1 |
Hey everyone. I just today updated to amavisd-new 2.4.1 and am having a |
2 |
problem that I cannot solve. |
3 |
|
4 |
Here's my forum post about it: |
5 |
|
6 |
http://forums.gentoo.org/viewtopic-p-4171870.html#4171870 |
7 |
|
8 |
If anybody has any ideas, let me know. It's listening properly but not |
9 |
scanning anything at all. |
10 |
|
11 |
Here's my entire amavisd.conf file if anyone has any ideas. |
12 |
|
13 |
|
14 |
|
15 |
use strict; |
16 |
|
17 |
# Sample configuration file for amavisd-new (traditional style, chatty, |
18 |
# you may prefer to start with the more concise supplied amavisd.conf) |
19 |
# |
20 |
# See amavisd.conf-default for a list of all variables with their defaults; |
21 |
# for more details see documentation in INSTALL, README_FILES/* |
22 |
# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html |
23 |
|
24 |
# This software is licensed under the GNU General Public License (GPL). |
25 |
# See comments at the start of amavisd-new for the whole license text. |
26 |
|
27 |
#Sections: |
28 |
# Section I - Essential daemon and MTA settings |
29 |
# Section II - MTA specific |
30 |
# Section III - Logging |
31 |
# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine |
32 |
# Section V - Per-recipient and per-sender handling, whitelisting, etc. |
33 |
# Section VI - Resource limits |
34 |
# Section VII - External programs, virus scanners, SpamAssassin |
35 |
# Section VIII - Debugging |
36 |
# Section IX - Policy banks (dynamic policy switching) |
37 |
|
38 |
#GENERAL NOTES: |
39 |
# This file is a normal Perl code, interpreted by Perl itself. |
40 |
# - make sure this file (or directory where it resides) is NOT WRITABLE |
41 |
# by mere mortals (not even vscan/amavis; best to make it owned by root), |
42 |
# otherwise it can represent a severe security risk! |
43 |
# - for values which are interpreted as booleans, it is recommended |
44 |
# to use 1 for true, and 0 or undef or '' for false; |
45 |
# Note that this interpretation of boolean values does not apply directly |
46 |
# to LDAP and SQL lookups, which follow their own rules - see |
47 |
README.lookups |
48 |
# and README.ldap (in short: use Y/N in SQL, and TRUE/FALSE in LDAP); |
49 |
# - Perl syntax applies. Most notably: strings in "" may include variables |
50 |
# (which start with $ or @); to include characters $ and @ and \ in |
51 |
double |
52 |
# quoted strings precede them by a backslash; in single-quoted strings |
53 |
# the $ and @ lose their special meaning, so it is usually easier to use |
54 |
# single quoted strings (or qw operator) for e-mail addresses. |
55 |
# In both types of quoting a backslash should to be doubled. |
56 |
# - variables with names starting with a '@' are lists, the values assigned |
57 |
# to them should be lists too, e.g. ('one@foo', $mydomain, "three"); |
58 |
# note the comma-separation and parenthesis. If strings in the list |
59 |
# do not contain spaces nor variables, a Perl operator qw() may be used |
60 |
# as a shorthand to split its argument on whitespace and produce a list |
61 |
# of strings, e.g. qw( one@foo example.com three ); Note that the |
62 |
argument |
63 |
# to qw is quoted implicitly and no variable interpretation is done |
64 |
within |
65 |
# (no '$' variable evaluations). The #-initiated comments can NOT be used |
66 |
# within a string. In other words, $ and # lose their special meaning |
67 |
# within a qw argument, just like within '...' strings. |
68 |
# - all e-mail addresses in this file and as used internally by the daemon |
69 |
# are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. |
70 |
# Bob "Funny" Dude@×××××××.com, not: "Bob \"Funny\" Dude"@example.com |
71 |
# and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'. |
72 |
# - the term 'default value' in examples below refers to the value of a |
73 |
# variable pre-assigned to it by the program; any explicit assignment |
74 |
# to a variable in this configuration file overrides the default value; |
75 |
|
76 |
|
77 |
# |
78 |
# Section I - Essential daemon and MTA settings |
79 |
# |
80 |
|
81 |
# $MYHOME serves as a quick default for some other configuration settings. |
82 |
# More refined control is available with each individual setting further |
83 |
down. |
84 |
# $MYHOME is not used directly by the program. No trailing slash! |
85 |
$MYHOME = '/var/run/amavis'; # (default is '/var/amavis') |
86 |
|
87 |
# $mydomain serves as a quick default for some other configuration settings. |
88 |
# More refined control is available with each individual setting further |
89 |
down. |
90 |
# $mydomain is never used directly by the program. |
91 |
$mydomain = 'pbp.net'; # (no useful default) |
92 |
|
93 |
# $myhostname = 'host.example.com'; # fqdn of this host, default by |
94 |
uname(3) |
95 |
$myhostname = 'mailgate.pbp.net'; |
96 |
|
97 |
# Set the user and group to which the daemon will change if started as root |
98 |
# (otherwise just keeps the UID unchanged, and these settings have no |
99 |
effect): |
100 |
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis) |
101 |
$daemon_group = 'amavis'; # (no default; customary: vscan or amavis |
102 |
or sweep) |
103 |
|
104 |
# Runtime working directory (cwd), and a place where |
105 |
# temporary directories for unpacking mail are created. |
106 |
# (no trailing slash, may be a scratch file system) |
107 |
#$TEMPBASE = $MYHOME; # (must be set if other config vars use is) |
108 |
$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean? |
109 |
|
110 |
#$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db" |
111 |
|
112 |
# $helpers_home sets environment variable HOME, and is passed as option |
113 |
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a |
114 |
directory |
115 |
# on a normal persistent file system, not a scratch or temporary file system |
116 |
#$helpers_home = $MYHOME; # (defaults to $MYHOME) |
117 |
|
118 |
# Run the daemon in the specified chroot jail if nonempty: |
119 |
#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot) |
120 |
|
121 |
$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid") |
122 |
#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock") |
123 |
|
124 |
# set environment variables if you want (no defaults): |
125 |
$ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory |
126 |
#... |
127 |
|
128 |
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and |
129 |
nanny) |
130 |
$enable_global_cache = 1; # enable use of libdb-based cache if |
131 |
$enable_db=1 |
132 |
|
133 |
# MTA SETTINGS, UNCOMMENT AS APPROPRIATE, |
134 |
# both $forward_method and $notify_method default to |
135 |
'smtp:[127.0.0.1]:10025' |
136 |
|
137 |
# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4 |
138 |
# (set host and port number as required; host can be specified |
139 |
# as an IP address or a DNS name (A or CNAME, but MX is ignored) |
140 |
#$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked |
141 |
mail |
142 |
#$notify_method = $forward_method; # where to submit |
143 |
notifications |
144 |
|
145 |
#$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl |
146 |
|
147 |
# To make it possible for several hosts to share one content checking |
148 |
daemon, |
149 |
# the IP address and/or the port number in $forward_method and |
150 |
$notify_method |
151 |
# may be spacified as an asterisk. An asterisk in the colon-separated |
152 |
# second field (host) will be replaced by the SMTP client peer address, |
153 |
# An asterisk in the third field (tcp port) will be replaced by the incoming |
154 |
# SMTP/LMTP session port number plus one. This obsoletes the previously used |
155 |
# less flexible configuration parameter $relayhost_is_client. An example: |
156 |
# $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587'; |
157 |
|
158 |
|
159 |
# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST |
160 |
# uncomment the appropriate settings below if using other setups! |
161 |
|
162 |
# SENDMAIL MILTER, using amavis-milter.c helper program: |
163 |
#$forward_method = undef; # no explicit forwarding, sendmail does it by |
164 |
itself |
165 |
# milter; option -odd is needed to avoid deadlocks |
166 |
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f |
167 |
${sender} -- ${recipient}'; |
168 |
# just a thought: can we use use -Am instead of -odd ? |
169 |
|
170 |
# SENDMAIL (old non-milter setup, as relay, deprecated): |
171 |
#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail |
172 |
-C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}'; |
173 |
#$notify_method = $forward_method; |
174 |
|
175 |
# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, |
176 |
deprecated): |
177 |
#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA |
178 |
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f |
179 |
${sender} -- ${recipient}'; |
180 |
|
181 |
# EXIM v3 (not recommended with v4 or later, which can use SMTP setup |
182 |
instead): |
183 |
#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i |
184 |
-f ${sender} -- ${recipient}'; |
185 |
#$notify_method = $forward_method; |
186 |
|
187 |
# prefer to collect mail for forwarding as BSMTP files? |
188 |
#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp"; |
189 |
#$notify_method = $forward_method; |
190 |
|
191 |
|
192 |
# Net::Server pre-forking settings |
193 |
# The $max_servers should match the width of your MTA pipe |
194 |
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the |
195 |
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp |
196 |
# |
197 |
$max_servers = 4; # number of pre-forked children (default 2) |
198 |
$max_requests = 20; # retire a child after that many accepts (default 10) |
199 |
|
200 |
$child_timeout=5*60; # abort child if it does not complete its |
201 |
processing in |
202 |
# approximately n seconds (default: 8*60 seconds) |
203 |
|
204 |
$smtpd_timeout = 120; # disconnect session if client is idle for too long |
205 |
# (default: 8*60 seconds); should be higher than a |
206 |
# Postfix setting max_idle (default 100s) |
207 |
|
208 |
# Here is a QUICK WAY to completely DISABLE some sections of code |
209 |
# that WE DO NOT WANT (it won't even be compiled-in). |
210 |
# For more refined controls leave the following two lines commented out, |
211 |
# and see further down what these two lookup lists really mean. |
212 |
# |
213 |
# @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code |
214 |
# @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code |
215 |
# |
216 |
# Any setting can be changed with a new assignment, so make sure |
217 |
# you do not unintentionally override these settings further down! |
218 |
|
219 |
# Check also the settings of @av_scanners at the end if you want to use |
220 |
# virus scanners. If not, you may want to delete the whole long assignment |
221 |
# to the variable @av_scanners and @av_scanners_backup, which will also |
222 |
# remove the virus checking code (e.g. if you only want to do spam |
223 |
scanning). |
224 |
|
225 |
|
226 |
# Lookup list of local domains (see README.lookups for syntax details) |
227 |
# |
228 |
# @local_domains_maps list of lookup tables are used in deciding whether a |
229 |
# recipient is local or not, or in other words, if the message is outgoing |
230 |
# or not. This affects inserting spam-related headers for local recipients, |
231 |
# limiting recipient virus notifications (if enabled) to local recipients, |
232 |
# in deciding if address extension may be appended, and in SQL lookups |
233 |
# for non-fqdn addresses. Set it up correctly if you need features |
234 |
# that rely on this setting (or just leave empty otherwise). |
235 |
# |
236 |
# With Postfix (2.0) a quick hint on what local domains normally are: |
237 |
# a union of domains specified in: mydestination, virtual_alias_domains, |
238 |
# virtual_mailbox_domains, and relay_domains. |
239 |
|
240 |
#@local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains |
241 |
#@local_domains_maps = ( ["."] ); # everything is local |
242 |
# @local_domains_maps = (); # default is empty list, no recip. |
243 |
considered local |
244 |
# @local_domains_maps = # using ACL lookup table |
245 |
# ( [ ".$mydomain", 'sub.example.net', '.example.com' ] ); |
246 |
# @local_domains_maps = # similar, split list elements on whitespace |
247 |
# ( [qw( .example.com !host.sub.example.net .sub.example.net )] ); |
248 |
# @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using |
249 |
regexp |
250 |
# @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash |
251 |
#@local_domains_maps = ( read_hash("/etc/postfix/relay") ); # using hash |
252 |
|
253 |
|
254 |
#or try.. |
255 |
#@local_domains_maps = ( ["."] ); # everything is local |
256 |
|
257 |
#didn't work |
258 |
#@local_domains_maps = ( '.' ); # everything is local |
259 |
|
260 |
#didn't work |
261 |
#@local_domains_maps = ( 1 ); |
262 |
|
263 |
#@local_domains_acl = qw(); |
264 |
|
265 |
# perhaps combined with Postfix: mydestination = /var/amavis/local_domains |
266 |
# for debugging purposes: dump_hash($local_domains_maps[0]); |
267 |
# |
268 |
# Section II - MTA specific (defaults should be ok) |
269 |
# |
270 |
|
271 |
#$insert_received_line = 1; # behave like MTA: insert 'Received:' |
272 |
header |
273 |
# (does not apply to sendmail/milter) |
274 |
# (default is true) |
275 |
|
276 |
# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter) |
277 |
# (used with amavis helper clients like amavis-milter.c and amavis.c, |
278 |
# NOT needed for Postfix or Exim or dual-sendmail - keep it undefined. |
279 |
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket |
280 |
#$unix_socketname = undef; # disable listening on a unix socket |
281 |
# (default is undef, i.e. disabled) |
282 |
# (usual setting is $MYHOME/amavisd.sock) |
283 |
|
284 |
# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) |
285 |
# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP) |
286 |
$inet_socket_port = 10024; # accept SMTP on this local TCP port |
287 |
# (default is undef, i.e. disabled) |
288 |
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028]; |
289 |
|
290 |
# SMTP SERVER (INPUT) access control |
291 |
# - do not allow free access to the amavisd SMTP port !!! |
292 |
# |
293 |
# when MTA is at the same host, use the following (one or the other or |
294 |
both): |
295 |
#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface |
296 |
# (default is '127.0.0.1') |
297 |
@inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP |
298 |
# (default is qw(127.0.0.1 [::1]) ) |
299 |
|
300 |
# when MTA (one or more) is on a different host, use the following: |
301 |
#@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as |
302 |
needed |
303 |
#$inet_socket_bind = undef; # bind to all IP interfaces if undef |
304 |
|
305 |
# |
306 |
# Example1: |
307 |
# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 ); |
308 |
# permit only SMTP access from loopback and rfc1918 private address space |
309 |
# |
310 |
# Example2: |
311 |
# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0 |
312 |
# 127.0.0.1 10/8 172.16/12 192.168/16 ); |
313 |
# matches loopback and rfc1918 private address space except host |
314 |
192.168.1.12 |
315 |
# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches) |
316 |
# |
317 |
