Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 298003 Details for
Bug 397763
mail-filter/amavisd-new-2.7.0 - /etc/init.d/amavisd: checkpath: mkdir: No such file or directory
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
amavisd.conf
amavisd.conf (text/plain), 117.06 KB, created by
Timo Antweiler
on 2012-01-05 14:34:19 UTC
(
hide
)
Description:
amavisd.conf
Filename:
MIME Type:
Creator:
Timo Antweiler
Created:
2012-01-05 14:34:19 UTC
Size:
117.06 KB
patch
obsolete
>use strict; > ># Sample configuration file for amavisd-new (traditional style, chatty, ># you may prefer to start with the more concise supplied amavisd.conf) ># ># See amavisd.conf-default for a list of all variables with their defaults; ># for more details see documentation in INSTALL, README_FILES/* ># and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html > ># This software is licensed under the GNU General Public License (GPL). ># See comments at the start of amavisd-new for the whole license text. > >#Sections: ># Section I - Essential daemon and MTA settings ># Section II - MTA specific ># Section III - Logging ># Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine ># Section V - Per-recipient and per-sender handling, whitelisting, etc. ># Section VI - Resource limits ># Section VII - External programs, virus scanners, SpamAssassin ># Section VIII - Debugging ># Section IX - Policy banks (dynamic policy switching) > >#GENERAL NOTES: ># This file is a normal Perl code, interpreted by Perl itself. ># - make sure this file (or directory where it resides) is NOT WRITABLE ># by mere mortals (not even vscan/amavis; best to make it owned by root), ># otherwise it can represent a severe security risk! ># - for values which are interpreted as booleans, it is recommended ># to use 1 for true, and 0 or undef or '' for false; ># Note that this interpretation of boolean values does not apply directly ># to LDAP and SQL lookups, which follow their own rules - see README.lookups ># and README.ldap (in short: use Y/N in SQL, and TRUE/FALSE in LDAP); ># - Perl syntax applies. Most notably: strings in "" may include variables ># (which start with $ or @); to include characters $ and @ and \ in double ># quoted strings precede them by a backslash; in single-quoted strings ># the $ and @ lose their special meaning, so it is usually easier to use ># single quoted strings (or qw operator) for e-mail addresses. ># In both types of quoting a backslash should to be doubled. ># - variables with names starting with a '@' are lists, the values assigned ># to them should be lists too, e.g. ('one@foo', $mydomain, "three"); ># note the comma-separation and parenthesis. If strings in the list ># do not contain spaces nor variables, a Perl operator qw() may be used ># as a shorthand to split its argument on whitespace and produce a list ># of strings, e.g. qw( one@foo example.com three ); Note that the argument ># to qw is quoted implicitly and no variable interpretation is done within ># (no '$' variable evaluations). The #-initiated comments can NOT be used ># within a string. In other words, $ and # lose their special meaning ># within a qw argument, just like within '...' strings. ># - all e-mail addresses in this file and as used internally by the daemon ># are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. ># Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com ># and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'. ># - the term 'default value' in examples below refers to the value of a ># variable pre-assigned to it by the program; any explicit assignment ># to a variable in this configuration file overrides the default value; > > ># ># Section I - Essential daemon and MTA settings ># > ># $MYHOME serves as a quick default for some other configuration settings. ># More refined control is available with each individual setting further down. ># $MYHOME is not used directly by the program. No trailing slash! >$MYHOME = '/var/amavis'; # (default is '/var/amavis'), -H > ># $mydomain serves as a quick default for some other configuration settings. ># More refined control is available with each individual setting further down. ># $mydomain is never used directly by the program. >$mydomain = 'mycooldomain.com'; # (no useful default) > >$myhostname = 'host.mycooldomain.com'; # fqdn of this host, default by uname(3) > ># Set the user and group to which the daemon will change if started as root ># (otherwise just keeps the UID unchanged, and these settings have no effect): >$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u >$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g > ># Runtime working directory (cwd), and a place where ># temporary directories for unpacking mail are created. ># (no trailing slash, may be a scratch file system) >#$TEMPBASE = $MYHOME; # (must be set if other config vars use is), -T >$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean? > >#$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db", -D > ># $helpers_home sets environment variable HOME, and is passed as option ># 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory ># on a normal persistent file system, not a scratch or temporary file system >$helpers_home = $MYHOME; # (defaults to $MYHOME), -S > ># Run the daemon in the specified chroot jail if nonempty: >#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot), -R > >$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid"), -P >$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock"), -L > ># set environment variables if you want (no defaults): >$ENV{TMPDIR} = $TEMPBASE; # used for SA temporary files, by some decoders, etc. > >$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) >$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 > >$enable_dkim_verification = 0; # enable DKIM signatures verification >$enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key > ># MTA SETTINGS, UNCOMMENT AS APPROPRIATE, ># both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025' > ># POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4 ># (set host and port number as required; host can be specified ># as an IP address or a DNS name (A or CNAME, but MX is ignored) >#$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked mail >#$notify_method = $forward_method; # where to submit notifications > >#$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl > ># To make it possible for several hosts to share one content checking daemon, ># the IP address and/or the port number in $forward_method and $notify_method ># may be spacified as an asterisk. An asterisk in the colon-separated ># second field (host) will be replaced by the SMTP client peer address, ># An asterisk in the third field (tcp port) will be replaced by the incoming ># SMTP/LMTP session port number plus one. This obsoletes the previously used ># less flexible configuration parameter $relayhost_is_client. An example: ># $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587'; > > ># NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST ># uncomment the appropriate settings below if using other setups! > ># SENDMAIL MILTER, using amavis-milter.c helper program: >#$forward_method = undef; # no explicit forwarding, sendmail does it by itself ># milter; option -odd is needed to avoid deadlocks >#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}'; ># just a thought: can we use use -Am instead of -odd ? > ># SENDMAIL (old non-milter setup, as relay, deprecated): >#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}'; >#$notify_method = $forward_method; > ># SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, deprecated): >#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA >#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}'; > ># EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead): >#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}'; >#$notify_method = $forward_method; > ># prefer to collect mail for forwarding as BSMTP files? >#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp"; >#$notify_method = $forward_method; > > ># Net::Server pre-forking settings ># The $max_servers should match the width of your MTA pipe ># feeding amavisd, e.g. with Postfix the 'Max procs' field in the ># master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp ># >$max_servers = 2; # num of pre-forked children (2..30 is common), -m >$max_requests = 20; # retire a child after that many accepts (default 20) > >$child_timeout=5*60; # abort child if it does not complete its processing in > # approximately n seconds (default: 8*60 seconds) > >$smtpd_timeout = 120; # disconnect session if client is idle for too long > # (default: 8*60 seconds); should be higher than a > # Postfix setting max_idle (default 100s) > ># Here is a QUICK WAY to completely DISABLE some sections of code ># that WE DO NOT WANT (it won't even be compiled-in). ># For more refined controls leave the following two lines commented out, ># and see further down what these two lookup lists really mean. ># ># @bypass_virus_checks_maps = (1); # controls running of anti-virus code ># @bypass_spam_checks_maps = (1); # controls running of anti-spam code ># $bypass_decode_parts = 1; # controls running of decoders&dearchivers ># ># Any setting can be changed with a new assignment, so make sure ># you do not unintentionally override these settings further down! > ># Check also the settings of @av_scanners at the end if you want to use ># virus scanners. If not, you may want to delete the whole long assignment ># to the variable @av_scanners and @av_scanners_backup, which will also ># remove the virus checking code (e.g. if you only want to do spam scanning). > > ># Lookup list of local domains (see README.lookups for syntax details) ># ># @local_domains_maps is a list of lookup tables which are used in deciding ># whether a recipient is local or not, or in other words, if the message is ># outgoing or not. This affects inserting spam-related and OS fingerprinting ># header fields for local recipients, editing Subject header field and allowing ># mail body defanging, limiting recipient notifications to local recipients, ># in deciding if address extension may be appended, in matching mail addresses ># to non-fqdn SQL record keys, for proper operation of pen pals feature, ># for selecting statistics counters (distinguishing outgoing from internal- ># to internal mail), and possibly more in future versions. ># Set it up correctly if you need features that rely on this setting. ># ># With Postfix (2.0) a quick hint on what local domains normally are: ># a union of domains specified in: mydestination, virtual_alias_domains, ># virtual_mailbox_domains, and relay_domains. > >@local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains ># @local_domains_maps = (); # default is empty list, no recip. considered local ># @local_domains_maps = # using ACL lookup table ># ( [ ".