RELAYDB(8)		OpenBSD System Manager's Manual		    RELAYDB(8)

NAME
     relaydb - spam relay database

SYNOPSIS
     relaydb [-46bdlnrvw] [-B [+-]num] [-W [+-]num] [-m [+-]days] [-f
	     filename] [-i filename] [-t filename]

DESCRIPTION
     relaydb is a mail header analyzer that builds a database of IP addresses
     either known as legitimate senders or spammers.

     relaydb doesn't itself classify mails as legitimate or spam, that deci-
     sion needs to be reached through other means.  Neither does relaydb block
     spam itself.  It merely provides a list of IP addresses to block through
     other means, like spamd(8) and pf(4).

     relaydb reads a single mail from stdin, analyzes the Received: header
     lines and updates blacklist and whitelist counters for each IP address.

     The options are as follows:

     -4	     Use only IPv4 addresses, ignoring IPv6 addresses.

     -6	     Use only IPv6 addresses, ignoring IPv4 addresses.

     -b	     Blacklist the sender of the mail.

     -w	     Whitelist the sender of the mail.

     -B [+-]num
	     Match addresses based on blacklist counter.  +num matches coun-
	     ters larger than num, -num matches counters smaller than num, num
	     matches counters equal to num.

     -W [+-]num
	     Match addresses based on whitelist counter.

     -d	     Delete addresses from the database that match the criteria im-
	     posed by flags -46bwBWm.

     -f filename
	     Database file, defaults to $HOME/.relaydb if not specified.

     -i filename
	     Import a plain text file into the database.  The format must
	     match that of relaydb -vl output, only the last field (last modi-
	     fication time) is optional, defaulting to the current time.

     -l	     List the IP addresses of the database.  If -b is specified, only
	     hosts considered spammers are listed.  If -w is specified, only
	     hosts considered non-spammers are listed.	Otherwise, all hosts
	     are listed.

     -m [+-]num
	     Match addresses based on their last modification time.  The last
	     modification time of an address is set to the current time when
	     the address is inserted and whenever an address' counters are
	     changed.  +num matches last modified more than num days ago, -num
	     matches less than num days ago, and num matches exactly num days
	     ago.

     -n	     Don't read past the first Received: header.  By default, relaydb
	     will process all Received: headers as long as the previous header
	     contained an address of a host in the whitelist, trusting the
	     previous host to not have inserted a fake Received: header.  This
	     is useful to blacklist senders that send spam through mailing
	     list servers (or other known-good relays), but allows an attacker
	     to first establish a new whitelist entry for a new host, then
	     send spam from the same address, faking further Received: head-
	     ers, to cause relaydb to blacklist those addresses, causing a de-
	     nial of service for these addresses.

     -r	     Revert a previously made decision.	 For instance, if a mail has
	     been run through relaydb -b by mistake, running the same mail
	     through relaydb -rb will correct the mistake.  This merely re-
	     verts the first run, it doesn't count the mail as the opposite
	     type.  To achieve this, the same mail has to be run through
	     relaydb -w additionally.

     -t filename
	     Parse a spamd syslog file and increase the last modification time
	     of matching database entries to the time of the most recent spamd
	     connection.  The file is expected to have the following format,
	     other lines are ignored:

	     Nov 20 09:32:19 host spamd[123]: 12.24.56.78: connected (1)

     -v	     Produce more verbose output.

     Using procmail recipes like the following ones, each incoming mail can be
     run through a spam classifier (SpamAssassin, for instance) which tags any
     detected spam with a X-Spam-Status: header.  After tagging, all mails are
     piped through relaydb with either the -b or -w option, to update the
     database.

	     :0fw
	     | /usr/local/bin/spamc
	     :0c
	     * ^X-Spam-Status: Yes
	     | /usr/local/bin/relaydb -b
	     :0:
	     * ^X-Spam-Status: Yes
	     in-x-spam

	     :0c
	     | /usr/local/bin/relaydb -w

EXAMPLES
       analyze mail and increase sender's blacklist counter
       $ cat mail | relaydb -b

       undo mistaken blacklist counter increment
       $ cat mail | relaydb -rb

       list whitelist entries which have blacklist counters > 100
       $ relaydb -vlw -B +100

       update last modification times of hosts that connected to
       spamd recently
       $ relaydb -t /var/log/daemon

       delete all blacklist entries with zero whitelist counters
       that haven't been updated within a month
       $ relaydb -db -W 0 -m +30

SEE ALSO
     pf.conf(5), pfctl(8), spamd(8), spamd-setup(8)

HISTORY
     The relaydb command appeared in OpenBSD 3.3.

OpenBSD 3.4			  Jan 8, 2003				     2