# Example3: |
318 |
# @inet_acl = qw( 127/8 |
319 |
# !172.16.3.0 !172.16.3.127 172.16.3.0/25 |
320 |
# !172.16.3.128 !172.16.3.255 172.16.3.128/25 ); |
321 |
# matches loopback and both halves of the 172.16.3/24 C-class, |
322 |
# split into two subnets, except all four broadcast addresses |
323 |
# for these subnets |
324 |
|
325 |
|
326 |
# @mynetworks is an IP access list which determines if the original SMTP |
327 |
client |
328 |
# IP address belongs to our internal networks, i.e. mail is coming from |
329 |
inside. |
330 |
# It is much like the Postfix parameter 'mynetworks' in semantics and |
331 |
similar |
332 |
# in syntax, and its value should normally match the Postfix counterpart. |
333 |
# It only affects the value of a macro %l (=sender-is-local), |
334 |
# and the loading of policy 'MYNETS' if present (see below). |
335 |
# Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart) |
336 |
# must be enabled in the Postfix service that feeds amavisd, otherwise |
337 |
# client IP address is not available to amavisd-new. |
338 |
# |
339 |
# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 |
340 |
# 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default |
341 |
# |
342 |
# A list of networks can also be read from a file, either as an IP acl in |
343 |
# CIDR notation, one address per line (comments and empty lines are |
344 |
allowed): |
345 |
# @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), |
346 |
\@mynetworks); |
347 |
# |
348 |
# or less flexibly (but provides faster lookups for large lists) by reading |
349 |
# into a hash lookup table, which only allows for full addresses or classful |
350 |
# IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13, |
351 |
# one address per line (comments and empty lines are allowed): |
352 |
# @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks); |
353 |
|
354 |
# See README.lookups for details on specifying access control lists. |
355 |
|
356 |
|
357 |
# |
358 |
# Section III - Logging |
359 |
# |
360 |
|
361 |
# true (e.g. 1) => syslog; false (e.g. 0) => logging to file |
362 |
$DO_SYSLOG = 1; # (defaults to 0) |
363 |
|
364 |
$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis') |
365 |
$syslog_facility = 'mail'; # Syslog facility as a string |
366 |
# e.g.: mail, daemon, user, local0, ... local7, ... |
367 |
$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, |
368 |
# choose from: emerg, alert, crit, err, warning, notice, |
369 |
info, debug |
370 |
|
371 |
# Log file (if not using syslog) |
372 |
$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log) |
373 |
|
374 |
#NOTE: levels are not strictly observed and are somewhat arbitrary |
375 |
# 0: startup/exit/failure messages, viruses detected |
376 |
# 1: args passed from client, some more interesting messages |
377 |
# 2: virus scanner output, timing |
378 |
# 3: server, client |
379 |
# 4: decompose parts |
380 |
# 5: more debug details |
381 |
$log_level = 2; # (defaults to 0) |
382 |
|
383 |
# Customizable template for the most interesting log file entry (e.g. with |
384 |
# $log_level=0) (take care to properly quote Perl special characters |
385 |
like '\') |
386 |
# For a list of available macros see README.customize . |
387 |
|
388 |
# $log_templ = undef; # undef disables by-message level-0 log entries |
389 |
$log_recip_templ = undef; # undef disables by-recipient level-0 log entries |
390 |
|
391 |
|
392 |
# log both infected and noninfected messages (as deflt, with |
393 |
size,subj,tests): |
394 |
# (remove the leading '#' and a space in the following lines to activate) |
395 |
|
396 |
# $log_templ = <<'EOD'; |
397 |
# [?%#D|#|Passed # |
398 |
# [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ |
399 |
# UNCHECKED|BANNED (%F)|INFECTED (%V)]# |
400 |
# #([:ccat_maj],[:ccat_min])# |
401 |
# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]# |
402 |
# [? %q ||, quarantine: %q]# |
403 |
# [? %Q ||, Queue-ID: %Q]# |
404 |
# [? %m ||, Message-ID: %m]# |
405 |
# [? %r ||, Resent-Message-ID: %r]# |
406 |
# , mail_id: %i# |
407 |
# , Hits: %c# |
408 |
# , size: %z# |
409 |
# [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\ |
410 |
# [remote_mta_smtp_response|[~%x|["queued as |
411 |
([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]# |
412 |
# [? %j ||, Subject: "%j\"]# |
413 |
# [? %#T ||, Tests: \[[%T|,]\]]# |
414 |
# , %y ms# |
415 |
# ] |
416 |
# [?%#O|#|Blocked # |
417 |
# [? [:ccat_maj] |OTHER|CLEAN|TEMPFAIL|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ |
418 |
# UNCHECKED|BANNED (%F)|INFECTED (%V)]# |
419 |
# #([:ccat_maj],[:ccat_min])# |
420 |
# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]# |
421 |
# [? %q ||, quarantine: %q]# |
422 |
# [? %Q ||, Queue-ID: %Q]# |
423 |
# [? %m ||, Message-ID: %m]# |
424 |
# [? %r ||, Resent-Message-ID: %r]# |
425 |
# , mail_id: %i# |
426 |
# , Hits: %c# |
427 |
# , size: %z# |
428 |
# #, smtp_resp: [:smtp_response]# |
429 |
# [? %j ||, Subject: "%j\"]# |
430 |
# [? %#T ||, Tests: \[[%T|,]\]]# |
431 |
# , %y ms# |
432 |
# ] |
433 |
# EOD |
434 |
|
435 |
# |
436 |
# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine |
437 |
# |
438 |
|
439 |
# Select notifications text encoding when Unicode-aware Perl is converting |
440 |
# text from internal character representation to external encoding (charset |
441 |
# in MIME terminology). Used as argument to Perl Encode::encode subroutine. |
442 |
# |
443 |
# to be used in RFC 2047-encoded header field bodies, e.g. in Subject: |
444 |
#$hdr_encoding = 'iso-8859-1'; # MIME charset (default: 'iso-8859-1') |
445 |
#$hdr_encoding_qb = 'Q'; # MIME encoding: quoted-printable (default) |
446 |
#$hdr_encoding_qb = 'B'; # MIME encoding: base64 |
447 |
# |
448 |
# to be used in notification body text: its encoding and |
449 |
Content-type.charset |
450 |
#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1') |
451 |
|
452 |
# Default template texts for notifications may be overruled by directly |
453 |
# assigning new text to template variables, or by reading template text |
454 |
# from files. A second argument may be specified in a call to read_text(), |
455 |
# specifying character encoding layer to be used when reading from the |
456 |
# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding. |
457 |
# Text will be converted to internal character representation by Perl 5.8.0 |
458 |
# or later; second argument is ignored otherwise. See PerlIO::encoding, |
459 |
# Encode::PerlIO and perluniintro man pages. |
460 |
# |
461 |
# $notify_sender_templ = read_text("$MYHOME/notify_sender.txt"); |
462 |
# $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt"); |
463 |
# $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt"); |
464 |
# $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt"); |
465 |
# $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt"); |
466 |
# $notify_spam_admin_templ = read_text("$MYHOME/notify_spam_admin.txt"); |
467 |
|
468 |
# If notification template files are collectively available in some |
469 |
directory, |
470 |
# one may call read_l10n_templates which invokes read_text for each known |
471 |
# template. This is primarily a Debian-specific feature, but was |
472 |
incorporated |
473 |
# into base code to facilitate porting. |
474 |
# |
475 |
# read_l10n_templates('/etc/amavis/en_US'); |
476 |
# |
477 |
# If read_l10n_templates is called, a localization template directory must |
478 |
# contain the following files: |
479 |
# charset this file should contain a one-line name |
480 |
# of the character set used in the template |
481 |
# files (e.g. utf8, iso-8859-2, ...) and is |
482 |
# passed as the second argument to |
483 |
read_text; |
484 |
# template-dsn.txt content fills the $notify_sender_templ |
485 |
# template-virus-sender.txt content fills the |
486 |
$notify_virus_sender_templ |
487 |
# template-virus-admin.txt content fills the |
488 |
$notify_virus_admin_templ |
489 |
# template-virus-recipient.txt content fills the |
490 |
$notify_virus_recips_templ |
491 |
# template-spam-sender.txt content fills the |
492 |
$notify_spam_sender_templ |
493 |
# template-spam-admin.txt content fills the $notify_spam_admin_templ |
494 |
|
495 |
# Here is an overall picture (sequence of events) of how pieces fit together |
496 |
# |
497 |
# bypass_virus_checks set for all recipients? ==> PASS |
498 |
# no viruses? ==> PASS |
499 |
# log virus if $log_templ is nonempty |
500 |
# quarantine if $virus_quarantine_to is nonempty |
501 |
# notify admin if $virus_admin (lookup) nonempty |
502 |
# notify recips if $warnvirusrecip and (recipient is local or |
503 |
$warn_offsite) |
504 |
# add address extensions for local recipients (when enabled) |
505 |
# send (non-)delivery notifications |
506 |
# to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS)) |
507 |
# virus_lovers or final_destiny==D_PASS ==> PASS |
508 |
# DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) |
509 |
# |
510 |
# Equivalent flow diagram applies for spam checks. |
511 |
# If a virus is detected, spam checking is skipped entirely. |
512 |
|
513 |
# The following symbolic constants can be used in *_destiny settings: |
514 |
# |
515 |
# D_PASS mail will pass to recipients, regardless of bad contents; |
516 |
# |
517 |
# D_DISCARD mail will not be delivered to its recipients, sender will |
518 |
NOT be |
519 |
# notified. Effectively we lose mail (but will be quarantined |
520 |
# unless disabled). Losing mail is not decent for a mailer, |
521 |
# but might be desired. |
522 |
# |
523 |
# D_BOUNCE mail will not be delivered to its recipients, a non-delivery |
524 |
# notification (bounce) will be sent to the sender by |
525 |
amavisd-new; |
526 |
# Exception: bounce (DSN) will not be sent if a virus name |
527 |
matches |
528 |
# @viruses_that_fake_sender_maps, or to messages from mailing |
529 |
lists |
530 |
# (Precedence: bulk|list|junk), or for spam level that exceeds |
531 |
# the $sa_dsn_cutoff_level. |
532 |
# |
533 |
# D_REJECT mail will not be delivered to its recipients, sender should |
534 |
# preferably get a reject, e.g. SMTP permanent reject response |
535 |
# (e.g. with milter), or non-delivery notification from MTA |
536 |
# (e.g. Postfix). If this is not possible (e.g. different |
537 |
recipients |
538 |
# have different tolerances to bad mail contents and not |
539 |
using LMTP) |
540 |
# amavisd-new sends a bounce by itself (same as D_BOUNCE). |
541 |
# Not to be used with Postfix or dual-MTA setups! |
542 |
# |
543 |
# Notes: |
544 |
# D_REJECT and D_BOUNCE are similar, the difference is in who is |
545 |
responsible |
546 |
# for informing the sender about non-delivery, and how |
547 |
informative |
548 |
# the notification can be (amavisd-new knows more than MTA); |
549 |
# With D_REJECT, MTA may reject original SMTP, or send DSN (delivery |
550 |
status |
551 |
# notification, colloquially called 'bounce') - depending on MTA; |
552 |
# Best suited for sendmail milter and Courier, especially for |
553 |
spam. |
554 |
# With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the |
555 |
# reason for mail non-delivery or even suppress DSN, but unable |
556 |
# to reject the original SMTP session). Best suited to reporting |
557 |
# viruses, and for Postfix and other dual-MTA setups, which can't |
558 |
# reject original client SMTP session, as the mail has already |
559 |
# been enqueued. |
560 |
|
561 |
# Alternatives to consider for spam: |
562 |
# - use D_PASS if clients will do filtering based on inserted |
563 |
# mail headers or added address extensions ('plus-addressing')2; |
564 |
# - use D_DISCARD, if kill_level is set comfortably high; |
565 |
# |
566 |
# D_BOUNCE is preferred for viruses, but consider: |
567 |
# - use D_PASS (or virus_lovers) to deliver viruses; |
568 |
# - use D_REJECT instead of D_BOUNCE if using Courier or milter and |
569 |
under heavy |
570 |
# virus storm; |
571 |
|
572 |
|
573 |
# The use of new *_by_ccat hashes is illustrated by the following examples |
574 |
# on configuring final_*_destiny. |
575 |
|
576 |
|
577 |
# using traditional settings of $final_*_destiny variables, relying on a |
578 |
# default setting of an associative array %final_destiny_by_ccat which is |
579 |
# backwards compatible and contains references to these traditional |
580 |
variables: |
581 |
# |
582 |
#$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD) |
583 |
#$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) |
584 |
#$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE) |
585 |
#$final_bad_header_destiny = D_PASS; # (defaults to D_PASS) |
586 |
|
587 |
######## |
588 |
# |
589 |
# Please think about what you are doing when you set these options. |
590 |
# If necessary, question your origanization's e-mail policies: |
591 |
# |
592 |
# D_BOUNCE contributes to the overall spread of virii and spam on the |
593 |
# internet. Both the envelope and header from addresses can be forged |
594 |
# accurately with no effort, causing the bounces to go to innocent parties, |
595 |
# whose addresses have been forged. |
596 |
# |
597 |
# D_DISCARD breaks internet mail specifications. However, with a |
598 |
# properly implemented Quaratine system, the concern for breaking the |
599 |
# specification is addressed to some extent. |
600 |
# |
601 |
# D_PASS is the safest way to handle e-mails. You must implement |
602 |
# client-side filtering to handle this method. |
603 |
# |
604 |
# -Cory Visi <merlin@g.o> 07/28/04 |
605 |
# |
606 |
####### |
607 |
|
608 |
|
609 |
|
610 |
# to explicitly list all (or most) possible contents category (ccat) keys: |
611 |
%final_destiny_by_ccat = ( |
612 |
CC_VIRUS, D_DISCARD, |
613 |
CC_BANNED, D_BOUNCE, |
614 |
CC_UNCHECKED, D_PASS, |
615 |
CC_SPAM, D_DISCARD, |
616 |
CC_BADH, D_PASS, |
617 |
CC_OVERSIZED, D_BOUNCE, |
618 |
CC_CLEAN, D_PASS, |
619 |
CC_CATCHALL, D_PASS, |
620 |
); |
621 |
|
622 |
# to rely on a catchall ccat key and only list exceptions (alternative 1): |
623 |
#%final_destiny_by_ccat = ( |
624 |
# CC_VIRUS, D_DISCARD, |
625 |
# CC_BANNED, D_BOUNCE, |
626 |
# CC_SPAM, D_BOUNCE, |
627 |
# CC_BADH.',4', D_BOUNCE, # BadHdrSpace |
628 |
# CC_BADH.',3', D_BOUNCE, # BadHdrChar |
629 |
# CC_OVERSIZED, D_BOUNCE, |
630 |
# CC_CATCHALL, D_PASS, |
631 |
#); |
632 |
|
633 |
# to rely on a catchall ccat key and list exceptions (alternative 2): |
634 |
#%final_destiny_by_ccat = ( |
635 |
# CC_VIRUS, D_DISCARD, |
636 |
# CC_UNCHECKED, D_PASS, |
637 |
# CC_BADH.',6', D_PASS, # BadHdrSyntax |
638 |
# CC_BADH.',5', D_PASS, # BadHdrLong |
639 |
# CC_BADH.',2', D_PASS, # BadHdr8bit |
640 |
# CC_BADH.',1', D_PASS, # BadHdrMime |
641 |
# CC_CLEAN, D_PASS, |
642 |
# CC_CATCHALL, D_BOUNCE, |
643 |
#); |
644 |
|
645 |
# to rely on a catchall ccat key and list exceptions (alternative 3): |
646 |
#%final_destiny_by_ccat = ( |
647 |
# CC_VIRUS, D_DISCARD, |
648 |
# CC_UNCHECKED, D_PASS, |
649 |
# CC_BADH.',4', D_BOUNCE, # BadHdrSpace |
650 |
# CC_BADH.',3', D_BOUNCE, # BadHdrChar |
651 |
# CC_BADH, D_PASS, # sub-catchall for CC_BADH |
652 |
# CC_CLEAN, D_PASS, |
653 |
# CC_CATCHALL, D_BOUNCE, |
654 |
#); |
655 |
|
656 |
# to rely on a default %final_destiny_by_ccat and only change few settings: |
657 |
#$final_destiny_by_ccat{CC_SPAM} = D_PASS; |
658 |
#$final_destiny_by_ccat{CC_BADH} = D_BOUNCE; |