$mydomain", 'sub.example.net', '.example.com' ] ); ># @local_domains_maps = # similar, split list elements on whitespace ># ( [qw( .example.com !host.sub.example.net .sub.example.net )] ); ># @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using regexp ># @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash ># perhaps combined with Postfix: mydestination = /var/amavis/local_domains ># for debugging purposes: dump_hash($local_domains_maps[0]); ># ># Section II - MTA specific (defaults should be ok) ># > >#$insert_received_line = 1; # behave like MTA: insert 'Received:' header > # (does not apply to sendmail/milter) > # (default is true) > ># AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with amavisd-release, or ># sendmail milter through helper clients like amavis-milter.c and amavis.c) ># option(s) -p overrides $inet_socket_port and $unix_socketname >$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket >#$unix_socketname = undef; # disable listening on a unix socket > # (default is undef, i.e. disabled) > # (usual setting is $MYHOME/amavisd.sock) > ># SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) ># (used when MTA is configured to pass mail to amavisd via SMTP or LMTP) >$inet_socket_port = 10024; # accept SMTP on this local TCP port > # (default is undef, i.e. disabled) ># multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028]; > ># SMTP SERVER (INPUT) access control ># - do not allow free access to the amavisd SMTP port !!! ># ># when MTA is at the same host, use the following (one or the other or both): >#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface > # (default is '127.0.0.1') >@inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP > # (default is qw(127.0.0.1 [::1]) ) > ># when MTA (one or more) is on a different host, use the following: >#@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed >#$inet_socket_bind = undef; # bind to all IP interfaces if undef > ># ># Example1: ># @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 ); ># permit only SMTP access from loopback and rfc1918 private address space ># ># Example2: ># @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0 ># 127.0.0.1 10/8 172.16/12 192.168/16 ); ># matches loopback and rfc1918 private address space except host 192.168.1.12 ># and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches) ># ># Example3: ># @inet_acl = qw( 127/8 ># !172.16.3.0 !172.16.3.127 172.16.3.0/25 ># !172.16.3.128 !172.16.3.255 172.16.3.128/25 ); ># matches loopback and both halves of the 172.16.3/24 C-class, ># split into two subnets, except all four broadcast addresses ># for these subnets > > ># @mynetworks is an IP access list which determines if the original SMTP client ># IP address belongs to our internal networks, i.e. mail is coming from inside. ># It is much like the Postfix parameter 'mynetworks' in semantics and similar ># in syntax, and its value should normally match the Postfix counterpart. ># It only affects the value of a macro %l (=sender-is-local), ># and the loading of policy 'MYNETS' if present (see below). ># Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart) ># must be enabled in the Postfix service that feeds amavisd, otherwise ># client IP address is not available to amavisd-new. ># ># @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 ># 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); # default ># ># A list of networks can also be read from a file, either as an IP acl in ># CIDR notation, one address per line (comments and empty lines are allowed): ># @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks); ># ># or less flexibly (but provides faster lookups for large lists) by reading ># into a hash lookup table, which only allows for full addresses or classful ># IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13, ># one address per line (comments and empty lines are allowed): ># @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks); > ># See README.lookups for details on specifying access control lists. > > ># ># Section III - Logging ># > ># true (e.g. 1) => syslog; false (e.g. 0) => logging to file >$DO_SYSLOG = 1; # (defaults to 0) > >$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis') >$syslog_facility = 'mail'; # Syslog facility as a string > # e.g.: mail, daemon, user, local0, ... local7, ... >$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, > # choose from: emerg, alert, crit, err, warning, notice, info, debug > ># Log file (if not using syslog) >$LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log) > >#NOTE: levels are not strictly observed and are somewhat arbitrary ># 0: startup/exit/failure messages, viruses detected ># 1: args passed from client, some more interesting messages ># 2: virus scanner output, timing ># 3: server, client ># 4: decompose parts ># 5: more debug details >$log_level = 2; # (defaults to 0), -d > ># Customizable template for the most interesting log file entry (e.g. with ># $log_level=0) (take care to properly quote Perl special characters like '\') ># For a list of available macros see README.customize . > ># $log_templ = undef; # undef disables by-message level-0 log entries >$log_recip_templ = undef; # undef disables by-recipient level-0 log entries > > ># log both infected and noninfected messages (as deflt, with size,subj,tests): ># (remove the leading '#' and a space in the following lines to activate) > ># $log_templ = <<'EOD'; ># [?%#D|#|Passed # ># [? [:ccat|major] |OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ ># UNCHECKED|BANNED (%F)|INFECTED (%V)]# ># , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]# ># [? %q ||, quarantine: %q]# ># [? %Q ||, Queue-ID: %Q]# ># [? %m ||, Message-ID: %m]# ># [? %r ||, Resent-Message-ID: %r]# ># , mail_id: %i# ># , Hits: [:SCORE]# ># , size: %z# ># [~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\ ># [remote_mta_smtp_response|[~%x|["queued as ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]# ># [? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject]]]# ># [? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]# ># [? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]# ># [? %#T ||, Tests: \[[%T|,]\]]# ># [:supplementary_info|SCTYPE|, shortcircuit=%%s]# ># [:supplementary_info|AUTOLEARN|, autolearn=%%s]# ># , %y ms# ># ] ># [?%#O|#|Blocked # ># [? [:ccat|major|blocking] |# ># OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\ ># UNCHECKED|BANNED (%F)|INFECTED (%V)]# ># , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]# ># [? %q ||, quarantine: %q]# ># [? %Q ||, Queue-ID: %Q]# ># [? %m ||, Message-ID: %m]# ># [? %r ||, Resent-Message-ID: %r]# ># , mail_id: %i# ># , Hits: [:SCORE]# ># , size: %z# ># #, smtp_resp: [:smtp_response]# ># [? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject]]]# ># [? [:header_field|From] ||, From: [:uquote|[:header_field|From]]]# ># [? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]# ># [? %#T ||, Tests: \[[%T|,]\]]# ># [:supplementary_info|SCTYPE|, shortcircuit=%%s]# ># [:supplementary_info|AUTOLEARN|, autolearn=%%s]# ># , %y ms# ># ] ># EOD > ># ># Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine ># > ># Select notifications text encoding when Unicode-aware Perl is converting ># text from internal character representation to external encoding (charset ># in MIME terminology). Used as argument to Perl Encode::encode subroutine. ># ># to be used in RFC 2047-encoded header field bodies, e.g. in Subject: >#$hdr_encoding = 'iso-8859-1'; # MIME charset (default: 'iso-8859-1') >#$hdr_encoding_qb = 'Q'; # MIME encoding: quoted-printable (default) >#$hdr_encoding_qb = 'B'; # MIME encoding: base64 ># ># to be used in notification body text: its encoding and Content-type.charset >#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1') > ># Default template texts for notifications may be overruled by directly ># assigning new text to template variables, or by reading template text ># from files. A second argument may be specified in a call to read_text(), ># specifying character encoding layer to be used when reading from the ># external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding. ># Text will be converted to internal character representation by Perl 5.8.0 ># or later; second argument is ignored otherwise. See PerlIO::encoding, ># Encode::PerlIO and perluniintro man pages. ># ># $notify_sender_templ = read_text("$MYHOME/notify_sender.txt"); ># $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt"); ># $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt"); ># $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt"); ># $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt"); ># $notify_spam_admin_templ = read_text("$MYHOME/notify_spam_admin.txt"); > ># If notification template files are collectively available in some directory, ># one may call read_l10n_templates which invokes read_text for each known ># template. This is primarily a Debian-specific feature, but was incorporated ># into base code to facilitate porting. ># ># read_l10n_templates('/etc/amavis/en_US'); ># ># If read_l10n_templates is called, a localization template directory must ># contain the following files: ># charset this file should contain a one-line name ># of the character set used in the template ># files (e.g. utf8, iso-8859-2, ...) and is ># passed as the second argument to read_text; ># template-dsn.txt content fills the $notify_sender_templ ># template-virus-sender.txt content fills the $notify_virus_sender_templ ># template-virus-admin.txt content fills the $notify_virus_admin_templ ># template-virus-recipient.txt content fills the $notify_virus_recips_templ ># template-spam-sender.txt content fills the $notify_spam_sender_templ ># template-spam-admin.txt content fills the $notify_spam_admin_templ > ># Here is an overall picture (sequence of events) of how pieces fit together ># ># bypass_virus_checks set for all recipients? ==> PASS ># no viruses? ==> PASS ># log virus if $log_templ is nonempty ># quarantine if $virus_quarantine_to is nonempty ># notify admin if $virus_admin (lookup) nonempty ># notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) ># add address extensions for local recipients (when