN.

If the sender's address specified in the From field is in the white list, the message score is decreased by 5 000 points. If the addresses specified in the both fields (From and Return-Path) are from the white list, the message score is decreased by 10 000 points

Please note the following features of white list processing:

1.White list is not sorted, so it is possible that the same address is accidentally repeated in the list. In this case, the total message score is decreased by 5 000 points each time, the address (from the Return-Path and From fields ) is specified in the list (for example, if the address is found 3 times in the list – the score will be decreased by 15 000 points).

2.If the sender's domain (from the Return-Path and From fields) equals to the receiver's domain (from the To: field ), and this domain is specified in the white list as a wildcard (*@<domain>), then the sender's address is not checked (and the message score is not changed). The same behaviour happens if the sender's and recipient's addresses are equal and specified in the white list.

3.If the sender's domain <domain1> is not equal to the recipient's domain <domain2> and both of the domains are presented in the white list as wildcards (*@<domain1> and *@<domain2> respectively), then the sender's address is checked, and the message score is decreased by 10 000 points. The same behaviour happens if the sender's and recipient's addresses are different and both are specified in the white list.

Please note that if FullCheck = Yes, this parameter might have no effect: if a message is considered spam according to its content analysis results, the scores assigned by this parameter are ignored and will not be subtracted from the total message score (see above)!

Please note that the parameter value is LookupLite.

Example:

hello@myneighbourhood.co.uk

*@mycompany.com

BlackList = {LookupLite}

Black list of senders.

Similar to the WhiteList parameter.

Specified domains must be FQDN.

If the sender's address from is found in the black list, the message score is increased by 5 000 points. If the addresses from both fields (Return-Path and From) are specified in the black list, the message score is increased by 10 000 points.

Please note the following features of black list processing:

1.Black list is not sorted, so it is possible that the same address is accidentally repeated in the list.  In this case, the total message score is increased by 5 000 points each time the address (from the Return-Path and From fields ) is specified in the list (for example, if the address is found 3 times in the list – the score will be increased by 15 000 points).

2.If the sender's domain equals to the recipient's domain and the domain is specified in the black list as a wildcard (*@<domain>), the sender address is checked (and message score is changed).  The same behaviour happens if the sender's address equals to the recipient's address and is specified in the black list.

Please note that the parameter value is LookupLite.

SpamThreshold = {числовое значение}

The parameter value is a threshold for the total message score. If the score of a message is greater than or equal to the specified threshold, the message is identified as spam by Vaderetro plug-in and X-Drweb-SpamState header is set to Yes.

If the message score is greater than or equal to the SpamThreshold parameter value, but is less than the value of the UnconditionalSpamThreshold parameter (see below), the action specified in the Action parameter is applied and the text specified in the SubjectPrefix parameter is added to the message subject (see below).

SpamThreshold parameter value must be less than or equal to the value of the UnconditionalSpamThreshold parameter.

Please note that Vaderetro plug-in classifies a message as spam or not spam only according to the ratio of the message score to the SpamThreshold value. At that, the class to which VadeRetro classified the message is not taken into account. For example, a message can be considered as spam by the library and classified to group 1, but if its score, assigned by the library, is less than the specified threshold, the message is not indicated as spam by Vaderetro plug-in (X-Drweb-SpamState header is set to No) and thus, the action specified for spam messages is not applied to it.

UnconditionalSpamThreshold = {numerical value}

The parameter value is a threshold for the total message score. If a message score is greater than or equal to this parameter value, the message is identified as unconditional spam and X-Drweb-SpamState header is set to Yes

In this case, action specified in the UnconditionalAction parameter is applied to the message and the text specified in the UnconditionalSubjectPrefix parameter is added to the message subject (see below).

Value specified in the UnconditionalSpamThreshold parameter must be greater than or equal to the value of the SpamThreshold parameter.

Action = {actions}

Actions to be applied to a message which was identified as spam by Vaderetro plug-in.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, reject, discard, tempfail.

Additional actions are:

quarantine, redirect, add-header, score.

UnconditionalAction = {actions}

Actions to be applied to a message which was identified as unconditional spam by Vaderetro plug-in.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are

pass, reject, discard, tempfail.

Optional actions are:

quarantine, redirect, add-header, score.

NotifyAction = {actions}

Actions applied to a message which was identified as spam or unconditional spam by Vaderetro plug-in according to the message score, and, moreover, classified as DSN (message of group 3) by the VadeRetro library.

In addition to one mandatory action, you can specify several optional actions.

Mandatory actions are:

pass, reject, discard, tempfail.

Additional actions are:

quarantine, redirect, add-header, score.

SubjectPrefix = {text}

Prefix added to the message subject, if the message is identified as spam by Vaderetro plug-in according to the message score (the message score must be greater than or equal to the SpamThreshold parameter value).

See also a note below the table.

UnconditionalSubjectPrefix = {text}

Prefix added to the message subject, if the message is identified as unconditional spam by Vaderetro plug-in according to the message score (the message score must be greater than or equal to the UnconditionalSpamThreshold parameter value).

It is added, when a message score is greater than the UnconditionalSpamThreshold parameter value.

See also a note below the table.

NotifySubjectPrefix = {text}

Prefix added to the message subject, if the message is identified as spam or unconditional spam by Vaderetro plug-in according to the message score, and, moreover, classified as DSN (message of group 3) by the VadeRetro library.

See also a note below the table.

FromProtectedNetworkScoreAdd = {numerical value}

If a message is sent from a protected network (specified in the ProtectedNetworks list in the [Maild] section of the main Dr.Web MailD configuration file), the message score increases by the specified value (the value may be negative).

If you want to disable this function, specify 0 as a value of this parameter.

UseReplyCache = {Yes | No}

Manages the ProtectedNetworkReplyCacheLifeTime and ReplyToProtectedNetworkScoreAdd parameters (enables and disables use of reply_cache).

This cache is used as temporary storage of the message data (addresses of all its recipients) to consider the data while checking the message for spam. It is to be sent in reverse direction in reply to the checked messages (with the Reply-to header).

If the value is set to Yes, reply_cache storage is used.

ProtectedNetworkReplyCacheLifeTime = {time}

Time period to store data on a message in reply_cache if the sender's address is in the ProtectedNetworks list ([Maild] section of the main Dr.Web MailD configuration file).

If an added address is already in reply_cache, the entry is updated.

ReplyToProtectedNetworkScoreAdd = {numerical value}

Value that must be added to the current message score if the message sender is in reply_cache.

The added value can be negative (to decrease the score). If you want to disable this function, specify 0 as a value of this parameter. Moreover, if reply_cache is disabled (that is, UseReplyCache = No), the sender will never be found there and any value specified for this parameter, in fact, is not used.