659 |
#$final_destiny_by_ccat{CC_BADH.',2'} = D_PASS; # BadHdr8bit |
660 |
|
661 |
|
662 |
|
663 |
# For monitoring / testing purposes let the administrator receive a copy |
664 |
# of certain delivery status notifications that are mailed back to senders: |
665 |
# |
666 |
#%dsn_bcc_by_ccat = ( |
667 |
# CC_BANNED, undef, |
668 |
# CC_SPAM, undef, |
669 |
# CC_BADH, undef, |
670 |
# CC_CATCHALL, 'admin+test@×××××××.com', |
671 |
#); |
672 |
# |
673 |
# or use a simpler form, taking advantage of defaults in %dsn_bcc_by_ccat: |
674 |
#$dsn_bcc = 'admin+test@×××××××.com'; |
675 |
|
676 |
|
677 |
# The following $warn*sender settings are ONLY used when mail is |
678 |
# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*). |
679 |
# Bounces or rejects produce non-delivery status notification regardless. |
680 |
# |
681 |
# Notify sender of banned files? |
682 |
#$warnbannedsender = 1; # (defaults to false (undef)) |
683 |
# |
684 |
# Notify sender of syntactically invalid header containing non-ASCII chars? |
685 |
#$warnbadhsender = 1; # (defaults to false (undef)) |
686 |
|
687 |
# Notify virus (or banned files or bad headers) RECIPIENT? |
688 |
# (not very useful, but some policies demand it) |
689 |
#$warnvirusrecip = 1; # (defaults to false (undef)) |
690 |
#$warnbannedrecip = 1; # (defaults to false (undef)) |
691 |
#$warnbadhrecip = 1; # (defaults to false (undef)) |
692 |
|
693 |
# Notify also non-local virus/banned recipients if $warn*recip is true? |
694 |
# (including those not matching local_domains*) |
695 |
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals) |
696 |
|
697 |
|
698 |
# Treat envelope sender address as unreliable and don't send sender |
699 |
# notification / bounces if name(s) of detected virus(es) match the list. |
700 |
# Note that virus names are supplied by external virus scanner(s) and are |
701 |
# not standardized, so virus names may need to be adjusted. |
702 |
# See README.lookups for syntax, check also README.policy-on-notifications. |
703 |
# If the intention is to treat all viruses as faking the sender address, it |
704 |
# is equivalent but more efficient to just set |
705 |
$final_virus_destiny=D_DISCARD; |
706 |
# |
707 |
@viruses_that_fake_sender_maps = (new_RE( |
708 |
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, |
709 |
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i, |
710 |
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i, |
711 |
|
712 |
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i, |
713 |
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan |
714 |
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc |
715 |
# [qr'^(EICAR|Joke\.|Junk\.)'i => 0], |
716 |
# [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0], |
717 |
[qr/^/ => 1], # true by default (remove or comment-out if undesired) |
718 |
)); |
719 |
|
720 |
# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified |
721 |
address) |
722 |
# - the administrator envelope address may be a simple fixed e-mail address |
723 |
# (a scalar), or may depend on the RECIPIENT address (e.g. its domain). |
724 |
# |
725 |
# Empty or undef lookup disables virus admin notifications. |
726 |
|
727 |
# The full set of configurable administrator addresses is: |
728 |
# @virus_admin_maps ... notifications to admin about viruses |
729 |
# @newvirus_admin_maps ... newly encountered viruses since amavisd startup |
730 |
# @spam_admin_maps ... notifications to admin about spam |
731 |
# @banned_admin_maps ... notifications to admin about banned contents |
732 |
# @bad_header_admin_maps ... notifications to admin about bad headers |
733 |
|
734 |
$virus_admin = "virusalert\@$mydomain"; |
735 |
# $virus_admin = 'virus-admin@×××××××.com'; |
736 |
# $virus_admin = undef; # do not send virus admin notifications (default) |
737 |
# |
738 |
#@virus_admin_maps = ( # by-recipient maps |
739 |
# {'not.example.com' => '', |
740 |
# '.' => 'virusalert@×××××××.com'}, |
741 |
# $virus_admin, # the usual default |
742 |
#); |
743 |
|
744 |
# equivalent to $virus_admin, but for spam admin notifications: |
745 |
# $spam_admin = "spamalert\@$mydomain"; |
746 |
# $spam_admin = undef; # do not send spam admin notifications (default) |
747 |
#@spam_admin_maps = ( # by-recipient maps |
748 |
# {'not.example.com' => '', |
749 |
# '.' => 'spamalert@×××××××.com'}, |
750 |
# $spam_admin, # the usual default |
751 |
#); |
752 |
|
753 |
# receive a copy of all delivery status notifications sent; |
754 |
# useful for testing or monitoring |
755 |
#$dsn_bcc = "mailadmin\@$mydomain"; |
756 |
|
757 |
#advanced example, using a hash lookup table and a scalar default, |
758 |
#lookup key is a recipient envelope address: |
759 |
#@virus_admin_maps = ( # by-recipient maps |
760 |
# { 'baduser@××××××××××××.com' => 'HisBoss@××××××××××××.com', |
761 |
# '.sub1.example.com' => 'virusalert@××××××××××××.com', |
762 |
# '.sub2.example.com' => '', # don't send admin |
763 |
notifications |
764 |
# 'a.sub3.example.com' => 'abuse@××××××××××××.com', |
765 |
# '.sub3.example.com' => 'virusalert@××××××××××××.com', |
766 |
# '.example.com' => 'noc@×××××××.com', # default for our virus |
767 |
senders |
768 |
# }, |
769 |
# 'virusalert@××××××××××.com', # catchall for the rest |
770 |
#); |
771 |
|
772 |
# sender envelope address, from which notification reports are sent from; |
773 |
# may be a null reverse path, or a fully qualified address: |
774 |
# (admin and recip sender addresses default to a null return path). |
775 |
# If using strings in double quotes, don't forget to quote @, i.e. \@ |
776 |
# |
777 |
$mailfrom_notify_admin = "virusalert\@$mydomain"; |
778 |
$mailfrom_notify_recip = "virusalert\@$mydomain"; |
779 |
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; |
780 |
|
781 |
# 'From' HEADER FIELD for sender and admin notifications. |
782 |
# This should be a replyable address, see rfc1894. Not to be confused |
783 |
# with $mailfrom_notify_sender, which is the envelope return address |
784 |
# and can be empty (null reverse path) according to rfc2821. |
785 |
# |
786 |
# The syntax of the 'From' header field is specified in rfc2822, section |
787 |
# '3.4. Address Specification'. Note in particular that display-name must be |
788 |
# a quoted-string if it contains any special characters like spaces and |
789 |
dots. |
790 |
# |
791 |
# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>"; |
792 |
# $hdrfrom_notify_sender = 'amavisd-new <postmaster@×××××××.com>'; |
793 |
# $hdrfrom_notify_sender = '"Content-Filter Master" |
794 |
<postmaster@×××××××.com>'; |
795 |
# $hdrfrom_notify_admin = $mailfrom_notify_admin; |
796 |
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin; |
797 |
# (default: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>") |
798 |
|
799 |
# whom quarantined messages appear to be sent from (envelope sender); |
800 |
# keeps original sender if undef, or set it explicitly, default is undef |
801 |
$mailfrom_to_quarantine = ''; # override sender address with null |
802 |
return path |
803 |
|
804 |
|
805 |
# Location to put infected mail into: (applies to 'local:' quarantine |
806 |
method) |
807 |
# empty for not quarantining, may be a file (Unix-style mailbox), |
808 |
# or a directory (no trailing slash) |
809 |
# (the default value is undef, meaning no quarantine) |
810 |
# |
811 |
$QUARANTINEDIR = "$MYHOME/quarantine"; |
812 |
|
813 |
#$quarantine_subdir_levels = 1; # add level of subdirs to disperse |
814 |
quarantine |
815 |
|
816 |
#$clean_quarantine_method = 'local:clean-%m'; # disabled by |
817 |
default |
818 |
#$virus_quarantine_method = 'local:virus-%m'; # default |
819 |
#$spam_quarantine_method = 'local:spam-%m.gz'; # default |
820 |
#$banned_files_quarantine_method = 'local:banned-%m'; # default |
821 |
#$bad_header_quarantine_method = 'local:badh-%m'; # default |
822 |
|
823 |
# Separate quarantine subdirectories virus, spam, banned and badh within |
824 |
# the directory $QUARANTINEDIR may be specified by the following settings |
825 |
# (the subdirectories need to exist - must be created manually): |
826 |
#$clean_quarantine_method = 'local:clean/%m'; |
827 |
#$virus_quarantine_method = 'local:virus/%m'; |
828 |
#$spam_quarantine_method = 'local:spam/%m.gz'; |
829 |
#$banned_files_quarantine_method = 'local:banned/%m'; |
830 |
#$bad_header_quarantine_method = 'local:badh/%m'; |
831 |
# |
832 |
#use the 'bsmtp:' method as an alternative to the default 'local:' |
833 |
#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp"; |
834 |
#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp"; |
835 |
# |
836 |
#using the 'pipe:' method might be useful for some special purpose: |
837 |
#$mailfrom_to_quarantine = undef; # pass on the original sender address |
838 |
#$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b |
839 |
${sender}'; |
840 |
# |
841 |
#using the 'sql:' method to store quarantined message to a SQL database: |
842 |
#$virus_quarantine_method = $spam_quarantine_method = |
843 |
# $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:'; |
844 |
|
845 |
|
846 |
# When using the 'local:' quarantine method (default), the following |
847 |
applies: |
848 |
# |
849 |
# A finer control of quarantining is available through |
850 |
# variables $virus_quarantine_method/$spam_quarantine_method/ |
851 |
# $banned_files_quarantine_method/$bad_header_quarantine_method. |
852 |
# |
853 |
# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a |
854 |
# per-recipient lookup result from lookup tables @virus_quarantine_to_maps) |
855 |
# is/are interpreted as follows: |
856 |
# |
857 |
# VARIANT 1: |
858 |
# empty or undef disables quarantine; |
859 |
# |
860 |
# VARIANT 2: |
861 |
# a string NOT containing an '@'; |
862 |
# amavisd will behave as a local delivery agent (LDA) and will quarantine |
863 |
# viruses to local files according to hash %local_delivery_aliases (pseudo |
864 |
# aliases map) - see subroutine mail_to_local_mailbox() for details. |
865 |
# Some of the predefined aliases are 'virus-quarantine' and |
866 |
'spam-quarantine'. |
867 |
# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will: |
868 |
# |
869 |
# * if $QUARANTINEDIR is a directory, each quarantined virus will go |
870 |
# to a separate file in the $QUARANTINEDIR directory (traditional |
871 |
# amavis style, similar to maildir mailbox format); |
872 |
# |
873 |
# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style |
874 |
# mailbox. All quarantined messages will be appended to this file. |
875 |
# Amavisd child process must obtain an exclusive lock on the file during |
876 |
# delivery, so this may be less efficient than using individual files |
877 |
# or forwarding to MTA, and it may not work across NFS or other non-local |
878 |
# file systems (but may be handy for pickup of quarantined files via IMAP |
879 |
# for example); |
880 |
# |
881 |
# VARIANT 3: |
882 |
# any email address (must contain '@'). |
883 |
# The e-mail messages to be quarantined will be handed to MTA |
884 |
# for delivery to the specified address. If a recipient address local to MTA |
885 |
# is desired, you may leave the domain part empty, e.g. 'infected@', but the |
886 |
# '@' character must nevertheless be included to distinguish it from |
887 |
variant 2. |
888 |
# |
889 |
# This variant enables more refined delivery control made available by MTA |
890 |
# (e.g. its aliases file, other local delivery agents, dealing with |
891 |
# privileges and file locking when delivering to user's mailbox, nonlocal |
892 |
# delivery and forwarding, fan-out lists). Make sure the |
893 |
mail-to-be-quarantined |
894 |
# will not be handed back to amavisd for checking, as this will cause a loop |
895 |
# (hopefully broken at some stage)! If this can be assured, notifications |
896 |
# will benefit too from not being unnecessarily virus-scanned. |
897 |
# |
898 |
# By default this is safe to do with Postfix and Exim v4 and dual-sendmail |
899 |
# setup, but probably not safe with sendmail milter interface without |
900 |
tricks. |
901 |
|
902 |
# (default values are: virus-quarantine, banned-quarantine, spam-quarantine) |
903 |
|
904 |
$virus_quarantine_to = 'virus-quarantine'; # traditional local |
905 |
quarantine |
906 |
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery |
907 |
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar |
908 |
#$virus_quarantine_to = 'virus-quarantine@×××××××.com'; # similar |
909 |
#$virus_quarantine_to = undef; # no quarantine |
910 |
# |
911 |
# lookup key is envelope recipient address: |
912 |
#@virus_quarantine_to_maps = ( # per-recip multiple quarantines |
913 |
# new_RE( [qr'^user@example\.com$'i => 'infected@'], |
914 |
# [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'], |
915 |
# [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'] ), |
916 |
# $virus_quarantine_to, # the usual default |
917 |
#); |
918 |
|
919 |
# similar for banned names and bad headers and spam (set to undef to |
920 |
disable) |
921 |
$banned_quarantine_to = 'banned-quarantine'; # local quarantine |
922 |
$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine |
923 |
$spam_quarantine_to = 'spam-quarantine'; # local quarantine |
924 |
|
925 |
# or to a mailbox: |
926 |
#$spam_quarantine_to = "spam-quarantine\@$mydomain"; |
927 |
# |
928 |
#@spam_quarantine_to_maps = ( # per-recip multiple quarantines |
929 |
# new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ), |
930 |
# $spam_quarantine_to, # the usual default |
931 |
#); |
932 |
|
933 |
|
934 |
# In addition to per-recip quarantine, a by-sender lookup is possible. |
935 |
# It is similar to $spam_quarantine_to, but the lookup key is the |
936 |
# envelope sender address: |
937 |
#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam |
938 |
quarantine |
939 |
|
940 |
|
941 |
# Spam level beyond which quarantining is disabled (global value): |
942 |
#$sa_quarantine_cutoff_level = 20; # dflt: undef, which disables this |
943 |
feature |
944 |
|
945 |
#@spam_quarantine_cutoff_level_maps = ( # per-recip. quarantine cutoff |
946 |
levels |
947 |
# { 'user1@×××××××.com' => 20.5, |
948 |
# 'postmaster@×××××××.com' => 9999, |
949 |
# '.example.com' => 25 }, |
950 |
# \$sa_quarantine_cutoff_level, # catchall default |
951 |
#); |
952 |
|
953 |
|
954 |
# Add X-Virus-Scanned header field to mail? |
955 |
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned') |
956 |
|
957 |
# Set to empty to add no header field # (dflt "$myproduct_name at |
958 |
$mydomain") |
959 |
# $X_HEADER_LINE = "$myproduct_name at $mydomain"; |
960 |
# $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain"; |
961 |
# $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at |
962 |
$mydomain"; |
963 |
|
964 |
# a string to prepend to Subject (for local recipients only) if mail could |
965 |
# not be decoded or checked entirely, e.g. due to password-protected |
966 |
archives |
967 |
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it |
968 |
|
969 |
# MIME defanging wraps the entire original mail in a MIME container of type |
970 |
# 'Content-type: multipart/mixed', where the first part is a text/plain with |
971 |
# a short explanation, and the second part is a complete original mail, |
972 |
# enclosed in a 'Content-type: message/rfc822' MIME part. |
973 |