enabled) ># send (non-)delivery notifications ># to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS)) ># virus_lovers or final_destiny==D_PASS ==> PASS ># DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) ># ># Equivalent flow diagram applies for spam checks. ># If a virus is detected, spam checking is skipped entirely. > ># The following symbolic constants can be used in *_destiny settings: ># ># D_PASS mail will pass to recipients, regardless of bad contents; ># ># D_DISCARD mail will not be delivered to its recipients, sender will NOT be ># notified. Effectively we lose mail (but will be quarantined ># unless disabled). Losing mail is not decent for a mailer, ># but might be desired. ># ># D_BOUNCE mail will not be delivered to its recipients, a non-delivery ># notification (bounce) will be sent to the sender by amavisd-new; ># Exception: bounce (DSN) will not be sent if a virus name matches ># @viruses_that_fake_sender_maps, or to messages from mailing lists ># (Precedence: bulk|list|junk), or for spam level that exceeds ># the $sa_dsn_cutoff_level. ># ># D_REJECT mail will not be delivered to its recipients, sender should ># preferably get a reject, e.g. SMTP permanent reject response ># (e.g. with milter), or non-delivery notification from MTA ># (e.g. Postfix). If this is not possible (e.g. different recipients ># have different tolerances to bad mail contents and not using LMTP) ># amavisd-new sends a bounce by itself (same as D_BOUNCE). ># Not to be used with Postfix or dual-MTA setups! ># ># Notes: ># D_REJECT and D_BOUNCE are similar, the difference is in who is responsible ># for informing the sender about non-delivery, and how informative ># the notification can be (amavisd-new knows more than MTA); ># With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status ># notification, colloquially called 'bounce') - depending on MTA; ># Best suited for sendmail milter and Courier, especially for spam. ># With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the ># reason for mail non-delivery or even suppress DSN, but unable ># to reject the original SMTP session). Best suited to reporting ># viruses, and for Postfix and other dual-MTA setups, which can't ># reject original client SMTP session, as the mail has already ># been enqueued. > ># Alternatives to consider for spam: ># - use D_PASS if clients will do filtering based on inserted ># mail headers or added address extensions ('plus-addressing'); ># - use D_DISCARD, if kill_level is set comfortably high; ># ># D_BOUNCE is preferred for viruses, but consider: ># - use D_PASS (or virus_lovers) to deliver viruses; ># - use D_REJECT instead of D_BOUNCE if using Courier or milter and under heavy ># virus storm; > > ># The use of new *_by_ccat hashes is illustrated by the following examples ># on configuring final_*_destiny. > > ># using traditional settings of $final_*_destiny variables, relying on a ># default setting of an associative array %final_destiny_by_ccat which is ># backwards compatible and contains references to these traditional variables: ># >#$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD) >#$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) >#$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE) >#$final_bad_header_destiny = D_PASS; # (defaults to D_PASS) > >######## ># ># Please think about what you are doing when you set these options. ># If necessary, question your origanization's e-mail policies: ># ># D_BOUNCE contributes to the overall spread of virii and spam on the ># internet. Both the envelope and header from addresses can be forged ># accurately with no effort, causing the bounces to go to innocent parties, ># whose addresses have been forged. ># ># D_DISCARD breaks internet mail specifications. However, with a ># properly implemented Quaratine system, the concern for breaking the ># specification is addressed to some extent. ># ># D_PASS is the safest way to handle e-mails. You must implement ># client-side filtering to handle this method. ># ># -Cory Visi <merlin@gentoo.org> 07/28/04 ># >####### > ># to explicitly list all (or most) possible contents category (ccat) keys: >%final_destiny_by_ccat = ( > CC_VIRUS, D_DISCARD, > CC_BANNED, D_BOUNCE, > CC_UNCHECKED, D_PASS, > CC_SPAM, D_DISCARD, > CC_BADH, D_PASS, > CC_OVERSIZED, D_BOUNCE, > CC_CLEAN, D_PASS, > CC_CATCHALL, D_PASS, >); > ># to rely on a catchall ccat key and only list exceptions (alternative 1): >#%final_destiny_by_ccat = ( ># CC_VIRUS, D_DISCARD, ># CC_BANNED, D_BOUNCE, ># CC_SPAM, D_BOUNCE, ># CC_BADH.',4', D_BOUNCE, # BadHdrSpace ># CC_BADH.',3', D_BOUNCE, # BadHdrChar ># CC_OVERSIZED, D_BOUNCE, ># CC_CATCHALL, D_PASS, >#); > ># to rely on a catchall ccat key and list exceptions (alternative 2): >#%final_destiny_by_ccat = ( ># CC_VIRUS, D_DISCARD, ># CC_UNCHECKED, D_PASS, ># CC_BADH.',6', D_PASS, # BadHdrSyntax ># CC_BADH.',5', D_PASS, # BadHdrLong ># CC_BADH.',2', D_PASS, # BadHdr8bit ># CC_BADH.',1', D_PASS, # BadHdrMime ># CC_CLEAN, D_PASS, ># CC_CATCHALL, D_BOUNCE, >#); > ># to rely on a catchall ccat key and list exceptions (alternative 3): >#%final_destiny_by_ccat = ( ># CC_VIRUS, D_DISCARD, ># CC_UNCHECKED, D_PASS, ># CC_BADH.',4', D_BOUNCE, # BadHdrSpace ># CC_BADH.',3', D_BOUNCE, # BadHdrChar ># CC_BADH, D_PASS, # sub-catchall for CC_BADH ># CC_CLEAN, D_PASS, ># CC_CATCHALL, D_BOUNCE, >#); > ># to rely on a default %final_destiny_by_ccat and only change few settings: >#$final_destiny_by_ccat{+CC_SPAM} = D_PASS; >#$final_destiny_by_ccat{+CC_BADH} = D_BOUNCE; >#$final_destiny_by_ccat{+CC_BADH.',2'} = D_PASS; # BadHdr8bit > > > ># For monitoring / testing purposes let the administrator receive a copy ># of certain delivery status notifications that are mailed back to senders: ># >#%dsn_bcc_by_ccat = ( ># CC_BANNED, undef, ># CC_SPAM, undef, ># CC_BADH, undef, ># CC_CATCHALL, 'admin+test@example.com', >#); ># ># or use a simpler form, taking advantage of defaults in %dsn_bcc_by_ccat: >#$dsn_bcc = 'admin+test@example.com'; > > ># The following $warn*sender settings are ONLY used when mail is ># actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*). ># Bounces or rejects produce non-delivery status notification regardless. ># ># Notify sender of syntactically invalid header containing non-ASCII chars? >#$warnbadhsender = 1; # (defaults to false (undef)) > ># Notify virus (or banned files or bad headers) RECIPIENT? ># (not very useful, but some policies demand it) >#$warnvirusrecip = 1; # (defaults to false (undef)) >#$warnbannedrecip = 1; # (defaults to false (undef)) >#$warnbadhrecip = 1; # (defaults to false (undef)) > ># Notify also non-local virus/banned recipients if $warn*recip is true? ># (including those not matching local_domains*) >#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals) > > ># Treat envelope sender address as unreliable and don't send sender ># notification / bounces if name(s) of detected virus(es) match the list. ># Note that virus names are supplied by external virus scanner(s) and are ># not standardized, so virus names may need to be adjusted. ># See README.lookups for syntax, check also README.policy-on-notifications. ># If the intention is to treat all viruses as faking the sender address, it ># is equivalent but more efficient to just set $final_virus_destiny=D_DISCARD; ># >@viruses_that_fake_sender_maps = (new_RE( > qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i, > qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i, > qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i, > qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i, > qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan > qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc ># [qr'^(EICAR|Joke\.|Junk\.)'i => 0], ># [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0], > [qr/^/ => 1], # true by default (remove or comment-out if undesired) >)); > ># where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address) ># - the administrator envelope address may be a simple fixed e-mail address ># (a scalar), or may depend on the RECIPIENT address (e.g. its domain). ># ># Empty or undef lookup disables virus admin notifications. > ># The full set of configurable administrator addresses is: ># @virus_admin_maps ... notifications to admin about viruses ># @newvirus_admin_maps ... newly encountered viruses since amavisd startup ># @spam_admin_maps ... notifications to admin about spam ># @banned_admin_maps ... notifications to admin about banned contents ># @bad_header_admin_maps ... notifications to admin about bad headers > >$virus_admin = "virusalert\@$mydomain"; ># $virus_admin = 'virus-admin@example.com'; ># $virus_admin = undef; # do not send virus admin notifications (default) ># >#@virus_admin_maps = ( # by-recipient maps ># {'not.example.com' => '', ># '.' => 'virusalert@example.com'}, ># $virus_admin, # the usual default >#); > ># equivalent to $virus_admin, but for spam admin notifications: ># $spam_admin = "spamalert\@$mydomain"; ># $spam_admin = undef; # do not send spam admin notifications (default) >#@spam_admin_maps = ( # by-recipient maps ># {'not.example.com' => '', ># '.' => 'spamalert@example.com'}, ># $spam_admin, # the usual default >#); > ># receive a copy of all delivery status notifications sent; ># useful for testing or monitoring >#$dsn_bcc = "mailadmin\@$mydomain"; > >#advanced example, using a hash lookup table and a scalar default, >#lookup key is a recipient envelope address: >#@virus_admin_maps = ( # by-recipient maps ># { 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com', ># '.sub1.example.com' => 'virusalert@sub1.example.com', ># '.sub2.example.com' => '', # don't send admin notifications ># 'a.sub3.example.com' => 'abuse@sub3.example.com', ># '.sub3.example.com' => 'virusalert@sub3.example.com', ># '.example.com' => 'noc@example.com', # default for our virus senders ># }, ># 'virusalert@hq.example.com', # catchall for the rest >#); > ># sender envelope address, from which notification reports are sent from; ># may be a null reverse path, or a fully qualified address: ># (admin and recip sender addresses default to a null return path). ># If using strings in double quotes, don't forget to quote @, i.e. \@ ># >$mailfrom_notify_admin = "virusalert\@$mydomain"; >$mailfrom_notify_recip = "virusalert\@$mydomain"; >$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; > ># 'From' HEADER FIELD for sender and admin notifications. ># This should be a replyable address, see rfc1894. Not to be confused ># with $mailfrom_notify_sender, which is the envelope return