# Shortcircuit config - supplements 60_shortcircuit.cf
# see <https://wiki.apache.org/spamassassin/ShortcircuitingRuleset>
#
# Note that these rules use a variety of normally-optional plugins; you need to
# enable the DK, DKIM, SPF, Shortcircuit, ClamAV, and VBounce plugins to use
# them.

ifplugin Mail::SpamAssassin::Plugin::Shortcircuit

# always log shortcircuit status
add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"

# simple, non-network-based whitelists, locally-generated messages,
# messages via a trusted relay chain
meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED)
priority SC_HAM -1000
shortcircuit SC_HAM ham
score SC_HAM -20

# simple, non-network based blacklists
meta SC_SPAM (USER_IN_BLACKLIST_TO||USER_IN_BLACKLIST)
priority SC_SPAM -950
shortcircuit SC_SPAM spam
score SC_SPAM 20

# slower, network-based whitelisting
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||USER_IN_DEF_SPF_WL)
priority SC_NET_HAM -500
shortcircuit SC_NET_HAM ham
score SC_NET_HAM -20

# bounce messages from non-whitelisted relays: unwanted, so treat as spam
# (requires whitelist_bounce_relays to be set in local.cf)
priority ANY_BOUNCE_MESSAGE -700
shortcircuit ANY_BOUNCE_MESSAGE spam
score ANY_BOUNCE_MESSAGE 20

# ClamAV support: no need to scan viruses/malware
priority CLAMAV -900
shortcircuit CLAMAV spam
score CLAMAV 20

# add additional DK/SPF whitelists
whitelist_from_dk *@never-spams.example.org
whitelist_from_spf *@never-spams.example.org

endif