# Defanging is only done when enabled (selectively by malware type), |
974 |
# and mail is considered malware (virus/spam/...), and the malware is |
975 |
allowed |
976 |
# to pass (*_lovers or *_destiny=D_PASS) |
977 |
# |
978 |
$defang_virus = 1; # default is false: don't modify mail body |
979 |
$defang_banned = 1; # default is false: don't modify mail body |
980 |
# $defang_bad_header = 1; # default is false: don't modify mail body |
981 |
# $defang_undecipherable = 1; # default is false: don't modify mail body |
982 |
# $defang_spam = 1; # default is false: don't modify mail body |
983 |
|
984 |
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned |
985 |
alone |
986 |
#$remove_existing_x_scanned_headers= 1; # remove existing headers |
987 |
# (defaults to false) |
988 |
#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers |
989 |
alone |
990 |
$remove_existing_spam_headers = 1; # remove existing spam headers if |
991 |
# spam scanning is enabled (default) |
992 |
|
993 |
# set $bypass_decode_parts to true if you only do spam scanning, or if you |
994 |
# have a good virus scanner that can deal with compression and recursively |
995 |
# unpacking archives by itself, and save amavisd the trouble. |
996 |
# Disabling decoding also causes banned_files checking to only see |
997 |
# MIME names and MIME content types, not the content classification types |
998 |
# as provided by the file(1) utility. |
999 |
# It is a double-edged sword, make sure you know what you are doing! |
1000 |
# |
1001 |
#$bypass_decode_parts = 1; # (defaults to false) |
1002 |
|
1003 |
# don't trust this file type or corresponding unpacker for this file type, |
1004 |
# keep both the original and the unpacked file for a virus checker to see |
1005 |
# (lookup key is what file(1) utility returned): |
1006 |
# |
1007 |
@keep_decoded_original_maps = (new_RE( |
1008 |
# qr'^MAIL$', # retain full original message for virus checking (can |
1009 |
be slow) |
1010 |
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains |
1011 |
undecipherables |
1012 |
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, |
1013 |
# qr'^Zip archive data', # don't trust Archive::Zip |
1014 |
)); |
1015 |
|
1016 |
|
1017 |
# Checking for banned MIME types and names. If any mail part matches, |
1018 |
# the whole mail is rejected. Object $banned_filename_re provides a list |
1019 |
# of Perl regular expressions to be matched against each part's: |
1020 |
# |
1021 |
# * Content-Type value (both declared and effective mime-type), |
1022 |
# such as the possible security-risk content types |
1023 |
# 'message/partial' and 'message/external-body', as specified in rfc2046 |
1024 |
# or 'application/x-msdownload' and 'application/x-msdos-program'; |
1025 |
# |
1026 |
# * declared (recommended) file names as specified by MIME subfields |
1027 |
# Content-Disposition.filename and Content-Type.name, both in their |
1028 |
# raw (encoded) form and in rfc2047-decoded form if applicable |
1029 |
# as well as (recommended) file names specified in archives; |
1030 |
# |
1031 |
# * file content type as guessed by 'file(1)' utility, mapped |
1032 |
# (by @map_full_type_to_short_type_maps) into short type names such as |
1033 |
# .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always |
1034 |
# starts with a dot. These short types are available unless |
1035 |
# $bypass_decode_parts is true. |
1036 |
# |
1037 |
# All nodes (mail parts) of the fully recursively decoded mail and embedded |
1038 |
# archives are checked, each node independently from remaining nodes. |
1039 |
# |
1040 |
# For each node all its ancestor nodes including itself are checked against |
1041 |
# $banned_filename_re lookup list, top-down. The search for a node stops |
1042 |
# at the first match, the right-hand side of the matching key determines |
1043 |
# the result (true or false, absent right-hand side implies true, as |
1044 |
explained |
1045 |
# in README.lookups). |
1046 |
# |
1047 |
# Although repeatedly re-checking ancestor nodes may seem excessive, it |
1048 |
gives |
1049 |
# the opportunity to specify rules which make a particular node hide its |
1050 |
# descendents, e.g. allow any name or file type within a .zip, even though |
1051 |
# .exe files may otherwise not be allowed. |
1052 |
# |
1053 |
# Leave $banned_filename_re undefined to disable these checks |
1054 |
# (giving an empty list to new_RE() will also always return false) |
1055 |
|
1056 |
$banned_filename_re = new_RE( |
1057 |
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components |
1058 |
|
1059 |
# block certain double extensions anywhere in the base name |
1060 |
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, |
1061 |
|
1062 |
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID |
1063 |
|
1064 |
qr'^application/x-msdownload$'i, # block these MIME |
1065 |
types |
1066 |
qr'^application/x-msdos-program$'i, |
1067 |
qr'^application/hta$'i, |
1068 |
|
1069 |
# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME |
1070 |
# qr'^\.wmf$', # Windows Metafile file(1) type |
1071 |
|
1072 |
# qr'^message/partial$'i, # rfc2046 MIME type |
1073 |
|
1074 |
# qr'^message/external-body$'i, # rfc2046 MIME type |
1075 |
# (btw, note that allowing 'message/external-body' is probably no worse |
1076 |
# than allowing mail with HTML and/or allowing a user to browse the web) |
1077 |
|
1078 |
# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed |
1079 |
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives |
1080 |
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives |
1081 |
|
1082 |
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic |
1083 |
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| |
1084 |
# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| |
1085 |
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| |
1086 |
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long |
1087 |
|
1088 |
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip |
1089 |
vulnerab. |
1090 |
|
1091 |
qr'^\.(exe-ms)$', # banned file(1) types |
1092 |
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types |
1093 |
); |
1094 |
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 |
1095 |
# and http://www.cknow.com/vtutor/vtextensions.htm |
1096 |
|
1097 |
# A little trick: a pattern qr'\.exe$' matches both a short type name |
1098 |
'.exe', |
1099 |
# as well as any file name which happens to end with .exe. If only matching |
1100 |
# a file name is desired, but not the short type, a pattern qr'.\.exe$'i |
1101 |
# or similar may be used, which requires that at least one character |
1102 |
precedes |
1103 |
# the '.exe', and so it will never match short file types which always start |
1104 |
# with a dot. |
1105 |
|
1106 |
|
1107 |
# the syntax of these Perl regular expressions is a bit awkward if not |
1108 |
# familiar with them, so please do follow examples and stick to the idioms: |
1109 |
# \A ... at the beginning of the first component |
1110 |
# \z ... at the end of the the last (leaf) component |
1111 |
# ^ ... at the beginning of each component in the path |
1112 |
# $ ... at the end of each component in the path |
1113 |
# (.*\t)? ... at the beginning of a field |
1114 |
# (\t.*)? ... at the end of a field |
1115 |
# \t(.*\t)* ... separating fields |
1116 |
# [^\t\n] ... any single character, but don't escape from this field |
1117 |
# (.*\n)+ ... one or more levels down |
1118 |
# (?#...) ... a comment within a regexp |
1119 |
|
1120 |
# new-style of banned lookup table |
1121 |
$banned_namepath_re = new_RE( |
1122 |
|
1123 |
# block these MIME types |
1124 |
qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload |
1125 |
(\t.*)? $'xmi, |
1126 |
qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? |
1127 |
M=application/x-msdos-program(\t.*)? $'xmi, |
1128 |
qr'(?#NO HTA) ^(.*\t)? M=application/hta |
1129 |
(\t.*)? $'xmi, |
1130 |
|
1131 |
# # block rfc2046 MIME types |
1132 |
# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi, |
1133 |
# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi, |
1134 |
|
1135 |
# qr'(?#No Metafile MIME) ^(.*\t)? M=application/x-msmetafile (\t.*)? $'xmi, |
1136 |
# qr'(?#No Metafile MIME) ^(.*\t)? M=image/x-wmf (\t.*)? $'xmi, |
1137 |
# qr'(?#No Metafile file) ^(.*\t)? T=wmf (\t.*)? $'xm, |
1138 |
|
1139 |
# # within traditional Unix compressions allow any name and type |
1140 |
# [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2) (\t.*)? $'xmi => 0 ], # allow |
1141 |
|
1142 |
# within traditional Unix archives allow any name and type |
1143 |
[ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow |
1144 |
|
1145 |
# # block anything within a zip |
1146 |
# qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi, |
1147 |
|
1148 |
# block certain double extensions in filenames |
1149 |
qr'(?# BLOCK DOUBLE-EXTENSIONS ) |
1150 |
^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \. |
1151 |
(exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi, |
1152 |
|
1153 |
# # block Class ID (CLSID) extensions in filenames |
1154 |
# qr'(?# BLOCK CLSID-EXTENSIONS ) |
1155 |
# ^ (.*\t)? N= [^\t\n]* \{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}? |
1156 |
[^\t\n]* (\t.*)? $'xmi, |
1157 |
|
1158 |
# # banned declared names with three or more consecutive spaces |
1159 |
# qr'(?# BLOCK NAMES WITH SPACES ) |
1160 |
# ^ (.*\t)? N= [^\t\n]* [ ]{3,} 'xmi, |
1161 |
|
1162 |
# # within PC archives allow any types or names at any depth |
1163 |
# [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 |
1164 |
], # ok |
1165 |
|
1166 |
# # within certain archives allow leaf members at any depth if crypted |
1167 |
# [ qr'(?# ALLOW ENCRYPTED ) |
1168 |
# ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], |
1169 |
|
1170 |
# # allow crypted leaf members regardless of their name or type |
1171 |
# [ qr'(?# ALLOW IF ENCRYPTED ) ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], |
1172 |
|
1173 |
# # block if any component can not be decoded (is encrypted or bad archive) |
1174 |
# qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi, |
1175 |
|
1176 |
# [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES) |
1177 |
# \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2) |
1178 |
# \t(.*\t)* N=example\d+[^\t\n]* |
1179 |
# (\t.*)? $'xmi => 0 ], |
1180 |
|
1181 |
# banned filename extensions (in declared names) anywhere - basic |
1182 |
qr'(?# BLOCK COMMON NAME EXENSIONS ) |
1183 |
^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi, |
1184 |
|
1185 |
# # banned filename extensions (in declared names) anywhere - long |
1186 |
# qr'(?# BLOCK MORE NAME EXTENSIONS ) |
1187 |
# ^ (.*\t)? N= [^\t\n]* \. ( |
1188 |
# ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| |
1189 |
# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| |
1190 |
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| |
1191 |
# wmf|wsc|wsf|wsh) (\t.*)? $'xmi, |
1192 |
|
1193 |
# # banned filename extensions anywhere - WinZip vulnerability (pre-V9) |
1194 |
# qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS ) |
1195 |
# ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi, |
1196 |
|
1197 |
[ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM ) |
1198 |
^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi |
1199 |
=> 'DISCARD' ], |
1200 |
|
1201 |
# [ qr'(?# BLOCK EMPTY MIME PARTS ) |
1202 |
# ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ], |
1203 |
|
1204 |
qr'(?# BLOCK Microsoft EXECUTABLES ) |
1205 |
^ (.*\t)? T=exe-ms (\t.*)? $'xm, # banned file(1) type |
1206 |
|
1207 |
# qr'(?# BLOCK ANY EXECUTABLE ) |
1208 |
# ^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type |
1209 |
|
1210 |
# qr'(?# BLOCK THESE TYPES ) |
1211 |
# ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm, # banned file(1) |
1212 |
types |
1213 |
|
1214 |
); |
1215 |
|
1216 |
# use old or new style of banned lookup table; not both to avoid confusion |
1217 |
# |
1218 |
# @banned_filename_maps = (); # to disable old-style |
1219 |
$banned_namepath_re = undef; # to disable new-style |
1220 |
|
1221 |
|
1222 |
%banned_rules = ( |
1223 |
'MYNETS-DEFAULT' => new_RE( # permissive set of rules for internal |
1224 |
hosts |
1225 |
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any name/type in Unix |
1226 |
archives |
1227 |
qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary |
1228 |
), |
1229 |
'DEFAULT' => $banned_filename_re, |
1230 |
); |
1231 |
|
1232 |
|
1233 |
# |
1234 |
# Section V - Per-recipient and per-sender handling, whitelisting, etc. |
1235 |
# |
1236 |
|
1237 |
# @virus_lovers_maps list of lookup tables: |
1238 |
# (this should be considered a policy option, is does not disable checks, |
1239 |
# see bypass*checks for that!) |
1240 |
# |
1241 |
# Exclude certain RECIPIENTS from virus filtering by adding their |
1242 |
(lower-cased) |
1243 |
# envelope e-mail address (or domain only) to one of the lookup tables in |
1244 |
# the @virus_lovers_maps list - see README.lookups and examples. |
1245 |
# Make sure the appropriate form (e.g. external/internal) of address |
1246 |
# is used in case of virtual domains, or when mapping external to internal |
1247 |
# addresses, etc. - this is MTA-specific. |
1248 |
# |
1249 |
# Notifications would still be generated however (see the overall |
1250 |
# picture above), and infected mail (if passed) gets additional header: |
1251 |
# X-AMaViS-Alert: INFECTED, message contains virus: ... |
1252 |
# (header not inserted with Courier or milter interface!) |
1253 |
# |
1254 |
# Setting $final_*_destiny=D_PASS is functionally equivalent to having |
1255 |
# all recipients match the @*_lovers_maps. |
1256 |
# |
1257 |
# NOTE (milter interface only): in case of multiple recipients, |
1258 |
# it is only possible to drop or accept the message in its entirety - |
1259 |
for all |
1260 |
# recipients. If all of them are virus lovers, we'll accept mail, but if |
1261 |
# at least one recipient is not a virus lover, we'll discard the message. |
1262 |
|
1263 |
|
1264 |
# @bypass_virus_checks_maps list of lookup tables: |
1265 |
# (this is mainly a time-saving option, unlike virus_lovers* !) |
1266 |
# |
1267 |
# Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps |
1268 |
# is used to skip entirely the decoding, unpacking and virus checking, |
1269 |
# but only if ALL recipients match the lookup. |
1270 |
# |
1271 |
# @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be |
1272 |
checked |
1273 |
# for viruses - this may still happen when there is more than one recipient |
1274 |
# for a message and not all of them match these lookup tables, or when |
1275 |
# check result was cached (i.e. the same contents was recently sent to other |
1276 |
# recipients). To guarantee virus delivery, a recipient must also match |
1277 |
# @virus_lovers_maps lookups (but see milter limitations above), |
1278 |
# |
1279 |
# The following table summarizes the possible combinations: |
1280 |
# bypass lover |
1281 |
# 0 0 useful, check for malware and block it |
1282 |
# 0 1 useful, check but deliver nevertheless, possibly tagged |
1283 |
# 1 0 not too useful, free riding on cached or other-people's |
1284 |
checks |
1285 |
# 1 1 useful, no checks if possible, and no effects |
1286 |
|
1287 |