address ># and can be empty (null reverse path) according to rfc2821. ># ># The syntax of the 'From' header field is specified in rfc2822, section ># '3.4. Address Specification'. Note in particular that display-name must be ># a quoted-string if it contains any special characters like spaces and dots. ># ># $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>"; ># $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>'; ># $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>'; ># $hdrfrom_notify_admin = $mailfrom_notify_admin; ># $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin; ># (default: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>") > ># whom quarantined messages appear to be sent from (envelope sender); ># keeps original sender if undef, or set it explicitly, default is undef >$mailfrom_to_quarantine = ''; # override sender address with null return path > > ># Location to put infected mail into: (applies to 'local:' quarantine method) ># empty for not quarantining, may be a file (Unix-style mailbox), ># or a directory (no trailing slash) ># (the default value is undef, meaning no quarantine) ># >$QUARANTINEDIR = "$MYHOME/quarantine"; > >#$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine > >#$clean_quarantine_method = 'local:clean-%m'; # disabled by default >#$virus_quarantine_method = 'local:virus-%m'; # default >#$spam_quarantine_method = 'local:spam-%m.gz'; # default >#$banned_files_quarantine_method = 'local:banned-%m'; # default >#$bad_header_quarantine_method = 'local:badh-%m'; # default > ># Separate quarantine subdirectories virus, spam, banned and badh within ># the directory $QUARANTINEDIR may be specified by the following settings ># (the subdirectories need to exist - must be created manually): >#$clean_quarantine_method = 'local:clean/%m'; >#$virus_quarantine_method = 'local:virus/%m'; >#$spam_quarantine_method = 'local:spam/%m.gz'; >#$banned_files_quarantine_method = 'local:banned/%m'; >#$bad_header_quarantine_method = 'local:badh/%m'; ># >#use the 'bsmtp:' method as an alternative to the default 'local:' >#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp"; >#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp"; ># >#using the 'pipe:' method might be useful for some special purpose: >#$mailfrom_to_quarantine = undef; # pass on the original sender address >#$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b ${sender}'; ># >#using the 'sql:' method to store quarantined message to a SQL database: >#$virus_quarantine_method = $spam_quarantine_method = ># $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:'; > ># Send copy of every mail to an archival mail address: >#$archive_quarantine_method = $notify_method; >#@archive_quarantine_to_maps = ( 'collector@example.com' ); > > ># When using the 'local:' quarantine method (default), the following applies: ># ># A finer control of quarantining is available through ># variables $virus_quarantine_method/$spam_quarantine_method/ ># $banned_files_quarantine_method/$bad_header_quarantine_method. ># ># The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a ># per-recipient lookup result from lookup tables @virus_quarantine_to_maps) ># is/are interpreted as follows: ># ># VARIANT 1: ># empty or undef disables quarantine; ># ># VARIANT 2: ># a string NOT containing an '@'; ># amavisd will behave as a local delivery agent (LDA) and will quarantine ># viruses to local files according to hash %local_delivery_aliases (pseudo ># aliases map) - see subroutine mail_to_local_mailbox() for details. ># Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'. ># Setting $virus_quarantine_to ($spam_quarantine_to) to this string will: ># ># * if $QUARANTINEDIR is a directory, each quarantined virus will go ># to a separate file in the $QUARANTINEDIR directory (traditional ># amavis style, similar to maildir mailbox format); ># ># * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style ># mailbox. All quarantined messages will be appended to this file. ># Amavisd child process must obtain an exclusive lock on the file during ># delivery, so this may be less efficient than using individual files ># or forwarding to MTA, and it may not work across NFS or other non-local ># file systems (but may be handy for pickup of quarantined files via IMAP ># for example); ># ># VARIANT 3: ># any email address (must contain '@'). ># The e-mail messages to be quarantined will be handed to MTA ># for delivery to the specified address. If a recipient address local to MTA ># is desired, you may leave the domain part empty, e.g. 'infected@', but the ># '@' character must nevertheless be included to distinguish it from variant 2. ># ># This variant enables more refined delivery control made available by MTA ># (e.g. its aliases file, other local delivery agents, dealing with ># privileges and file locking when delivering to user's mailbox, nonlocal ># delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined ># will not be handed back to amavisd for checking, as this will cause a loop ># (hopefully broken at some stage)! If this can be assured, notifications ># will benefit too from not being unnecessarily virus-scanned. ># ># By default this is safe to do with Postfix and Exim v4 and dual-sendmail ># setup, but probably not safe with sendmail milter interface without tricks. > ># (default values are: virus-quarantine, banned-quarantine, spam-quarantine) > >$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine >#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery >#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar >#$virus_quarantine_to = 'virus-quarantine@example.com'; # similar >#$virus_quarantine_to = undef; # no quarantine ># ># lookup key is envelope recipient address: >#@virus_quarantine_to_maps = ( # per-recip multiple quarantines ># new_RE( [qr'^user@example\.com$'i => 'infected@'], ># [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'], ># [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'] ), ># $virus_quarantine_to, # the usual default >#); > ># similar for banned names and bad headers and spam (set to undef to disable) >$banned_quarantine_to = 'banned-quarantine'; # local quarantine >$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine >$spam_quarantine_to = 'spam-quarantine'; # local quarantine > ># or to a mailbox: >#$spam_quarantine_to = "spam-quarantine\@$mydomain"; ># >#@spam_quarantine_to_maps = ( # per-recip quarantines ># new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ), ># $spam_quarantine_to, # the usual default >#); > > ># In addition to per-recip quarantine, a by-sender lookup is possible. ># It is similar to $spam_quarantine_to, but the lookup key is the ># envelope sender address: >#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam quarantine > > ># Spam level beyond which quarantining is disabled (global value): >#$sa_quarantine_cutoff_level = 20; # dflt: undef, which disables this feature > >#@spam_quarantine_cutoff_level_maps = ( # per-recip. quarantine cutoff levels ># { 'user1@example.com' => 20.5, ># 'postmaster@example.com' => 9999, ># '.example.com' => 25 }, ># \$sa_quarantine_cutoff_level, # catchall default >#); > > ># Add X-Virus-Scanned header field to mail? >$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned') > ># Set to empty to add no header field # (dflt "$myproduct_name at $mydomain") ># $X_HEADER_LINE = "$myproduct_name at $mydomain"; ># $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain"; ># $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at $mydomain"; > ># a string to prepend to Subject (for local recipients only) if mail could ># not be decoded or checked entirely, e.g. due to password-protected archives >$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it > ># MIME defanging wraps the entire original mail in a MIME container of type ># 'Content-type: multipart/mixed', where the first part is a text/plain with ># a short explanation, and the second part is a complete original mail, ># enclosed in a 'Content-type: message/rfc822' MIME part. ># Defanging is only done when enabled (selectively by malware type), ># and mail is considered malware (virus/spam/...), and the malware is allowed ># to pass (*_lovers or *_destiny=D_PASS) ># >$defang_virus = 1; # default is false: don't modify mail body >$defang_banned = 1; # default is false: don't modify mail body ># $defang_bad_header = 1; # default is false: don't modify mail body ># $defang_undecipherable = 1; # default is false: don't modify mail body ># $defang_spam = 1; # default is false: don't modify mail body > ># NOTE: setting the following variables to true may break mail signatures ># (DKIM and DomainKeys) when verification is done after content filtering: ># $remove_existing_x_scanned_headers, $remove_existing_x_scanned_headers, ># and $allow_fixing_improper_header_folding (and defanging, described ># elsewhere). This is rarely an issue, as mail signing should be done ># after content filtering, and mail verification should preferably be done ># before filtering or by SpamAssassin called from within amavisd, which ># sees still-unmodified mail. ># >$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone > # (defaults to false) >#$remove_existing_x_scanned_headers= 1; # remove existing X-Virus-Scanned >#$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone >$remove_existing_spam_headers = 1; # remove existing spam headers if > # spam scanning is enabled (default) >#$allow_fixing_improper_header_folding = 1; # (default is true) > ># set $bypass_decode_parts to true if you only do spam scanning, or if you ># have a good virus scanner that can deal with compression and recursively ># unpacking archives by itself, and save amavisd the trouble. ># Disabling decoding also causes banned_files checking NOT to see MIME types ># and content classification types as provided by the file(1) utility. ># It is a double-edged sword, make sure you know what you are doing! ># >#$bypass_decode_parts = 1; # (defaults to false) > ># don't trust this file type or corresponding unpacker for this file type, ># keep both the original and the unpacked file for a virus checker to see ># (lookup key is what file(1) utility returned): ># >@keep_decoded_original_maps = (new_RE( > qr'^MAIL$', # retain full original message for virus checking > qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains undecipherables > qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, ># qr'^Zip archive data', # don't trust Archive::Zip >)); > > ># Checking for banned MIME types and names. If any mail part matches, ># the whole mail is rejected. Object $banned_filename_re provides a list ># of Perl regular expressions to be matched against each part's: ># ># * Content-Type value (both declared and effective mime-type), ># such as the possible security-risk content types ># 'message/partial' and 'message/external-body', as specified in rfc2046 ># or 'application/x-msdownload' and 'application/x-msdos-program'; ># ># * declared (recommended) file names as specified by MIME subfields ># Content-Disposition.filename and Content-Type.name, both in their ># raw (encoded) form and in rfc2047-decoded form if applicable ># as well as (recommended) file names specified in archives; ># ># * file content type as guessed by 'file(1)' utility, mapped ># (by @map_full_type_to_short_type_maps) into short type names such as ># .