# NOTE: it would not be clever to base enabling of virus checks on SENDER |
1288 |
# address, since there are no guarantees that it is genuine. Many viruses |
1289 |
# and spam messages fake sender address. To achieve selective filtering |
1290 |
# based on the source of the mail (e.g. IP address, MTA port number, ...), |
1291 |
# use mechanisms provided by MTA if available, possibly combined with policy |
1292 |
# banks feature. |
1293 |
|
1294 |
# Similar to lists of lookup tables controlling virus checking, there are |
1295 |
# counterparts for spam scanning, banned names/types, and headers_checks |
1296 |
# control: |
1297 |
# @spam_lovers_maps, |
1298 |
# @banned_files_lovers_maps, |
1299 |
# @bad_header_lovers_maps |
1300 |
# and: |
1301 |
# @bypass_spam_checks_maps, |
1302 |
# @bypass_banned_checks_maps, |
1303 |
# @bypass_header_checks_maps |
1304 |
|
1305 |
# Example: |
1306 |
# @bypass_header_checks_maps = ( [qw( user@×××××××.com )] ); |
1307 |
# @bad_header_lovers_maps = ( [qw( user@×××××××.com )] ); |
1308 |
|
1309 |
# The following example disables spam checking altogether, |
1310 |
# since it matches any recipient e-mail address. |
1311 |
# @bypass_spam_checks_maps = (1); |
1312 |
|
1313 |
|
1314 |
# See README.lookups for further detail, and examples below. |
1315 |
|
1316 |
# In the following example a list of lookup tables @virus_lovers_maps |
1317 |
# contains three elements, the first is a reference to an ACL lookup table |
1318 |
# (brackets in Perl indicate a ref to a list), the second is a reference |
1319 |
# to a hash lookup table (curly braces in Perl indicate a ref to a hash), |
1320 |
# the third is a regexp lookup table, indicated by the type of object |
1321 |
# created by new_RE() : |
1322 |
# |
1323 |
#@virus_lovers_maps = ( |
1324 |
# [ qw( me@×××××××.com !lab.xxx.com .xxx.com yyy.org ) ], |
1325 |
# { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation |
1326 |
# 'postmaster@×××××××.com'=> 1, # in single quotes the '@' need not be |
1327 |
quoted |
1328 |
# 'abuse@×××××××.com'=> 1, |
1329 |
# 'some.user@' => 1, # this recipient, regardless of domain |
1330 |
# 'boss@×××××××.com' => 0, # never, even if domain matches |
1331 |
# 'example.com' => 1, # this domain, but not its subdomains |
1332 |
# '.example.com' => 1, # this domain, including its subdomains |
1333 |
# }, |
1334 |
# new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ), |
1335 |
#); |
1336 |
|
1337 |
#@spam_lovers_maps = ( |
1338 |
# ["postmaster\@$mydomain", 'postmaster@×××××××.com', 'abuse@×××××××.com'], |
1339 |
#); |
1340 |
|
1341 |
#@bad_header_lovers_maps = ( |
1342 |
# ["postmaster\@", "abuse\@$mydomain"], |
1343 |
#); |
1344 |
|
1345 |
|
1346 |
# as an alternative to fiddling with @_lovers_maps and similar _maps, here |
1347 |
# is an illustration of using a more general *_by_ccat associative array, |
1348 |
# introduced with 2.4.0, like %lovers_maps_by_ccat in this example: |
1349 |
# |
1350 |
#$lovers_maps_by_ccat{CC_SPAM} = [ |
1351 |
# read_hash("$MYHOME/etc/spam_lovers.txt"), |
1352 |
# [qw(postmaster@×××××××.com abuse@×××××××.com)], |
1353 |
#]; |
1354 |
# |
1355 |
#$lovers_maps_by_ccat{CC_BANNED} = [ |
1356 |
# { map {lc $_ => 1} # construct a hash lookup table from a list |
1357 |
# qw(user1@×××××××.com user2.example.com) |
1358 |
# }, |
1359 |
#]; |
1360 |
|
1361 |
|
1362 |
# to save some typing of quotes and commas, a Perl operator qw can be used |
1363 |
# to split its argument on whitespace and to quote resulting elements: |
1364 |
#@bypass_spam_checks_maps = ( |
1365 |
# [ qw( some.ddd !butnot.example.com .example.com ) ], |
1366 |
#); |
1367 |
|
1368 |
|
1369 |
# don't run spam check for these RECIPIENT domains: |
1370 |
# @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] ); |
1371 |
# or the other way around (bypass check for all BUT these): |
1372 |
# @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] ); |
1373 |
# a practical application: don't check outgoing mail for spam: |
1374 |
# @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] ); |
1375 |
# or calculated (negated) from the %local_domains: |
1376 |
# @bypass_spam_checks_maps = |
1377 |
# ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1); |
1378 |
# (a downside of which is that such mail will not count as ham in SA |
1379 |
bayes db) |
1380 |
# |
1381 |
# Note that 'outgoing' is not the same as 'originating from inside'. |
1382 |
# The internal-to-internal mail is not outgoing, but is originating from |
1383 |
# inside. To base rules on 'originating from inside', the use of policy bank |
1384 |
# MYNETS is needed, in conjunction with XFORWARD Postfix extension to SMTP. |
1385 |
|
1386 |
# Where to find SQL server(s) and database to support SQL lookups? |
1387 |
# A list of triples: (dsn,user,passw). (dsn = data source name) |
1388 |
# More than one entry may be specified for multiple (backup) SQL servers. |
1389 |
# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details. |
1390 |
# When chroot-ed, accessing SQL server over inet socket may be more |
1391 |
convenient. |
1392 |
# |
1393 |
# @lookup_sql_dsn = |
1394 |
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', |
1395 |
'passwd1'], |
1396 |
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], |
1397 |
# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); |
1398 |
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database |
1399 |
# |
1400 |
@lookup_sql_dsn = |
1401 |
( |
1402 |
['DBI:mysql:database=amavis;host=192.168.10.35;port=3306','amavis','db4me!'] |
1403 |
); |
1404 |
# ('mail' in the example is the database name, choose what you like) |
1405 |
# With PostgreSQL the dsn (first element of the triple) may look like: |
1406 |
# 'DBI:Pg:dbname=mail;host=host1' |
1407 |
|
1408 |
# The SQL select clause to fetch per-recipient policy settings. |
1409 |
# The %k will be replaced by a comma-separated list of query addresses |
1410 |
# (e.g. full address, domain only (stripped level by level), and a |
1411 |
catchall). |
1412 |
# Use ORDER if there is a chance that multiple records will match - the |
1413 |
first |
1414 |
# match wins. If field names are not unique (e.g. 'id'), the later field |
1415 |
# overwrites the earlier in a hash returned by lookup, which is why we use |
1416 |
# '*,users.id' instead of just '*'. No need to uncomment the following |
1417 |
# assignment if the default is ok. |
1418 |
# $sql_select_policy = 'SELECT *,users.id FROM users,policy'. |
1419 |
# ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'. |
1420 |
# ' ORDER BY users.priority DESC'; |
1421 |
# |
1422 |
# The SQL select clause to check sender in per-recipient whitelist/blacklist |
1423 |
# The first SELECT argument '?' will be users.id from recipient SQL lookup, |
1424 |
# the %k will be sender addresses (e.g. full address, domain only, |
1425 |
catchall). |
1426 |
# The default value is: |
1427 |
# $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'. |
1428 |
# ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'. |
1429 |
# ' AND (mailaddr.email IN (%k))'. |
1430 |
# ' ORDER BY mailaddr.priority DESC'; |
1431 |
# |
1432 |
# To disable SQL white/black list, set to undef (otherwise comment-out |
1433 |
# the following statement, leaving it at the default value): |
1434 |
#$sql_select_white_black_list = undef; # undef disables SQL |
1435 |
white/blacklisting |
1436 |
|
1437 |
$sql_select_white_black_list = 'SELECT wb FROM wblist'. |
1438 |
' WHERE (rid=?) AND (wblist.email IN (%k))'. |
1439 |
' ORDER BY wblist.priority DESC'; |
1440 |
|
1441 |
# If passing malware to certain recipients ($final_*_destiny=D_PASS or |
1442 |
# *_lovers), the recipient-based lookup tables @addr_extension_*_maps may |
1443 |
# return a string, which (if nonempty) will be added as an address extension |
1444 |
# to the local-part of the recipient's address. This extension may be used |
1445 |
# by the final local delivery agent (LDA) to place such mail into different |
1446 |
# subfolders (the extension is usually interpreted as a folder name). |
1447 |
# This is sometimes known as the 'plus addressing'. Appending address |
1448 |
# extensions is prevented when: |
1449 |
# - recipient does not match lookup tables @local_domains_maps; |
1450 |
# - lookup into corresponding @addr_extension_*_maps results |
1451 |
# in an empty string or undef; |
1452 |
# - $recipient_delimiter is empty (see below) |
1453 |
# LDAs usually default to stripping away address extension if no special |
1454 |
# handling is specified or if a named subfolder or alias does not exist, |
1455 |
# so adding address extensions normally does no harm. |
1456 |
|
1457 |
# @addr_extension_virus_maps = ('virus'); # defaults to empty |
1458 |
# @addr_extension_spam_maps = ('spam'); # defaults to empty |
1459 |
# @addr_extension_banned_maps = ('banned'); # defaults to empty |
1460 |
# @addr_extension_bad_header_maps = ('badh'); # defaults to empty |
1461 |
# |
1462 |
# A more complex example: |
1463 |
# @addr_extension_virus_maps = ( |
1464 |
# {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' ); |
1465 |
|
1466 |
# Delimiter between local part of the envelope recipient address and address |
1467 |
# extension (which can optionally be added, see @addr_extension_*_maps. E.g. |
1468 |
# recipient address <user@×××××××.com> is changed to |
1469 |
<user+virus@×××××××.com>. |
1470 |
# |
1471 |
# Delimiter must match the equivalent (final) MTA delimiter setting. |
1472 |
# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf) |
1473 |
# Setting it to an empty string or to undef disables adding extensions |
1474 |
# regardless of $addr_extension_*_maps. |
1475 |
|
1476 |
# $recipient_delimiter = '+'; # (default is undef, i.e. disabled) |
1477 |
|
1478 |
# true: replace extension; false: append extension |
1479 |
# $replace_existing_extension = 1; # (default is true) |
1480 |
|
1481 |
# Affects matching of localpart of e-mail addresses (left of '@') |
1482 |
# in lookups: true = case sensitive, false = case insensitive |
1483 |
$localpart_is_case_sensitive = 0; # (default is false) |
1484 |
|
1485 |
|
1486 |
# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING |
1487 |
|
1488 |
# Instead of hard black- or whitelisting, a softer approach is to add |
1489 |
# score points (penalties) to the SA score for mail from certain senders. |
1490 |
# Positive points lean towards blacklisting, negative towards whitelisting. |
1491 |
# This is much like adding SA rules or using its white/blacklisting, except |
1492 |
# that here only envelope sender addresses are considered (not addresses |
1493 |
# in a mail header), and that score points can be assigned per-recipient |
1494 |
# (or globally), and the assigned penalties are customarily much lower |
1495 |
# than the default SA white/blacklisting score. |
1496 |
# |
1497 |
# The table structure is similar to |
1498 |
$per_recip_blacklist_sender_lookup_tables |
1499 |
# i.e. the first level key is recipient, pointing to by-sender lookup |
1500 |
tables. |
1501 |
# The essential difference is that scores from _all_ matching by-recipient |
1502 |
# lookups (not just the first that matches) are summed to give the final |
1503 |
# score boost. That means that both the site and domain administrators, |
1504 |
# as well as the recipient can have a say on the final score. |
1505 |
# |
1506 |
# NOTE: keep hash keys in lowercase, either manually or by using function lc |
1507 |
|
1508 |
@score_sender_maps = ({ # a by-recipient hash lookup table |
1509 |
|
1510 |
# # per-recipient personal tables (NOTE: positive: black, negative: white) |
1511 |
# 'user1@×××××××.com' => [{'bla-mobile.press@×××××××.com' => 10.0}], |
1512 |
# 'user3@×××××××.com' => [{'.ebay.com' => -3.0}], |
1513 |
# 'user4@×××××××.com' => [{'cleargreen@××××××××××.com' => -7.0, |
1514 |
# '.cleargreen.com' => -5.0}], |
1515 |
|
1516 |
# site-wide opinions about senders (the '.' matches any recipient) |
1517 |
'.' => [ # the _first_ matching sender determines the score boost |
1518 |
|
1519 |
new_RE( # regexp-type lookup table, just happens to be all |
1520 |
soft-blacklist |
1521 |
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => |
1522 |
5.0], |
1523 |
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> |
1524 |
5.0], |
1525 |
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> |
1526 |
5.0], |
1527 |
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => |
1528 |
5.0], |
1529 |
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => |
1530 |
5.0], |
1531 |
[qr'^(your_friend|greatoffers)@'i => |
1532 |
5.0], |
1533 |
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => |
1534 |
5.0], |
1535 |
), |
1536 |
|
1537 |
# read_hash("/var/amavis/sender_scores_sitewide"), |
1538 |
|
1539 |
{ # a hash-type lookup table (associative array) |
1540 |
'nobody@××××.org' => -3.0, |
1541 |
'cert-advisory@×××××××.gov' => -3.0, |
1542 |
'owner-alert@×××.net' => -3.0, |
1543 |
'slashdot@××××××××.org' => -3.0, |
1544 |
'bugtraq@×××××××××××××.com' => -3.0, |
1545 |
'ntbugtraq@××××××××××××××××××.com' => -3.0, |
1546 |
'security-alerts@×××××××××××××.com' => -3.0, |
1547 |
'mailman-announce-admin@××××××.org' => -3.0, |
1548 |
'amavis-user-admin@×××××××××××××××××.net'=> -3.0, |
1549 |
'spamassassin.apache.org' => -3.0, |
1550 |
'notification-return@××××××××××××.com' => -3.0, |
1551 |
'owner-postfix-users@×××××××.org' => -3.0, |
1552 |
'owner-postfix-announce@×××××××.org' => -3.0, |
1553 |
'owner-sendmail-announce@××××××××××××××.org' => -3.0, |
1554 |
'sendmail-announce-request@××××××××××××××.org' => -3.0, |
1555 |
'donotreply@××××××××.org' => -3.0, |
1556 |
'ca+envelope@××××××××.org' => -3.0, |
1557 |
'noreply@×××××××××.net' => -3.0, |
1558 |
'owner-technews@××××××××××.org' => -3.0, |
1559 |
'ietf-123-owner@×××××××××.org' => -3.0, |
1560 |
'cvs-commits-list-admin@×××××.org' => -3.0, |
1561 |
'rt-users-admin@××××××××××.com' => -3.0, |
1562 |
'clp-request@××××××××××××.sg' => -3.0, |
1563 |
'surveys-errors@×××××××××.ie' => -3.0, |
1564 |
'emailnews@×××××××××.com' => -5.0, |
1565 |
'yahoo-dev-null@×××××××××.com' => -3.0, |
1566 |
'returns.groups.yahoo.com' => -3.0, |
1567 |
'clusternews@××××××××××××.com' => -3.0, |
1568 |
lc('lvs-users-admin@××××××××××××××××××.org') => -3.0, |
1569 |
lc('owner-textbreakingnews@××××××××××××××.COM') => -5.0, |
1570 |
|
1571 |
# soft-blacklisting (positive score) |
1572 |
'sender@×××××××.net' => 3.0, |
1573 |
'.example.net' => 1.0, |
1574 |
|
1575 |
}, |
1576 |
], # end of site-wide tables |
1577 |
}); |
1578 |
|
1579 |
|
1580 |
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL |
1581 |
(RECIPIENT-INDEPENDENT) |
1582 |
# (affects spam checking only, has no effect on virus and other checks) |
1583 |
|
1584 |
# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from |
1585 |
whitelisted |
1586 |
# senders even if the message would be recognized as spam. Effectively, for |
1587 |
# the specified senders, message recipients temporarily become |
1588 |
'spam_lovers'. |
1589 |
# To avoid surprises, whitelisted sender also suppresses inserting/editing |
1590 |
# the tag2-level header fields (X-Spam-*, Subject), appending spam address |
1591 |
# extension, and quarantining. |
1592 |
# |
1593 |
# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM. |
1594 |
# Effectively, for messages from blacklisted envelope sender addresses, spam |
1595 |
# level is artificially pushed high, and the normal spam processing applies, |
1596 |
# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual |
1597 |
# reactions to spam, including possible rejection. If the message |
1598 |
nevertheless |
1599 |
# still passes (e.g. for spam loving recipients), it is tagged as |
1600 |
BLACKLISTED |
1601 |
# in the 'X-Spam-Status' header field, but the reported spam value and |
1602 |
# set of tests in this report header field (if available from SpamAssassin, |
1603 |
# which may or may not have been called) is not adjusted. |
1604 |
# |
1605 |
# A sender may be both white- and blacklisted at the same time, settings |
1606 |
# are independent. For example, being both white- and blacklisted, message |
1607 |
# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No; |
1608 |
# X-Spam-Status: No, ...), but the reported spam level (if computed) may |
1609 |
# still indicate high spam score. |
1610 |
# |
1611 |
# If ALL recipients of the message either white- or blacklist the sender, |
1612 |
# spam scanning (calling the SpamAssassin) is bypassed, saving on time. |
1613 |
# |
1614 |
# The following variables (lists of lookup tables) are available, |
1615 |
# with the semantics and syntax as specified in README.lookups: |
1616 |
# @whitelist_sender_maps, @blacklist_sender_maps |
1617 |
|
1618 |
# SOME EXAMPLES: |
1619 |
# |
1620 |
#ACL: |
1621 |
# @whitelist_sender_maps = ( ['.example.org', '.example.net'] ); |
1622 |
# @whitelist_sender_maps = ( [qw(.example.org .example.net)] ); # same |
1623 |
thing |
1624 |
# |
1625 |
# @whitelist_sender_maps = ( [".$mydomain"] ); # $mydomain and its |
1626 |
subdomains |
1627 |
# NOTE: This is not a reliable way of turning off spam checks for |
1628 |
# locally-originating mail, as sender address can easily be faked. |
1629 |
# To reliably avoid spam-scanning outgoing mail, use |
1630 |
@bypass_spam_checks_maps |
1631 |
# for nonlocal recipients. To reliably avoid spam scanning for locally |
1632 |
# originating mail (including internal-to-internal mail), recognized by |
1633 |
# the original SMTP client IP address matching @mynetworks, use policy |
1634 |
bank |
1635 |
# MYNETS, adjust @mynetworks, and turn on XFORWARD in the Postfix smtp |
1636 |
client |
1637 |
# service feeding amavisd. |
1638 |
|
1639 |
#with regexps: |
1640 |
# @whitelist_sender_maps = ( new_RE( |
1641 |
# qr'^postmaster@.*\bexample\.com$'i, |
1642 |
# qr'^owner-[^@]*@'i, qr'-request@'i, |
1643 |
# qr'\.example\.com$'i |
1644 |
# )); |
1645 |
|
1646 |
|
1647 |
# illustrates the use of regexp lookup table: |
1648 |
|
1649 |
@blacklist_sender_maps = ( new_RE( |
1650 |
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i, |
1651 |
|
1652 |
qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i, |
1653 |
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i, |
1654 |
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i, |
1655 |
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i, |
1656 |
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i, |
1657 |
)); |
1658 |
|
1659 |
|
1660 |
# NOTE: whitelisting is becoming deprecated because sender address is |
1661 |
# all too often faked; use @score_sender_maps for soft-whitelisting! |
1662 |
# |
1663 |
# Illustrates the use of several lookup tables: |
1664 |
# |
1665 |
# @whitelist_sender_maps = ( |
1666 |
# |
1667 |
# # read_hash("$MYHOME/whitelist_sender"), # a hash table read from a file |
1668 |
# |
1669 |
# # and another hash lookup table constructed in-line, with keys |
1670 |
lowercased: |
1671 |
# { map {lc $_ => 1} qw( |
1672 |
# nobody@××××.org |
1673 |
# cert-advisory@×××××××.gov |
1674 |
# owner-alert@×××.net |
1675 |
# slashdot@××××××××.org |
1676 |
# bugtraq@×××××××××××××.com |
1677 |
# NTBUGTRAQ@××××××××××××××××××.COM |
1678 |
# security-alerts@×××××××××××××.com |
1679 |
# amavis-user-admin@×××××××××××××××××.net |
1680 |
# notification-return@××××××××××××.com |
1681 |
# mailman-announce-admin@××××××.org |
1682 |
# owner-postfix-users@×××××××.org |
1683 |
# owner-postfix-announce@×××××××.org |
1684 |
# owner-sendmail-announce@××××××××××××××.org |
1685 |
# sendmail-announce-request@××××××××××××××.org |
1686 |
# owner-technews@××××××××××.ORG |
1687 |
# lvs-users-admin@××××××××××××××××××.org |
1688 |
# ietf-123-owner@×××××××××.org |
1689 |
# cvs-commits-list-admin@×××××.org |
1690 |
# rt-users-admin@××××××××××.com |
1691 |
# clp-request@××××××××××××.sg |
1692 |
# surveys-errors@×××××××××.ie |
1693 |
# emailNews@×××××××××.com |
1694 |
# owner-textbreakingnews@××××××××××××××.COM |
1695 |
# yahoo-dev-null@×××××××××.com |
1696 |
# returns.groups.yahoo.com |
1697 |
# )}, |
1698 |
# |
1699 |
# # { '' => 1 }, # and another one, containing just an empty reverse |
1700 |
path (DSN) |
1701 |
# |
1702 |
# ); |
1703 |
|
1704 |
|
1705 |
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT |
1706 |
|
1707 |
# The same semantics as for global white/blacklisting applies, but this |
1708 |
# time each recipient (or its domain, or subdomain, ...) can be given |
1709 |
# an individual lookup table for matching senders. The per-recipient lookups |
1710 |
# take precedence over the global lookups, which serve as a fallback |
1711 |
default. |
1712 |
|
1713 |
# Specify a two-level lookup table: the key for the outer table is |
1714 |
recipient, |
1715 |
# and the result should be an inner lookup table (hash or ACL or RE), |
1716 |
# where the key used will be the sender. (Note that this structure is |
1717 |
flatter |
1718 |
# than @score_sender_maps, where the first level result is a ref to a _list_ |
1719 |
# of inner lookup tables, not a ref to a single lookup table.) |
1720 |
# |
1721 |
#$per_recip_blacklist_sender_lookup_tables = { |
1722 |
# |
1723 |
'user1@××××××××××.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i), |
1724 |
# 'user2@××××××××××.com'=>[qw( spammer@××.example,org .d2.example,org )], |
1725 |
#}; |
1726 |
#$per_recip_whitelist_sender_lookup_tables = { |
1727 |
# 'user@××××××××××.com' => [qw( friend@×××××××.org .other.example.org )], |
1728 |
# '.my1.example.com' => [qw( !foe.other.example,org |
1729 |
.other.example,org )], |
1730 |
# '.my2.example.com' => read_hash("$MYHOME/my2-wl.dat"), |
1731 |
# 'abuse@' => { 'postmaster@'=>1, |
1732 |
# 'cert-advisory-owner@××××.org'=>1, |
1733 |
'owner-alert@×××.net'=>1 }, |
1734 |
#}; |
1735 |
|
1736 |
|
1737 |
# |
1738 |
# Section VI - Resource limits |
1739 |
# |
1740 |
|
1741 |
# Sanity limit to the number of allowed recipients per SMTP transaction |
1742 |
# $smtpd_recipient_limit = 1100; # (default is 1100) |
1743 |
|
1744 |
# Resource limits to protect unpackers, decompressors and virus scanners |
1745 |
# against mail bombs (e.g. 42.zip) |
1746 |
|
1747 |
|
1748 |
# Maximum recursion level for extraction/decoding (0 or undef disables |
1749 |
limit) |
1750 |
$MAXLEVELS = 14; # (default is undef, no limit) |
1751 |
|
1752 |
# Maximum number of extracted files (0 or undef disables the limit) |
1753 |
$MAXFILES = 1500; # (default is undef, no limit) |
1754 |
|
1755 |
# For the cumulative total of all decoded mail parts we set max storage size |
1756 |
# to defend against mail bombs. Even though parts may be deleted (replaced |
1757 |
# by decoded text) during decoding, the size they occupied is _not_ returned |
1758 |
# to the quota pool. |
1759 |
# |
1760 |
# Parameters to storage quota formula for unpacking/decoding/decompressing |
1761 |
# Formula: |
1762 |
# quota = max($MIN_EXPANSION_QUOTA, |
1763 |
# $mail_size*$MIN_EXPANSION_FACTOR, |
1764 |
# min($MAX_EXPANSION_QUOTA, |
1765 |
$mail_size*$MAX_EXPANSION_FACTOR)) |
1766 |
# In plain words (later condition overrules previous ones): |
1767 |
# allow MAX_EXPANSION_FACTOR times initial mail size, |
1768 |
# but not more than MAX_EXPANSION_QUOTA, |
1769 |
# but not less than MIN_EXPANSION_FACTOR times initial mail size, |
1770 |
# but never less than MIN_EXPANSION_QUOTA |
1771 |
# |
1772 |
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not |
1773 |
enforced) |
1774 |
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not |
1775 |
enforced) |
1776 |
$MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5) |
1777 |
$MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500) |
1778 |
|
1779 |
# expiration time of cached results: time to live in seconds |
1780 |
# (how long the result of a virus/spam test remains valid) |
1781 |
$virus_check_negative_ttl= 3*60; # time to remember that mail was not |
1782 |
infected |
1783 |
$virus_check_positive_ttl= 30*60; # time to remember that mail was infected |
1784 |
$spam_check_negative_ttl = 30*60; # time to remember that mail was not spam |
1785 |
$spam_check_positive_ttl = 30*60; # time to remember that mail was spam |
1786 |
# |
1787 |
# NOTE: |
1788 |
# Cache size will be determined by the largest of the $*_ttl values. |
1789 |
# Depending on the mail rate, the cache database may grow quite large. |
1790 |
# Reasonable compromise for the max value is 15 minutes to 2 hours. |
1791 |
|
1792 |
# |
1793 |
# Section VII - External programs, virus scanners |
1794 |
# |
1795 |
|
1796 |
# Specify a path string, which is a colon-separated string of directories |
1797 |
# (no trailing slashes!) to be assigned to the environment variable PATH |
1798 |
# and to serve for locating external programs below. |
1799 |
|
1800 |
# NOTE: if $daemon_chroot_dir is nonempty, the directories will be |
1801 |
# relative to the chroot directory specified; |
1802 |
|
1803 |
$path = |
1804 |
'/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin'; |
1805 |
|
1806 |
# For external programs specify one string or a search list of strings |
1807 |
(first |
1808 |
# match wins). The string (or: each string in a list) may be an absolute |
1809 |
path, |
1810 |
# or just a program name, to be located via $path; |
1811 |
# Empty string or undef (=default) disables the use of that external |
1812 |
program. |
1813 |
# Optionally command arguments may be specified - only the first substring |
1814 |
# up to the whitespace is used for file searching. |
1815 |
|
1816 |
$file = 'file'; # file(1) utility; use 3.41 or later to avoid |
1817 |
vulnerability |
1818 |
$dspam = 'dspam'; |
1819 |
|
1820 |
# A list of pairs or n-tuples: [short-type, code_ref, optional-args...]. |
1821 |
# Maps short types to a decoding routine, the first match wins. |
1822 |
# Arguments beyond the first two can be program path string (or a listref of |
1823 |
# paths to be searched) or a reference to a variable containing such a path, |
1824 |
# which allows for lazy evaluation, making possible to assign values to |
1825 |
# legacy configuration variables even after the assignment to @decoders. |
1826 |
# |
1827 |
@decoders = ( |
1828 |
['mail', \&do_mime_decode], |
1829 |
['asc', \&do_ascii], |
1830 |
['uue', \&do_ascii], |
1831 |
['hqx', \&do_ascii], |
1832 |
['ync', \&do_ascii], |
1833 |
['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], |
1834 |
['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], |
1835 |
['gz', \&do_gunzip], |
1836 |
['gz', \&do_uncompress, 'gzip -d'], |
1837 |
['bz2', \&do_uncompress, 'bzip2 -d'], |
1838 |
['lzo', \&do_uncompress, 'lzop -d'], |
1839 |
['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], |
1840 |
['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], |
1841 |
['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], |
1842 |
['tar', \&do_tar], |
1843 |
['deb', \&do_ar, 'ar'], |
1844 |
# ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill |
1845 |
['zip', \&do_unzip], |
1846 |
['rar', \&do_unrar, ['rar','unrar'] ], |
1847 |
['arj', \&do_unarj, ['arj','unarj'] ], |
1848 |
['arc', \&do_arc, ['nomarch','arc'] ], |
1849 |
['zoo', \&do_zoo, 'zoo'], |
1850 |
['lha', \&do_lha, 'lha'], |
1851 |
# ['doc', \&do_ole, 'ripole'], |
1852 |
['cab', \&do_cabextract, 'cabextract'], |
1853 |
['tnef', \&do_tnef_ext, 'tnef'], |
1854 |
['tnef', \&do_tnef], |
1855 |
['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], |
1856 |
); |
1857 |
|
1858 |
|
1859 |
# SpamAssassin settings |
1860 |
|
1861 |
# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value |
1862 |
# of the option local_tests_only. See Mail::SpamAssassin man page. |
1863 |
# If set to 1, no SA tests that require internet access will be performed. |
1864 |
# |
1865 |
$sa_local_tests_only = 0; # only tests which do not require internet |
1866 |
access? |
1867 |
#$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant |
1868 |
# for SA 3.0, its cf option is |
1869 |
use_auto_whitelist) |
1870 |
|
1871 |
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is |
1872 |
larger |
1873 |
# (less than 1% of spam is > 64k) |
1874 |
# default: undef, no limitations |
1875 |
|
1876 |
# default values, customarily used in the @spam_*_level_maps as the last |
1877 |
entry |
1878 |
$sa_tag_level_deflt = -9999; # add spam info headers if at, or above |
1879 |
that level; |
1880 |
# undef is interpreted as lower than any spam level |
1881 |
$sa_tag2_level_deflt = 5;# add 'spam detected' headers at that level to |
1882 |
# passed mail, adding address extensions; |
1883 |
$sa_kill_level_deflt = 20; # triggers spam evasive actions |
1884 |
# at or above that level: bounce/reject/drop, |
1885 |
# quarantine |
1886 |
$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent, |
1887 |
# effectively turning D_BOUNCE into D_DISCARD; |
1888 |
# undef disables this feature and is a default; |
1889 |
# see also $sa_quarantine_cutoff_level above, which only controls |
1890 |
quarantining |
1891 |
|
1892 |
# advanced example specifying per-recipient values using a hash lookup: |
1893 |
#@spam_tag_level_maps = (\$sa_tag_level_deflt); # this is a default |
1894 |
#@spam_tag2_level_maps = ( |
1895 |
# { 'user1@×××××××.com' => 8.0, '.example.com' => 6.0 }, |
1896 |
# \$sa_tag2_level_deflt, # catchall default |
1897 |
#); |
1898 |
#@spam_kill_level_maps = ( |
1899 |
# { 'user1@×××××××.com' => 8.0, '.example.com' => 6.0 }, |
1900 |
# \$sa_kill_level_deflt, # catchall default |
1901 |
#); |
1902 |
#@spam_dsn_cutoff_level_maps = ( |
1903 |
# { 'user1@×××××××.com' => 10, '.example.com' => 15 }, |
1904 |
# \$sa_dsn_cutoff_level, # catchall default |
1905 |
#); |
1906 |
|
1907 |
# a quick reference: |
1908 |
# tag_level contents category: CC_CLEAN, |
1909 |
# controls adding the X-Spam-Status and X-Spam-Level headers, |
1910 |
# tag2_level contents category: CC_SPAMMY, |
1911 |
# controls adding 'X-Spam-Flag: YES', editing (tagging) |
1912 |
Subject, |
1913 |
# and adding address extensions, |
1914 |
# tag3_level contents category: CC_SPAMMY, minor category 1, |
1915 |
# like tag2, but may insert different Subject tag |
1916 |
# e.g. @spam_subject_tag3_maps=('***BLATANT*SPAM*** '); |
1917 |
# kill_level contents category: CC_SPAM, |
1918 |
# controls 'evasive actions' (reject, quarantine); |
1919 |
# it only makes sense to maintain the relationship: |
1920 |
# tag_level <= tag2_level <= tag3_level <= kill_level < |
1921 |
# < dsn_cutoff_level <= quarantine_cutoff_level |
1922 |
|
1923 |
# string to prepend to Subject header field when message exceeds tag2 level |
1924 |
$sa_spam_subject_tag = '*SPAM* '; # (defaults to undef, disabled) |
1925 |
# (only seen when spam is passed and recipient is |
1926 |