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always ># starts with a dot. These short types are available unless ># $bypass_decode_parts is true. ># ># All nodes (mail parts) of the fully recursively decoded mail and embedded ># archives are checked, each node independently from remaining nodes. ># ># For each node all its ancestor nodes including itself are checked against ># $banned_filename_re lookup list, top-down. The search for a node stops ># at the first match, the right-hand side of the matching key determines ># the result (true or false, absent right-hand side implies true, as explained ># in README.lookups). ># ># Although repeatedly re-checking ancestor nodes may seem excessive, it gives ># the opportunity to specify rules which make a particular node hide its ># descendents, e.g. allow any name or file type within a .zip, even though ># .exe files may otherwise not be allowed. ># ># Leave $banned_filename_re undefined to disable these checks ># (giving an empty list to new_RE() will also always return false) > ># for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample > >$banned_filename_re = new_RE( > >### BLOCKED ANYWHERE ># qr'^UNDECIPHERABLE$', # is or contains any undecipherable components > qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary ># qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types > >### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: ># [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 > [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives > > qr'.\.(pif|scr)$'i, # banned extensions - rudimentary ># qr'^\.zip$', # block zip type > >### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: ># [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives > > qr'^application/x-msdownload$'i, # block these MIME types > qr'^application/x-msdos-program$'i, > qr'^application/hta$'i, > ># qr'^message/partial$'i, # rfc2046 MIME type ># qr'^message/external-body$'i, # rfc2046 MIME type > ># qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type ># qr'^\.wmf$', # Windows Metafile file(1) type > > # block certain double extensions in filenames > qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, > ># qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict ># qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose > > qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic ># qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd ># qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| ># inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| ># ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| ># wmf|wsc|wsf|wsh)$'ix, # banned ext - long ># qr'.\.(ani|cur|ico)$'i, # banned cursors and icons filename ># qr'^\.ani$', # banned animated cursor file(1) type > ># qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. >); ># See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 ># and http://www.cknow.com/vtutor/vtextensions.htm > ># A little trick: a pattern qr'\.exe$' matches both a short type name '.exe', ># as well as any file name which happens to end with .exe. If only matching ># a file name is desired, but not the short type, a pattern qr'.\.exe$'i ># or similar may be used, which requires that at least one character precedes ># the '.exe', and so it will never match short file types which always start ># with a dot. > > ># the syntax of these Perl regular expressions is a bit awkward if not ># familiar with them, so please do follow examples and stick to the idioms: ># \A ... at the beginning of the first component ># \z ... at the end of the the last (leaf) component ># ^ ... at the beginning of each component in the path ># $ ... at the end of each component in the path ># (.*\t)? ... at the beginning of a field ># (\t.*)? ... at the end of a field ># \t(.*\t)* ... separating fields ># [^\t\n] ... any single character, but don't escape from this field ># (.*\n)+ ... one or more levels down ># (?#...) ... a comment within a regexp > ># new-style of banned lookup table >$banned_namepath_re = new_RE( > >### BLOCKED ANYWHERE > > qr'(?# BLOCK Microsoft EXECUTABLES and DLL ) > ^ (.*\t)? T=(exe-ms|dll) (\t.*)? $'xm, # banned file(1) types, rudimentary > ># qr'(?# BLOCK ANY EXECUTABLE ) ># ^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type > ># qr'(?# BLOCK THESE TYPES ) ># ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm, # banned file(1) types > > >### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: > ># # within traditional gzip and bzip2 allow any name and type ># [ qr'(?#rule-3) ^ (.*\t)? T=(gz|bz2) (\t.*)? $'xmi => 0 ], # allow > > # within traditional Unix archives allow any name and type > [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ], # allow > > # banned filename extensions (in declared names) anywhere - rudimentary > qr'(?# BLOCK COMMON NAME EXENSIONS ) > ^ (.*\t)? N= [^\t\n]* \. (pif|scr) (\t.*)? $'xmi, > ># # block anything within a zip ># qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi, > > >### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES OR CRYPTED: > ># # within PC archives allow any types or names at any depth ># [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 ], # ok > ># # within certain archives allow leaf members at any depth if crypted ># [ qr'(?# ALLOW ENCRYPTED ) ># ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], > ># # allow crypted leaf members regardless of their name or type ># [ qr'(?# ALLOW IF ENCRYPTED ) ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ], > > # block these MIME types > qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi, > qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi, > qr'(?#NO HTA) ^(.*\t)? M=application/hta (\t.*)? $'xmi, > ># # block rfc2046 MIME types ># qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial (\t.*)? $'xmi, ># qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi, > ># qr'(?#No Metafile MIME) ^(.*\t)? M=application/x-msmetafile (\t.*)? $'xmi, ># qr'(?#No Metafile MIME) ^(.*\t)? M=image/x-wmf (\t.*)? $'xmi, ># qr'(?#No Metafile file) ^(.*\t)? T=wmf (\t.*)? $'xm, ># qr'(?#No animated cursors) ^(.*\t)? T=ani (\t.*)? $'xm, > > # block certain double extensions in filenames > qr'(?# BLOCK DOUBLE-EXTENSIONS ) > ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \. \ * > (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) [. ]* (\t.*)? $'xmi, > > [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM ) > ^ (.*\t)? M=application/(octet-stream|x-msdownload|x-msdos-program) > \t(.*\t)* T=empty (\t.*)? $'xmi > => 'DISCARD' ], > ># [ qr'(?# BLOCK EMPTY MIME PARTS ) ># ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ], > ># # block Class ID (CLSID) extensions in filenames, strict ># qr'(?# BLOCK CLSID-EXTENSIONS ) ># ^ (.*\t)? N= [^\t\n]* \{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}? ># [^\t\n]* (\t.*)? $'xmi, > ># # banned suggested names with three or more consecutive spaces ># qr'(?# BLOCK NAMES WITH SPACES ) ># ^ (.*\t)? N= [^\t\n]* [ ]{3,} 'xmi, > ># # block if any component can not be decoded (is encrypted or bad archive) ># qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi, > ># [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES) ># \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2) ># \t(.*\t)* N=example\d+[^\t\n]* ># (\t.*)? $'xmi => 0 ], > > # banned filename extensions (in suggested names) anywhere - basic > qr'(?# BLOCK COMMON NAME EXENSIONS ) > ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl) (\t.*)? $'xmi, > ># # banned filename extensions (in suggested names) anywhere - basic+cmd ># qr'(?# BLOCK COMMON NAME EXENSIONS ) ># ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|cpl|bat|cmd|com) (\t.*)? $'xmi, > ># # banned filename extensions (in suggested names) anywhere - long ># qr'(?# BLOCK MORE NAME EXTENSIONS ) ># ^ (.*\t)? N= [^\t\n]* \. ( ># ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| ># inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| ># ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| ># wmf|wsc|wsf|wsh) (\t.*)? $'xmi, > ># qr'(?# BLOCK CURSOR AND ICON NAME EXENSIONS ) ># ^ (.*\t)? N= [^\t\n]* \. (ani|cur|ico) (\t.