# in local_domains*) |
1927 |
|
1928 |
#$sa_spam_modifies_subj = 1; # in @spam_modifies_subj_maps, default is true |
1929 |
|
1930 |
# Example: modify Subject for all local recipients except user@×××××××.com |
1931 |
#@spam_modifies_subj_maps = ( [qw( !user@×××××××.com . )] ); |
1932 |
|
1933 |
#$sa_spam_level_char = '*'; # char for X-Spam-Level bar, defaults to '*'; |
1934 |
# undef or empty disables inserting X-Spam-Level |
1935 |
#$sa_spam_report_header = 0; # insert X-Spam-Report header field? |
1936 |
default false |
1937 |
|
1938 |
# stop anti-virus scanning when the first scanner detects a virus? |
1939 |
#$first_infected_stops_scan = 1; # default is false, all scanners in a |
1940 |
section |
1941 |
# are called |
1942 |
|
1943 |
# @av_scanners is a list of n-tuples, where fields semantics is: |
1944 |
# 1. av scanner plain name, to be used in log and reports; |
1945 |
# 2. scanner program name; this string will be submitted to subroutine |
1946 |
# find_external_programs(), which will try to find the full program path |
1947 |
# name during startup; if program is not found, this scanner is |
1948 |
disabled. |
1949 |
# Besides a simple string (full program path name or just the basename |
1950 |
# to be looked for in PATH), this may be an array ref of alternative |
1951 |
# program names or full paths - the first match in the list will be |
1952 |
used; |
1953 |
# As a special case for more complex scanners, this field may be |
1954 |
# a subroutine reference, and the whole n-tuple is passed to it as args. |
1955 |
# 3. command arguments to be given to the scanner program; |
1956 |
# a substring {} will be replaced by the directory name to be |
1957 |
scanned, i.e. |
1958 |
# "$tempdir/parts", a "*" will be replaced by base file names of parts; |
1959 |
# 4. an array ref of av scanner exit status values, or a regexp (to be |
1960 |
# matched against scanner output), indicating NO VIRUSES found; |
1961 |
# a special case is a value undef, which does not claim file to be clean |
1962 |
# (i.e. it never matches, similar to []), but suppresses a failure |
1963 |
warning; |
1964 |
# to be used when the result is inconclusive (useful for specialized and |
1965 |
# quick partial scanners such as jpeg checker); |
1966 |
# 5. an array ref of av scanner exit status values, or a regexp (to be |
1967 |
# matched against scanner output), indicating VIRUSES WERE FOUND; |
1968 |
# Note: the virus match prevails over a 'not found' match, so it is safe |
1969 |
# even if the no. 4. matches for viruses too; |
1970 |
# 6. a regexp (to be matched against scanner output), returning a list |
1971 |
# of virus names found, or a sub ref, returning such a list when given |
1972 |
# scanner output as argument; |
1973 |
# 7. and 8.: (optional) subroutines to be executed before and after scanner |
1974 |
# (e.g. to set environment or current directory); |
1975 |
# see examples for these at KasperskyLab AVP and NAI uvscan. |
1976 |
|
1977 |
# NOTES: |
1978 |
# |
1979 |
# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or |
1980 |
deleting the |
1981 |
# whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE |
1982 |
# (which can be handy if all you want to do is spam scanning); |
1983 |
# |
1984 |
# - the order matters: although _all_ available entries from the list |
1985 |
# are tried regardless of their verdict, scanners are run in the order |
1986 |
# specified: the report from the first one detecting a virus will be used |
1987 |
# (providing virus names and scanner output); REARRANGE THE ORDER TO WILL; |
1988 |
# see also $first_infected_stops_scan; |
1989 |
# |
1990 |
# - it doesn't hurt to keep an unused command line scanner entry in the list |
1991 |
# if the program can not be found; the path search is only performed once |
1992 |
# during the program startup; |
1993 |
# |
1994 |
# COROLLARY: to disable a scanner that _does_ exist on your system, |
1995 |
# comment out its entry or use undef or '' as its program name/path |
1996 |
# (second parameter). An example where this is almost a must: disable |
1997 |
# Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl |
1998 |
# (same for Trophie/vscan, and clamd/clamscan), or if another unrelated |
1999 |
# program happens to have a name matching one of the entries ('sweep' |
2000 |
# again comes to mind); |
2001 |
# |
2002 |
# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES |
2003 |
# for interfacing (where the second parameter starts with \&). |
2004 |
# Keeping such entry and not having a corresponding virus scanner daemon |
2005 |
# causes an unnecessary connection attempt (which eventually times out, |
2006 |
# but it wastes precious time). For this reason the daemonized entries |
2007 |
# are commented in the distribution - just remove the '#' where needed. |
2008 |
# |
2009 |
# CERT list of av resources: http://www.cert.org/other_sources/viruses.html |
2010 |
|
2011 |
@av_scanners = ( |
2012 |
|
2013 |
# ### http://www.vanja.com/tools/sophie/ |
2014 |
# ['Sophie', |
2015 |
# \&ask_daemon, ["{}/\n", '/var/run/sophie'], |
2016 |
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, |
2017 |
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], |
2018 |
|
2019 |
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ |
2020 |
# ['Sophos SAVI', \&sophos_savi ], |
2021 |
|
2022 |
# ### http://www.clamav.net/ |
2023 |
# ['ClamAV-clamd', |
2024 |
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], |
2025 |
# qr/\bOK$/, qr/\bFOUND$/, |
2026 |
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], |
2027 |
# # NOTE: the easiest is to run clamd under the same user as amavisd; |
2028 |
match the |
2029 |
# # socket name (LocalSocket) in clamav.conf to the socket name in this |
2030 |
entry |
2031 |
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], |
2032 |
|
2033 |
# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) |
2034 |
# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], |
2035 |
|
2036 |
# ### http://www.openantivirus.org/ |
2037 |
# ['OpenAntiVirus ScannerDaemon (OAV)', |
2038 |
# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], |
2039 |
# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ], |
2040 |
|
2041 |
# ### http://www.vanja.com/tools/trophie/ |
2042 |
# ['Trophie', |
2043 |
# \&ask_daemon, ["{}/\n", '/var/run/trophie'], |
2044 |
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, |
2045 |
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], |
2046 |
|
2047 |
# ### http://www.grisoft.com/ |
2048 |
# ['AVG Anti-Virus', |
2049 |
# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], |
2050 |
# qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ], |
2051 |
|
2052 |
# ### http://www.f-prot.com/ |
2053 |
# ['FRISK F-Prot Daemon', |
2054 |
# \&ask_daemon, |
2055 |
# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", |
2056 |
# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202', |
2057 |
# '127.0.0.1:10203','127.0.0.1:10204'] ], |
2058 |
# qr/(?i)<summary[^>]*>clean<\/summary>/, |
2059 |
# qr/(?i)<summary[^>]*>infected<\/summary>/, |
2060 |
# qr/(?i)<name>(.+)<\/name>/ ], |
2061 |
|
2062 |
# ### http://www.sald.com/, http://www.dials.ru/english/, |
2063 |
http://www.drweb.ru/ |
2064 |
# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later |
2065 |
# [pack('N',1). # DRWEBD_SCAN_CMD |
2066 |
# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES |
2067 |
# pack('N', # path length |
2068 |
# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). |
2069 |
# '{}/*'. # path |
2070 |
# pack('N',0). # content size |
2071 |
# pack('N',0), |
2072 |
# '/var/drweb/run/drwebd.sock', |
2073 |
# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot |
2074 |
# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default |
2075 |
# # '127.0.0.1:3000', # or over an inet socket |
2076 |
# ], |
2077 |
# qr/\A\x00[\x10\x11][\x00\x10]\x00/s, # IS_CLEAN,EVAL_KEY; |
2078 |
SKIPPED |
2079 |
# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # |
2080 |
KNOWN_V,UNKNOWN_V,V._MODIF |
2081 |
# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s, |
2082 |
# ], |
2083 |
# # NOTE: If using amavis-milter, change length to: |
2084 |
# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). |
2085 |
|
2086 |
### http://www.kaspersky.com/ (kav4mailservers) |
2087 |
['KasperskyLab AVP - aveclient', |
2088 |
['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', |
2089 |
'/opt/kav/bin/aveclient','aveclient'], |
2090 |
'-p /var/run/aveserver -s {}/*', [0,3,6,8], |
2091 |
qr/\b(INFECTED|SUSPICION)\b/, |
2092 |
qr/(?:INFECTED|SUSPICION) (.+)/, |
2093 |
], |
2094 |
|
2095 |
### http://www.kaspersky.com/ |
2096 |
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], |
2097 |
'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? |
2098 |
qr/infected: (.+)/, |
2099 |
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, |
2100 |
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, |
2101 |
], |
2102 |
|
2103 |
### The kavdaemon and AVPDaemonClient have been removed from Kasperky |
2104 |
### products and replaced by aveserver and aveclient |
2105 |
['KasperskyLab AVPDaemonClient', |
2106 |
[ '/opt/AVP/kavdaemon', 'kavdaemon', |
2107 |
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', |
2108 |
'/opt/AVP/AvpTeamDream', 'AvpTeamDream', |
2109 |
'/opt/AVP/avpdc', 'avpdc' ], |
2110 |
"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], |
2111 |
# change the startup-script in /etc/init.d/kavd to: |
2112 |
# DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" |
2113 |
# (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) |
2114 |
# adjusting /var/amavis above to match your $TEMPBASE. |
2115 |
# The '-f=/var/amavis' is needed if not running it as root, so it |
2116 |
# can find, read, and write its pid file, etc., see 'man kavdaemon'. |
2117 |
# defUnix.prf: there must be an entry "*/var/amavis" (or whatever |
2118 |
# directory $TEMPBASE specifies) in the 'Names=' section. |
2119 |
# cd /opt/AVP/DaemonClients; configure; cd Sample; make |
2120 |
# cp AvpDaemonClient /opt/AVP/ |
2121 |
# su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" |
2122 |
|
2123 |
### http://www.centralcommand.com/ |
2124 |
['CentralCommand Vexira (new) vascan', |
2125 |
['vascan','/usr/lib/Vexira/vascan'], |
2126 |
"-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". |
2127 |
"--vdb=/usr/lib/Vexira/vexira8.vdb --log=/var/log/vascan.log {}", |
2128 |
[0,3], [1,2,5], |
2129 |
qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( |
2130 |
[^\]\s']+ )\ \.\.\.\ / ], |
2131 |
# Adjust the path of the binary and the virus database as needed. |
2132 |
# 'vascan' does not allow to have the temp directory to be the same as |
2133 |
# the quarantine directory, and the quarantine option can not be |
2134 |
disabled. |
2135 |
# If $QUARANTINEDIR is not used, then another directory must be |
2136 |
specified |
2137 |
# to appease 'vascan'. Move status 3 to the second list if password |
2138 |
# protected files are to be considered infected. |
2139 |
|
2140 |
### http://www.hbedv.com/ |
2141 |
['H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus', |
2142 |
['antivir','vexira'], |
2143 |
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, |
2144 |
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | |
2145 |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], |
2146 |
# NOTE: if you only have a demo version, remove -z and add 214, as in: |
2147 |
# '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, |
2148 |
|
2149 |
### http://www.commandsoftware.com/ |
2150 |
['Command AntiVirus for Linux', 'csav', |
2151 |
'-all -archive -packed {}', [50], [51,52,53], |
2152 |
qr/Infection: (.+)/ ], |
2153 |
|
2154 |
### http://www.symantec.com/ |
2155 |
['Symantec CarrierScan via Symantec CommandLineScanner', |
2156 |
'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', |
2157 |
qr/^Files Infected:\s+0$/, qr/^Infected\b/, |
2158 |
qr/^(?:Info|Virus Name):\s+(.+)/ ], |
2159 |
|
2160 |
### http://www.symantec.com/ |
2161 |
['Symantec AntiVirus Scan Engine', |
2162 |
'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details |
2163 |
-verbose {}', |
2164 |
[0], qr/^Infected\b/, |
2165 |
qr/^(?:Info|Virus Name):\s+(.+)/ ], |
2166 |
# NOTE: check options and patterns to see which entry better applies |
2167 |
|
2168 |
### http://www.f-secure.com/products/anti-virus/ |
2169 |
['F-Secure Antivirus', 'fsav', |
2170 |
'--dumb --mime --archive {}', [0], [3,8], |
2171 |
qr/(?:infection|Infected|Suspected): (.+)/ ], |
2172 |
|
2173 |
# ### http://www.avast.com/ |
2174 |
# ['avast! Antivirus daemon', |
2175 |
# \&ask_daemon, # greets with 220, terminate with QUIT |
2176 |
# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], |
2177 |
# qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ], |
2178 |
|
2179 |
# ### http://www.avast.com/ |
2180 |
# ['avast! Antivirus - Client/Server Version', 'avastlite', |
2181 |
# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], |
2182 |
# qr/\t\[L\]\t([^[ \t\015\012]+)/ ], |
2183 |
|
2184 |
['CAI InoculateIT', 'inocucmd', # retired product |
2185 |
'-sec -nex {}', [0], [100], |
2186 |
qr/was infected by virus (.+)/ ], |
2187 |
# see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html |
2188 |
|
2189 |
### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) |
2190 |
['CAI eTrust Antivirus', 'etrust-wrapper', |
2191 |
'-arc -nex -spm h {}', [0], [101], |
2192 |
qr/is infected by virus: (.+)/ ], |
2193 |
# NOTE: requires suid wrapper around inocmd32; consider flag: -mod |
2194 |
reviewer |
2195 |
# see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 |
2196 |
|
2197 |
### http://mks.com.pl/english.html |
2198 |
['MkS_Vir for Linux (beta)', ['mks32','mks'], |
2199 |
'-s {}/*', [0], [1,2], |
2200 |
qr/--[ \t]*(.+)/ ], |
2201 |
|
2202 |
### http://mks.com.pl/english.html |
2203 |
['MkS_Vir daemon', 'mksscan', |
2204 |
'-s -q {}', [0], [1..7], |
2205 |
qr/^... (\S+)/ ], |
2206 |
|
2207 |
### http://www.nod32.com/ |
2208 |
['ESET Software NOD32 Command Line Interface v 2.51', 'nod32cli', |
2209 |
'--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ], |
2210 |
|
2211 |
# ### http://www.nod32.com/ old |
2212 |
# ['ESET Software NOD32 - Client/Server Version', 'nod32cli', |
2213 |
# '-a -r -d recurse --heur standard {}', [0], [10,11], |
2214 |
# qr/^\S+\s+infected:\s+(.+)/ ], |
2215 |
|
2216 |
# ### http://www.nod32.com/ old |
2217 |
# ['ESET Software NOD32', 'nod32', |
2218 |
# '--arch --mail {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ], |
2219 |
|
2220 |
# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 |
2221 |
# ['ESET Software NOD32 Client/Server (NOD32SS)', |
2222 |
# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT |
2223 |
# ["SCAN {}/*\r\n", '127.0.0.1:8448' ], |
2224 |
# qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ], |
2225 |
|
2226 |
### http://www.norman.com/products_nvc.shtml |
2227 |
['Norman Virus Control v5 / Linux', 'nvcc', |
2228 |
'-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], |
2229 |
qr/(?i).* virus in .* -> \'(.+)\'/ ], |
2230 |
|
2231 |
### http://www.pandasoftware.com/ |
2232 |
['Panda Antivirus for Linux', ['pavcl'], |
2233 |
'-aut -aex -heu -cmp -nbr -nor -nso -eng {}', |
2234 |
qr/Number of files infected[ .]*: 0+(?!\d)/, |
2235 |
qr/Number of files infected[ .]*: 0*[1-9]/, |
2236 |
qr/Found virus :\s*(\S+)/ ], |
2237 |
|
2238 |
# ### http://www.pandasoftware.com/ |
2239 |
# ['Panda Antivirus for Linux', ['pavcl'], |
2240 |
# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', |
2241 |
# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], |
2242 |
# qr/Found virus :\s*(\S+)/ ], |
2243 |
|
2244 |
# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. |
2245 |
# Check your RAV license terms before fiddling with the following two lines! |
2246 |
# ['GeCAD RAV AntiVirus 8', 'ravav', |
2247 |
# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ], |
2248 |
# # NOTE: the command line switches changed with scan engine 8.5 ! |
2249 |
# # (btw, assigning stdin to /dev/null causes RAV to fail) |
2250 |
|
2251 |
### http://www.nai.com/ |
2252 |
['NAI McAfee AntiVirus (uvscan)', 'uvscan', |
2253 |
'--secure -rv --mime --summary --noboot --mailbox --program |
2254 |
--timeout 180 - {}', [0], [13], |
2255 |
qr/(?x) Found (?: |
2256 |
\ the\ (.+)\ (?:virus|trojan) | |
2257 |
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) | |
2258 |
:\ (.+)\ NOT\ a\ virus)/, |
2259 |
# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, |
2260 |
# sub {delete $ENV{LD_PRELOAD}}, |
2261 |
], |
2262 |
# NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 |
2263 |
before |
2264 |
# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 |
2265 |
# and then clear it when finished to avoid confusing anything else. |
2266 |
# NOTE2: to treat encrypted files as viruses replace the [13] with: |
2267 |
# qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ |
2268 |
|
2269 |
### http://www.virusbuster.hu/en/ |
2270 |
['VirusBuster', ['vbuster', 'vbengcl'], |
2271 |
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], |
2272 |
qr/: '(.*)' - Virus/ ], |
2273 |
# VirusBuster Ltd. does not support the daemon version for the |
2274 |
workstation |
2275 |
# engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of |
2276 |
# binaries, some parameters AND return codes have changed (from 3 to 1). |
2277 |
# See also the new Vexira entry 'vascan' which is possibly related. |
2278 |
|
2279 |
# ### http://www.virusbuster.hu/en/ |
2280 |
# ['VirusBuster (Client + Daemon)', 'vbengd', |
2281 |
# '-f -log scandir {}', [0], [3], |
2282 |
# qr/Virus found = (.*);/ ], |
2283 |
# # HINT: for an infected file it always returns 3, |
2284 |
# # although the man-page tells a different story |
2285 |
|
2286 |
### http://www.cyber.com/ |
2287 |
['CyberSoft VFind', 'vfind', |
2288 |
'--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/, |
2289 |
# sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, |
2290 |
], |
2291 |
|
2292 |
### http://www.avast.com/ |
2293 |
['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], |
2294 |
'-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/ ], |
2295 |
|
2296 |
### http://www.ikarus-software.com/ |
2297 |
['Ikarus AntiVirus for Linux', 'ikarus', |
2298 |
'{}', [0], [40], qr/Signature (.+) found/ ], |
2299 |
|
2300 |
### http://www.bitdefender.com/ |
2301 |
['BitDefender', 'bdc', |
2302 |
'--arc --mail {}', qr/^Infected files *:0+(?!\d)/, |
2303 |
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, |
2304 |
qr/(?:suspected|infected): (.*)(?:\033|$)/ ], |
2305 |
# consider also: --all --nowarn --alev=15 --flev=15. The --all |
2306 |
argument may |
2307 |
# not apply to your version of bdc, check documentation and see 'bdc |
2308 |
--help' |
2309 |
|
2310 |
# ['File::Scan', sub {Amavis::AV::ask_av(sub{ |
2311 |
# use File::Scan; my($fn)=@_; |
2312 |
# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); |
2313 |
# my($vname) = $f->scan($fn); |
2314 |
# $f->error ? (2,"Error: ".$f->error) |
2315 |
# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, |
2316 |
# ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ], |
2317 |
|
2318 |
# ### example: fully-fledged checker for JPEG marker segments of invalid |
2319 |
length |
2320 |
# ['check-jpeg', |
2321 |
# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, |
2322 |
@_) }, |
2323 |
# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ], |
2324 |
# # NOTE: place file JpegTester.pm somewhere where Perl can find it, |
2325 |
# # for example in /usr/local/lib/perl5/site_perl |
2326 |
|
2327 |
# ### example: simpleminded checker for JPEG marker segments of invalid |
2328 |
length |
2329 |
# ### (only checks first 32k, which is not thorough enough) |
2330 |
# ['check-jpeg-simple', |
2331 |
# sub { Amavis::AV::ask_av(sub { |
2332 |
# my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg'); |
2333 |
# open(FF,$f) or die "jpeg: open err $f: $!"; |
2334 |
# binmode(FF) or die "jpeg: binmode err $f: $!"; |
2335 |
# defined read(FF,$_,32000) or die "jpeg: read err $f: $!"; |
2336 |
# close(FF) or die "jpeg: close err $f: $!"; |
2337 |
# if (/^\xff\xd8\xff/) { |
2338 |
# @r=(0,'jpeg ok'); |
2339 |
# while (!/\G(?:\xff\xd9|\z)/gc) { # EOI or eof |
2340 |
# if (/\G\xff+(?=\xff|\z)/gc) {} # fill-bytes before marker |
2341 |
# elsif (/\G\xff([\x01\xd0-\xd8])/gc) {} # TEM, RSTi, SOI |
2342 |
# elsif (/\G\xff([^\x00\xff])(..)/gcs) { # marker segment start |
2343 |
# my($n)=unpack("n",$2)-2; |
2344 |
# $n=32766 if $n>32766; # Perl regexp limit |
2345 |
# if ($n<0) {@r=(1,"bad jpeg: len=$n, pos=".pos); last} |
2346 |
# elsif (/\G.{$n}/gcs) {} # ok |
2347 |
# elsif (/\G.{0,$n}\z/gcs) {last} # truncated |
2348 |
# else {@r=(1,"bad jpeg: unexpected, pos=".pos); last} |
2349 |
# } |
2350 |
# elsif (/\G[^\xff]+/gc) {} # ECS |
2351 |
# elsif (/\G(?:\xff\x00)+/gc) {} # ECS |
2352 |
# else {@r=(2,"bad jpeg: unexpected char, pos=".pos); last} |
2353 |
# } |
2354 |
# }; @r}, @_) }, |
2355 |
# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ], |
2356 |
|
2357 |
); |
2358 |
|
2359 |
|
2360 |
# If no virus scanners from the @av_scanners list produce 'clean' nor |
2361 |
# 'infected' status (i.e. they all fail to run or the list is empty), |
2362 |
# then _all_ scanners from the @av_scanners_backup list are tried |
2363 |
# (again, subject to $first_infected_stops_scan). When there are both |
2364 |
# daemonized and equivalent or similar command-line scanners available, |
2365 |
# it is customary to place slower command-line scanners in the |
2366 |
# @av_scanners_backup list. The default choice is somewhat arbitrary, |
2367 |
# move entries from one list to another as desired, keeping main scanners |
2368 |
# in the primary list to avoid warnings. |
2369 |
|
2370 |
@av_scanners_backup = ( |
2371 |
|
2372 |
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV |
2373 |
['ClamAV-clamscan', 'clamscan', |
2374 |
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", |
2375 |
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], |
2376 |
|
2377 |
### http://www.f-prot.com/ - backs up F-Prot Daemon |
2378 |
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], |
2379 |
'-dumb -ai -archive -packed -server {}', [0,8], [3,6], |
2380 |
qr/Infection: (.+)|\s+contains\s+(.+)$/ ], |
2381 |
|
2382 |
### http://www.trendmicro.com/ - backs up Trophie |
2383 |
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], |
2384 |
'-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], |
2385 |
|
2386 |
### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD |
2387 |
['drweb - DrWeb Antivirus', |
2388 |
['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], |
2389 |
'-path={} -al -go -ot -cn -upn -ok-', |
2390 |
[0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'], |
2391 |
|
2392 |
['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], |
2393 |
'-i1 -xp {}', [0,10,15], [5,20,21,25], |
2394 |
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , |
2395 |
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, |
2396 |
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, |
2397 |
], |
2398 |
|
2399 |
# Commented out because the name 'sweep' clashes with Debian and FreeBSD |
2400 |
# package/port of an audio editor. Make sure the correct 'sweep' is found |
2401 |
# in the path when enabling. |
2402 |
# |
2403 |
# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl |
2404 |
# ['Sophos Anti Virus (sweep)', 'sweep', |
2405 |
# '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}', |
2406 |
# [0,2], qr/Virus .*? found/, |
2407 |
# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/, |
2408 |
# ], |
2409 |
# # other options to consider: -mime -oe -idedir=/usr/local/sav |
2410 |
|
2411 |
# always succeeds (uncomment to consider mail clean if all other |
2412 |
scanners fail) |
2413 |
# ['always-clean', sub {0}], |
2414 |
|
2415 |
); |
2416 |
|
2417 |
|
2418 |
# |
2419 |
# Section VIII - Debugging |
2420 |
# |
2421 |
|
2422 |
# The most useful debugging tool is to run amavisd-new non-detached |
2423 |
# from a terminal window using command: # amavisd debug |
2424 |
|
2425 |
# Some more refined approaches: |
2426 |
|
2427 |
# If sender matches ACL, turn debugging fully up, just for this one message |
2428 |
#@debug_sender_maps = ( ["test-sender\@$mydomain"] ); |
2429 |
#@debug_sender_maps = ( [qw( debug@×××××××.com debug@×××××××.net )] ); |
2430 |
|
2431 |
# May be useful along with @debug_sender_maps: |
2432 |
# Prevent all decoded originals being deleted (replaced by decoded part) |
2433 |
#@keep_decoded_original_maps = (1); |
2434 |
|
2435 |
# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd |
2436 |
debug') |
2437 |
#$sa_debug = '1,all'; # defaults to false |
2438 |
|
2439 |
|
2440 |
# |
2441 |
# Section IX - Policy banks (dynamic policy switching) |
2442 |
# |
2443 |
|
2444 |
## Define some policy banks (sets of settings) and give them |
2445 |
## arbitrary names (the names '', 'MYNETS' and 'MYUSERS' have special |
2446 |
meaning): |
2447 |
# |
2448 |
# $policy_bank{'ALT'} = { |
2449 |
# log_level => 3, |
2450 |
# syslog_ident => 'alt-amavis', |
2451 |
# syslog_facility => 'LOCAL3', |
2452 |
# inet_acl => [qw( 10.0.1.14 )], |
2453 |
# final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS, |
2454 |
# forward_method => 'smtp:*:*', |
2455 |
# notify_method => 'smtp:[127.0.0.1]:10025', |
2456 |
# virus_admin_maps => "abuse\@$mydomain", |
2457 |
# spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@×××××××.com )]], |
2458 |
# spam_tag_level_maps => 2.1, |
2459 |
# spam_tag2_level_maps => 6.32, |
2460 |
# spam_kill_level_maps => 6.72, |
2461 |
# spam_dsn_cutoff_level_maps => 8, |
2462 |
# defang_spam => 1, |
2463 |
# local_client_bind_address => '10.11.12.13', |
2464 |
# localhost_name => 'amavis.example.com', |
2465 |
# smtpd_greeting_banner => |
2466 |
# '${helo-name} ${protocol} ${product} ${version-id} |
2467 |
(${version-date}) TEST service ready'; |
2468 |
# auth_mech_avail => [qw(PLAIN LOGIN)], |
2469 |
# auth_required_inp => 1, |
2470 |
# auth_required_out => 1, |
2471 |
# amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX', |
2472 |
# av_scanners => [ # provide only 'free' scanners |
2473 |
# ['ClamAV-clamd', |
2474 |
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], |
2475 |
# qr/\bOK$/, qr/\bFOUND$/, |
2476 |
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/, |
2477 |
# ], |
2478 |
# ], |
2479 |
# av_scanners_backup => [ |
2480 |
# ['ClamAV-clamscan', 'clamscan', |
2481 |
# "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], |
2482 |
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/, |
2483 |
# ], |
2484 |
# ], |
2485 |
# }; |
2486 |
|
2487 |
# NOTE: the use of policy banks for changing protocol on the input socket is |
2488 |
# only needed when different protocols need to be spoken on different |
2489 |
sockets |
2490 |
# at the same time. For normal use just set globally e.g.: |
2491 |
$protocol='AM.PDP'; |
2492 |
# |
2493 |
#$policy_bank{'AM.PDP-SOCK'} = { |
2494 |
# protocol => 'AM.PDP', # Amavis policy delegation protocol |
2495 |
# auth_required_release => 0, # don't require secret_id for |
2496 |
amavisd-release |
2497 |
#}; |
2498 |
# |
2499 |
#$policy_bank{'AM.PDP-INET'} = { |
2500 |
# protocol => 'AM.PDP', # Amavis policy delegation protocol |
2501 |
# inet_acl => [qw( 127.0.0.1 [::1] )], # restrict to these IP addresses |
2502 |
#}; |
2503 |
# |
2504 |
## the name 'MYNETS' has special semantics: this policy bank gets loaded |
2505 |
## whenever MTA supplies the original SMTP client IP address (Postfix |
2506 |
XFORWARD |
2507 |
## extension or a new AM.PDP protocol) and that address matches @mynetworks. |
2508 |
# |
2509 |
# $terminate_dsn_on_notify_success = 1; |
2510 |
# $policy_bank{'MYNETS'} = { # mail originating from @mynetworks |
2511 |
# terminate_dsn_on_notify_success => 0, |
2512 |
# spam_kill_level_maps => 6.9, |
2513 |
# syslog_facility => 'LOCAL4', # tell syslog to log to a separate file |
2514 |
# spam_admin_maps => ["spamalert\@$mydomain"], # alert of internal spam |
2515 |
# bypass_spam_checks_maps => [1], # or: don't spam-check internal mail |
2516 |
# bypass_banned_checks_maps => [1], # don't banned-check internal mail |
2517 |
# warnbadhsender => 1, # warn local senders about their broken MUA |
2518 |
# banned_filename_maps => ['MYNETS-DEFAULT'], # more permissive |
2519 |
banning rules |
2520 |
# }; |
2521 |
|
2522 |
## the name 'MYUSERS' has special semantics: this policy bank gets loaded |
2523 |
## whenever the sender matches @local_domains_maps. This only makes sense |
2524 |
## if local sender addresses can be trusted -- for example by requiring |
2525 |
## authentication before letting users send with their local address. |
2526 |
# |
2527 |
# $policy_bank{'MYUSERS'} = { |
2528 |
# final_virus_destiny => D_BOUNCE, # bounce only to authenticated |
2529 |
local users |
2530 |
# final_banned_destiny=> D_BOUNCE, |
2531 |
# }; |
2532 |
|
2533 |
|
2534 |
## Now we can assign policy banks to amavisd tcp port numbers listed in |
2535 |
## $inet_socket_port. Whenever the connection from MTA is received, first |
2536 |
## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in |
2537 |
## all the global/legacy settings, then it gets overlaid by the bank |
2538 |
## named in the $interface_policy{$port} if any, and finally the bank |
2539 |
## 'MYNETS' is overlaid if it exists and the SMTP client IP address |
2540 |
## is known (by XFORWARD command from MTA) and it matches @mynetworks. |
2541 |
|
2542 |
# $interface_policy{'10026'} = 'ALT'; |
2543 |
|
2544 |
# used by amavisd-release utility of a new AM.PDP-based amavis-milter client |
2545 |
#$interface_policy{'9998'} = 'AM.PDP-INET'; |
2546 |
#$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; |
2547 |
|
2548 |
|
2549 |
# Want to execute additional configuration files from some directory? |
2550 |
# |
2551 |
#{ my($d) = '/etc/amavis/conf.d'; # do *.cf or *.conf files in this |
2552 |
directory |
2553 |
# local(*D); opendir(D,$d) or die "Can't open dir $d: $!"; |
2554 |
# my(@d) = sort grep {/\.(cf|conf)$/ && -f} map {/^(.*)$/,"$d/$1"} |
2555 |
readdir(D); |
2556 |
# closedir(D) or die "Can't close $d: $!"; |
2557 |
# for my $f (@d) { |
2558 |
# printf("Reading config file %s\n", $f); $!=0; |
2559 |
# if (defined(do $f)) {} |
2560 |
# elsif ($@ ne '') { die "Error in $f: $@" } |
2561 |
# elsif ($! != 0) { die "Error reading $f: $!" } |
2562 |
# } |
2563 |
#} |
2564 |
|
2565 |
#------------- |
2566 |
1; # insure a defined return |
2567 |
-- |
2568 |
gentoo-server@g.o mailing list |