*)? $'xmi, > ># # banned filename extensions anywhere - WinZip vulnerability (pre-V9) ># qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS ) ># ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi, > >); > ># use old or new style of banned lookup table; not both to avoid confusion ># ># @banned_filename_maps = (); # to disable old-style > $banned_namepath_re = undef; # to disable new-style > > >%banned_rules = ( > 'MYNETS-DEFAULT' => new_RE( # permissive set of rules for internal hosts > [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any name/type in Unix archives > qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary > ), > 'DEFAULT' => $banned_filename_re, >); > > ># ># Section V - Per-recipient and per-sender handling, whitelisting, etc. ># > ># @virus_lovers_maps list of lookup tables: ># (this should be considered a policy option, is does not disable checks, ># see bypass*checks for that!) ># ># Exclude certain RECIPIENTS from virus filtering by adding their (lower-cased) ># envelope e-mail address (or domain only) to one of the lookup tables in ># the @virus_lovers_maps list - see README.lookups and examples. ># Make sure the appropriate form (e.g. external/internal) of address ># is used in case of virtual domains, or when mapping external to internal ># addresses, etc. - this is MTA-specific. ># ># Notifications would still be generated however (see the overall ># picture above), and infected mail (if passed) gets additional header: ># X-AMaViS-Alert: INFECTED, message contains virus: ... ># (header not inserted with Courier or milter interface!) ># ># Setting $final_*_destiny=D_PASS is functionally equivalent to having ># all recipients match the @*_lovers_maps. ># ># NOTE (milter interface only): in case of multiple recipients, ># it is only possible to drop or accept the message in its entirety - for all ># recipients. If all of them are virus lovers, we'll accept mail, but if ># at least one recipient is not a virus lover, we'll discard the message. > > ># @bypass_virus_checks_maps list of lookup tables: ># (this is mainly a time-saving option, unlike virus_lovers* !) ># ># Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps ># is used to skip entirely the decoding, unpacking and virus checking, ># but only if ALL recipients match the lookup. ># ># @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be checked ># for viruses - this may still happen when there is more than one recipient ># for a message and not all of them match these lookup tables, or when ># check result was cached (i.e. the same contents was recently sent to other ># recipients). To guarantee virus delivery, a recipient must also match ># @virus_lovers_maps lookups (but see milter limitations above), ># ># The following table summarizes the possible combinations: ># bypass lover ># 0 0 useful, check for malware and block it ># 0 1 useful, check but deliver nevertheless, possibly tagged ># 1 0 not too useful, free riding on cached or other-people's checks ># 1 1 useful, no checks if possible, and no effects > ># NOTE: it would not be clever to base enabling of virus checks on SENDER ># address, since there are no guarantees that it is genuine. Many viruses ># and spam messages fake sender address. To achieve selective filtering ># based on the source of the mail (e.g. IP address, MTA port number, ...), ># use mechanisms provided by MTA if available, possibly combined with policy ># banks feature. > ># Similar to lists of lookup tables controlling virus checking, there are ># counterparts for spam scanning, banned names/types, and headers_checks ># control: ># @spam_lovers_maps, ># @banned_files_lovers_maps, ># @bad_header_lovers_maps ># and: ># @bypass_spam_checks_maps, ># @bypass_banned_checks_maps, ># @bypass_header_checks_maps > ># Example: ># @bypass_header_checks_maps = ( [qw( user@example.com )] ); ># @bad_header_lovers_maps = ( [qw( user@example.com )] ); > ># The following example disables spam checking altogether, ># since it matches any recipient e-mail address. ># @bypass_spam_checks_maps = (1); > > ># See README.lookups for further detail, and examples below. > ># In the following example a list of lookup tables @virus_lovers_maps ># contains three elements, the first is a reference to an ACL lookup table ># (brackets in Perl indicate a ref to a list), the second is a reference ># to a hash lookup table (curly braces in Perl indicate a ref to a hash), ># the third is a regexp lookup table, indicated by the type of object ># created by new_RE() : ># >#@virus_lovers_maps = ( ># [ qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ) ], ># { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation ># 'postmaster@example.com'=> 1, # in single quotes the '@' need not be quoted ># 'abuse@example.com'=> 1, ># 'some.user@' => 1, # this recipient, regardless of domain ># 'boss@example.com' => 0, # never, even if domain matches ># 'example.com' => 1, # this domain, but not its subdomains ># '.example.com' => 1, # this domain, including its subdomains ># }, ># new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ), >#); > >#@spam_lovers_maps = ( ># ["postmaster\@$mydomain", 'postmaster@example.com', 'abuse@example.com'], >#); > >#@bad_header_lovers_maps = ( ># ["postmaster\@", "abuse\@$mydomain"], >#); > > ># as an alternative to fiddling with @_lovers_maps and similar _maps, here ># is an illustration of using a more general *_by_ccat associative array, ># introduced with 2.4.0, like %lovers_maps_by_ccat in this example: ># >#$lovers_maps_by_ccat{+CC_SPAM} = [ ># read_hash("$MYHOME/etc/spam_lovers.txt"), ># [qw(postmaster@example.com abuse@example.com)], >#]; ># >#$lovers_maps_by_ccat{+CC_BANNED} = [ ># { map {lc $_ => 1} # construct a hash lookup table from a list ># qw(user1@example.com user2.example.com) ># }, >#]; > > ># to save some typing of quotes and commas, a Perl operator qw can be used ># to split its argument on whitespace and to quote resulting elements: >#@bypass_spam_checks_maps = ( ># [ qw( some.ddd !butnot.example.com .example.com ) ], >#); > > ># don't run spam check for these RECIPIENT domains: ># @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] ); ># or the other way around (bypass check for all BUT these): ># @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] ); ># a practical application: don't check outgoing mail for spam: ># @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] ); ># or calculated (negated) from the %local_domains: ># @bypass_spam_checks_maps = ># ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1); ># (a downside of which is that such mail will not count as ham in SA bayes db) ># ># Note that 'outgoing' is not the same as 'originating from inside'. We refer ># to 'outgoing' here as 'mail addressed to recipients outside our domain(s)'. ># The internal-to-internal mail is not outgoing, but is still originating from ># inside. To base rules on 'originating from inside', the use of a policy bank ># with 'originating => 1' is needed (such as MYNETS), in conjunction with ># XFORWARD Postfix extension to SMTP. > ># Where to find SQL server(s) and database to support SQL lookups? ># A list of triples: (dsn,user,passw). (dsn = data source name) ># More than one entry may be specified for multiple (backup) SQL servers. ># See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details. ># When chroot-ed, accessing SQL server over inet socket may be more convenient. ># ># @lookup_sql_dsn = ># ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], ># ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], ># ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); ># @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database ># ># ('mail' in the example is the database name, choose what you like) ># With PostgreSQL the dsn (first element of the triple) may look like: ># 'DBI:Pg:dbname=mail;host=host1' > ># The SQL select clause to fetch per-recipient policy settings. ># The %k will be replaced by a comma-separated list of query addresses ># for a recipient (e.g. a full address, domain only, catchall), %a will be ># replaced by an exact recipient address (same as the first entry in %k, ># suitable for pattern matching). Use ORDER, if there is a chance that ># multiple records will match - the first match wins (i.e. the first ># returned record). If field names are not unique (e.g. 'id'), the later ># field overwrites the earlier in a hash returned by lookup, which is why ># we use 'users.*, policy.*, users.id', i.e. the id is repeated at the end. ># This is a legacy variable for upwards compatibility, now only referenced ># by the program through a %sql_clause entry 'sel_policy' - newer config ># files may assign directly to $sql_clause{'sel_policy'} if preferred. ># No need to uncomment the following assignment if the default is ok. ># $sql_select_policy = 'SELECT *,users.id FROM users,policy'. ># ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'. ># ' ORDER BY users.priority DESC'; ># ># The SQL select clause to check sender in per-recipient whitelist/blacklist. ># The first SELECT argument '?' will be users.id from recipient SQL lookup, ># the %k will be a sender addresses (e.g. a full address, a domain only, a ># catchall), the %a will be an exact sender address (same as the first entry ># in %k). Only the first occurrence of '?' will be replaced by users.id, ># subsequent occurrences of '?' will see empty string as an argument. ># There can be zero or more occurrences of %k or %a, lookup keys will be ># replicated accordingly. This is a separate legacy variable for upwards ># compatibility, now only referenced by the program through %sql_clause ># entry 'sel_wblist' - newer config files may assign directly to ># $sql_clause{'sel_wblist'} if preferred. The default value is: ># $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'. ># ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'. ># ' AND (mailaddr.email IN (%k))'. ># ' ORDER BY mailaddr.priority DESC'; ># ># To disable SQL white/black list, set to undef (otherwise comment-out ># the following statement, leaving it at the default value): >$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting > ># Controls the format of timestamps in the field msgs.time_iso: ># $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; ># defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) > ># Does a database mail address field with no '@' character represent a ># local username or a domain name? By default it implies a username in ># SQL and LDAP lookups (but represents a domain in hash and acl lookups), ># so domain names in SQL and LDAP should be specified as '@domain'. ># Setting these to true will cause 'xxx' to be interpreted as a domain ># name, just like in hash or acl lookups. ># ># $sql_lookups_no_at_means_domain = 0; # default is 0 ># $ldap_lookups_no_at_means_domain = 0; # default is 0 > ># Here is an example of a SELECT clause that fabricates an artificial 'users' ># table from actual table 'postfix_domains' containing a field 'domain_name'. ># The effect is that domains listed in the 'postfix_domains' table will be ># treated as local by amavisd, and be given settings from a policy id 99 ># if such a policy id exists, or just fall back to static lookups. ># The user.id (with a value 1) is there only to provide a user id (same id ># for all listed domains) when global SQL-based white/blacklisting is used. ># ># $sql_lookups_no_at_means_domain = 1; ># $sql_select_policy = ># 'SELECT *, user.id'. ># ' FROM (SELECT 1 as id, 99 as policy_id, "Y" AS local'. ># ' FROM postfix_domains WHERE domain_name IN (%k)) AS user'. ># ' LEFT JOIN policy ON policy_id=policy.id'; > ># If passing malware to certain recipients ($final_*_destiny=D_PASS or ># *_lovers), the recipient-based lookup tables @addr_extension_*_maps may ># return a string, which (if nonempty) will be added as an address extension ># to the local-part of the recipient's address. This extension may be used ># by the final local delivery agent (LDA) to place such mail into different ># subfolders (the extension is usually interpreted as a folder name). ># This is sometimes known as the 'plus addressing'. Appending address ># extensions is prevented when: ># - recipient does not match lookup tables @local_domains_maps; ># - lookup into corresponding @addr_extension_*_maps results ># in an empty string or undef; ># - $recipient_delimiter is empty (see below) ># LDAs usually default to stripping away address extension if no special ># handling is specified or if a named subfolder or alias does not exist, ># so adding address extensions normally does no harm. > ># @addr_extension_virus_maps = ('virus'); # defaults to empty ># @addr_extension_spam_maps = ('spam'); # defaults to empty ># @addr_extension_banned_maps = ('banned'); # defaults to empty ># @addr_extension_bad_header_maps = ('badh'); # defaults to empty ># ># A more complex example: ># @addr_extension_virus_maps = ( ># {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' ); > ># Delimiter between local part of the envelope recipient address and address ># extension (which can optionally be added, see @addr_extension_*_maps. E.g. ># recipient address <user@example.com> is changed to <user+virus@example.com>. ># ># Delimiter must match the equivalent (final) MTA delimiter setting. ># (e.g. for Postfix add 'recipient_delimiter = +' to main.cf) ># Setting it to an empty string or to undef disables adding extensions ># regardless of $addr_extension_*_maps. > ># $recipient_delimiter = '+'; # (default is undef, i.e. disabled) > ># true: replace extension; false: append extension ># $replace_existing_extension = 1; # (default is true) > ># Affects matching of localpart of e-mail addresses (left of '@') ># in lookups: true = case sensitive, false = case insensitive >$localpart_is_case_sensitive = 0; # (default is false) > > ># ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING > ># Instead of hard black- or whitelisting, a softer approach is to add ># score points (penalties) to the SA score for mail from certain senders. ># Positive points lean towards blacklisting, negative towards whitelisting. ># This is much like adding SA rules or using its white/blacklisting, except ># that here only envelope sender addresses are considered (not addresses ># in a mail header), and that score points can be assigned per-recipient ># (or globally), and the assigned penalties are customarily much lower ># than the default SA white/blacklisting score. ># ># The table structure is similar to $per_recip_blacklist_sender_lookup_tables ># i.e. the first level key is recipient, pointing to by-sender lookup tables. ># The essential difference is that scores from _all_ matching by-recipient ># lookups (not just the first that matches) are summed to give the final ># score boost. That means that both the site and domain administrators, ># as well as the recipient can have a say on the final score. ># ># NOTE: keep hash keys in lowercase, either manually or by using function lc > >@score_sender_maps = ({ # a by-recipient hash lookup table > ># # per-recipient personal tables (NOTE: positive: black, negative: white) ># 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], ># 'user3@example.com' => [{'.ebay.com' => -3.0}], ># 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, ># '.cleargreen.com' => -5.0}], > > # site-wide opinions about senders (the '.' matches any recipient) > '.' => [ # the _first_ matching sender determines the score boost > > new_RE( # regexp-type lookup table, just happens to be all soft-blacklist > [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], > [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], > [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], > [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], > [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], > [qr'^(your_friend|greatoffers)@'i => 5.0], > [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], > ), > ># read_hash("/var/amavis/sender_scores_sitewide"), > > { # a hash-type lookup table (associative array) > 'nobody@cert.org' => -3.0, > 'cert-advisory@us-cert.gov' => -3.0, > 'owner-alert@iss.net' => -3.0, > 'slashdot@slashdot.org' => -3.0, > 'securityfocus.com' => -3.0, > 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, > 'security-alerts@linuxsecurity.com' => -3.0, > 'mailman-announce-admin@python.org' => -3.0, > 'amavis-user-admin@lists.sourceforge.net'=> -3.0, > 'amavis-user-bounces@lists.sourceforge.net' => -3.0, > 'spamassassin.apache.org' => -3.0, > 'notification-return@lists.sophos.com' => -3.0, > 'owner-postfix-users@postfix.org' => -3.0, > 'owner-postfix-announce@postfix.org' => -3.0, > 'owner-sendmail-announce@lists.sendmail.org' => -3.0, > 'sendmail-announce-request@lists.sendmail.org' => -3.0, > 'donotreply@sendmail.org' => -3.0, > 'ca+envelope@sendmail.org' => -3.0, > 'noreply@freshmeat.net' => -3.0, > 'owner-technews@postel.acm.org' => -3.0, > 'ietf-123-owner@loki.ietf.org' => -3.0, > 'cvs-commits-list-admin@gnome.org' => -3.0, > 'rt-users-admin@lists.fsck.com' => -3.0, > 'clp-request@comp.nus.edu.sg' => -3.0, > 'surveys-errors@lists.nua.ie' => -3.0, > 'emailnews@genomeweb.com' => -5.0, > 'yahoo-dev-null@yahoo-inc.com' => -3.0, > 'returns.groups.yahoo.com' => -3.0, > 'clusternews@linuxnetworx.com' => -3.0, > lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, > lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, > > # soft-blacklisting (positive score) > 'sender@example.net' => 3.0, > '.example.net' => 1.0, > > }, > ], # end of site-wide tables >}); > > ># ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL (RECIPIENT-INDEPENDENT) ># (affects spam checking only, has no effect on virus and other checks) > ># WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted ># senders even if the message would be recognized as spam. Effectively, for ># the specified senders, message recipients temporarily become 'spam_lovers'. ># To avoid surprises, whitelisted sender also suppresses inserting/editing ># the tag2-level header fields (X-Spam-*, Subject), appending spam address ># extension, and quarantining. ># ># BLACKLISTING: messages from specified SENDERS are DECLARED SPAM. ># Effectively, for messages from blacklisted envelope sender addresses, spam ># level is artificially pushed high, and the normal spam processing applies, ># resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual ># reactions to spam, including possible rejection. If the message nevertheless ># still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED ># in the 'X-Spam-Status' header field, but the reported spam value and ># set of tests in this report header field (if available from SpamAssassin, ># which may or may not have been called) is not adjusted. ># ># A sender may be both white- and blacklisted at the same time, settings ># are independent. For example, being both white- and blacklisted, message ># is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No; ># X-Spam-Status: No, ...), but the reported spam level (if computed) may ># still indicate high spam score. ># ># If ALL recipients of the message either white- or blacklist the sender, ># spam scanning (calling the SpamAssassin) is bypassed, saving on time. ># ># The following variables (lists of lookup tables) are available, ># with the semantics and syntax as specified in README.lookups: ># @whitelist_sender_maps, @blacklist_sender_maps > ># SOME EXAMPLES: ># >#ACL: ># @whitelist_sender_maps = ( ['.example.org', '.example.net'] ); ># @whitelist_sender_maps = ( [qw(.example.org .example.net)] ); # same thing ># ># @whitelist_sender_maps = ( [".$mydomain"] ); # $mydomain and its subdomains ># NOTE: This is not a reliable way of turning off spam checks for ># locally-originating mail, as sender address can easily be faked. ># To reliably avoid spam-scanning outgoing mail, use @bypass_spam_checks_maps ># for nonlocal recipients. To reliably avoid spam scanning for locally ># originating mail (including internal-to-internal mail), recognized by ># the original SMTP client IP address matching @mynetworks, use policy bank ># MYNETS, adjust @mynetworks, and turn on XFORWARD in the Postfix smtp client ># service feeding amavisd. > >#with regexps: ># @whitelist_sender_maps = ( new_RE( ># qr'^postmaster@.*\bexample\.com$'i, ># qr'^owner-[^@]*@'i, qr'-request@'i, ># qr'\.example\.com$'i ># )); > > ># illustrates the use of regexp lookup table: > >@blacklist_sender_maps = ( new_RE( > qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i, > qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i, > qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i, > qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i, > qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i, > qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i, >)); > > ># NOTE: whitelisting is becoming deprecated because sender address is ># all too often faked; use @score_sender_maps for soft-whitelisting! ># ># Illustrates the use of several lookup tables: ># ># @whitelist_sender_maps = ( ># ># # read_hash("$MYHOME/whitelist_sender"), # a hash table read from a file ># ># # and another hash lookup table constructed in-line, with keys lowercased: ># { map {lc $_ => 1} qw( ># nobody@cert.org ># cert-advisory@us-cert.gov ># owner-alert@iss.net ># slashdot@slashdot.org ># bugtraq@securityfocus.com ># NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM ># security-alerts@linuxsecurity.com ># amavis-user-admin@lists.sourceforge.net ># amavis-user-bounces@lists.sourceforge.net ># notification-return@lists.sophos.com ># mailman-announce-admin@python.org ># owner-postfix-users@postfix.org ># owner-postfix-announce@postfix.org ># owner-sendmail-announce@lists.sendmail.org ># sendmail-announce-request@lists.sendmail.org ># owner-technews@postel.ACM.ORG ># lvs-users-admin@LinuxVirtualServer.org ># ietf-123-owner@loki.ietf.org ># cvs-commits-list-admin@gnome.org ># rt-users-admin@lists.fsck.com ># clp-request@comp.nus.edu.sg ># surveys-errors@lists.nua.ie ># emailNews@genomeweb.com ># owner-textbreakingnews@CNNIMAIL12.CNN.COM ># yahoo-dev-null@yahoo-inc.com ># returns.groups.yahoo.com ># )}, ># ># # { '' => 1 }, # and another one, containing just an empty reverse path (DSN) ># ># ); > > ># ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT > ># The same semantics as for global white/blacklisting applies, but this ># time each recipient (or its domain, or subdomain, ...) can be given ># an individual lookup table for matching senders. The per-recipient lookups ># take precedence over the global lookups, which serve as a fallback default. > ># Specify a two-level lookup table: the key for the outer table is recipient, ># and the result should be an inner lookup table (hash or ACL or RE), ># where the key used will be the sender. (Note that this structure is flatter ># than @score_sender_maps, where the first level result is a ref to a _list_ ># of inner lookup tables, not a ref to a single lookup table.) ># >#$per_recip_blacklist_sender_lookup_tables = { ># 'user1@my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i), ># 'user2@my.example.com'=>[qw( spammer@d1.example,org .d2.example,org )], >#}; >#$per_recip_whitelist_sender_lookup_tables = { ># 'user@my.example.com' => [qw( friend@example.org .other.example.org )], ># '.my1.example.com' => [qw( !foe.other.example,org .other.example,org )], ># '.my2.example.com' => read_hash("$MYHOME/my2-wl.dat"), ># 'abuse@' => { 'postmaster@'=>1, ># 'cert-advisory-owner@cert.org'=>1, 'owner-alert@iss.net'=>1 }, >#}; > > ># ># Section VI - Resource limits ># > ># Sanity limit to the number of allowed recipients per SMTP transaction ># $smtpd_recipient_limit = 1100; # (default is 1100) > ># Resource limits to protect unpackers, decompressors and virus scanners ># against mail bombs (e.g. 42.zip) > > ># Maximum recursion level for extraction/decoding (0 or undef disables limit) >$MAXLEVELS = 14; # (default is undef, no limit) > ># Maximum number of extracted files (0 or undef disables the limit) >$MAXFILES = 1500; # (default is undef, no limit) > ># For the cumulative total of all decoded mail parts we set max storage size ># to defend against mail bombs. Even though parts may be deleted (replaced ># by decoded text) during decoding, the size they occupied is _not_ returned ># to the quota pool. ># ># Parameters to storage quota formula for unpacking/decoding/decompressing ># Formula: ># quota = max($MIN_EXPANSION_QUOTA, ># $mail_size*$MIN_EXPANSION_FACTOR, ># min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR)) ># In plain words (later condition overrules previous ones): ># allow MAX_EXPANSION_FACTOR times initial mail size, ># but not more than MAX_EXPANSION_QUOTA, ># but not less than MIN_EXPANSION_FACTOR times initial mail size, ># but never less than MIN_EXPANSION_QUOTA ># >$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) >$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) >$MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5) >$MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500) > ># expiration time of cached results: time to live in seconds ># (how long the result of a virus/spam test remains valid) >$virus_check_negative_ttl= 3*60; # time to remember that mail was not infected >$virus_check_positive_ttl= 30*60; # time to remember that mail was infected >$spam_check_negative_ttl = 10*60; # time to remember that mail was not spam >$spam_check_positive_ttl = 30*60; # time to remember that mail was spam ># ># NOTE: ># Cache size will be determined by the largest of the $*_ttl values. ># Depending on the mail rate, the cache database may grow quite large. ># Reasonable compromise for the max value is 15 minutes to 2 hours. > ># ># Section VII - External programs, virus scanners ># > ># Specify a path string, which is a colon-separated string of directories ># (no trailing slashes!) to be assigned to the environment variable PATH ># and to serve for locating external programs below. > ># NOTE: if $daemon_chroot_dir is nonempty, the directories will be ># relative to the chroot directory specified; > >$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin'; > ># For external programs specify one string or a search list of strings (first ># match wins). The string (or: each string in a list) may be an absolute path, ># or just a program name, to be located via $path; ># Empty string or undef (=default) disables the use of that external program. ># Optionally command arguments may be specified - only the first substring ># up to the whitespace is used for file searching. > >$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability >$dspam = 'dspam'; > ># A list of pairs or n-tuples: [short-type, code_ref, optional-args...]. ># Maps short types to a decoding routine, the first match wins. ># Arguments beyond the first two can be program path string (or a listref of ># paths to be searched) or a reference to a variable containing such a path, ># which allows for lazy evaluation, making possible to assign values to ># legacy configuration variables even after the assignment to @decoders. ># >@decoders = ( > ['mail', \&do_mime_decode], > ['asc', \&do_ascii], > ['uue', \&do_ascii], > ['hqx', \&do_ascii], > ['ync', \&do_ascii], > ['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], > ['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ], > ['gz', \&do_uncompress, 'gzip -d'], > ['gz', \&do_gunzip], > ['bz2', \&do_uncompress, 'bzip2 -d'], > ['lzo', \&do_uncompress, 'lzop -d'], > ['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], > ['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ], > ['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ], > ['deb', \&do_ar, 'ar'], ># ['a', \&do_ar, 'ar'], # unpacking .a seems an overkill > ['zip', \&do_unzip], > ['7z', \&do_7zip, ['7zr','7za','7z'] ], > ['rar', \&do_unrar, ['rar','unrar'] ], > ['arj', \&do_unarj, ['arj','unarj'] ], > ['arc', \&do_arc, ['nomarch','arc'] ], > ['zoo', \&do_zoo, ['zoo','unzoo'] ], > ['lha', \&do_lha, 'lha'], ># ['doc', \&do_ole, 'ripole'], > ['cab', \&do_cabextract, 'cabextract'], > ['tnef', \&do_tnef_ext, 'tnef'], > ['tnef', \&do_tnef], ># ['sit', \&do_unstuff, 'unstuff'], # broken/unsafe decoder > ['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], >); > > ># SpamAssassin settings > ># $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value ># of the option local_tests_only. See Mail::SpamAssassin man page. ># If set to 1, no SA tests that require internet access will be performed. ># >$sa_local_tests_only = 0; # only tests which do not require internet access? >#$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant > # for SA 3.0, its cf option is use_auto_whitelist) > >$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger > # (less than 1% of spam is > 64k) > # default: undef, no limitations > ># default values, customarily used in the @spam_*_level_maps as the last entry >$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level; > # undef is interpreted as lower than any spam level >$sa_tag2_level_deflt = 6.31;# add 'spam detected' headers at that level to > # passed mail, adding address extensions; >$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions > # at or above that level: bounce/reject/drop, > # quarantine >$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent, > # effectively turning D_BOUNCE into D_DISCARD; > # undef disables this feature and is a default; ># see also $sa_quarantine_cutoff_level above, which only controls quarantining > >$penpals_bonus_score = 5; # (positive) score by which spam score is lowered > # when sender is known to have previously received mail from our > # local user from this mail system; zero or undef disables penpals > # lookups in SQL; default: undef ># $penpals_halflife = 10*24*60*60; #exponential decay time constant in seconds; > # penpal bonus is halved for each halflife period from the last mail > # sent by a local user to a current mail's sender; default: 7 days ># $penpals_threshold_low = 1.0; # no need for pen pals lookup on low spam score >$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam > ># $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces > # bounce killer needs operational SQL logging (pen pals) ! > ># advanced example specifying per-recipient values using a hash lookup: >#@spam_tag_level_maps = (\$sa_tag_level_deflt); # this is a default >#@spam_tag2_level_maps = ( ># { 'user1@example.com' => 8.0, '.example.com' => 6.0 }, ># \$sa_tag2_level_deflt, # catchall default >#); >#@spam_kill_level_maps = ( ># { 'user1@example.com' => 8.0, '.example.com' => 6.0 }, ># \$sa_kill_level_deflt, # catchall default >#); >#@spam_dsn_cutoff_level_maps = ( ># { 'user1@example.com' => 10, '.example.com' => 15 }, ># \$sa_dsn_cutoff_level, # catchall default >#); > ># selectively trim down bounces to domains sending their own bounces with ># non-null return path, to frequently abused domains, or to those sending ># marginal spam >@spam_dsn_cutoff_level_bysender_maps = ( > { # an associative array (hash) lookup table, use lowercase keys > 'virgilio.it' => 7, 'mail.ru' => 7, '0451.com' => 7, > 'yahoo.co.uk' => 7, 'yahoo.co.jp' => 7, 'nobody@' => 7, > 'noreply@' => 0, 'no-reply@' => 0, 'donotreply@' => 0, > 'opt-in@' => 0, 'opt-out@' => 0, 'yahoo-dev-null@' => 0, > '.optin-out.com' => 0, 'daily@astrocenter.com' => 0, > 'spamadmin@fraunhofer.de'=> 7, # Sophos PureMessage spam bounces > }, > \$sa_dsn_cutoff_level, # catchall default value >); > ># a quick reference: ># tag_level contents category: CC_CLEAN, ># controls adding the X-Spam-Status and X-Spam-Level headers, ># tag2_level contents category: CC_SPAMMY, ># controls adding 'X-Spam-Flag: YES', editing (tagging) Subject, ># and adding address extensions, ># tag3_level contents category: CC_SPAMMY, minor category 1, ># like tag2, but may insert different Subject tag ># e.g. @spam_subject_tag3_maps=('***BLATANT*SPAM*** '); ># kill_level contents category: CC_SPAM, ># controls 'evasive actions' (reject, quarantine); ># it only makes sense to maintain the relationship: ># tag_level <= tag2_level <= tag3_level <= kill_level < ># < dsn_cutoff_level <= quarantine_cutoff_level > ># string to prepend to Subject header field when message exceeds tag2 level >#$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) > # (only seen when spam is passed and recipient is > # in local_domains*) ># more examples, using @*_maps directly: >#@spam_subject_tag_maps = ('[possible-spam:_SCORE_] '); >#@spam_subject_tag2_maps = ('***SPAM*** _SCORE_ (_REQD_) '); >#@spam_subject_tag3_maps = ('***BLATANT*SPAM**** _SCORE_ (_REQD_) '); ># another examples, using _maps_by_ccat: >#$subject_tag_maps_by_ccat{+CC_CLEAN} = [ ># { lc('TestUser@example.net') => ># '**TEST:_U_,hits=_SCORE_,req=_REQD_,amid=_TASKID_,mid=_MAILID_**' } ]; > >#$sa_spam_modifies_subj = 1; # in @spam_modifies_subj_maps, default is true > ># Example: modify Subject for all local recipients except user@example.com >#@spam_modifies_subj_maps = ( [qw( !user@example.com . )] ); > >#$sa_spam_level_char = '*'; # char for X-Spam-Level bar, defaults to '*'; > # undef or empty disables inserting X-Spam-Level >#$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false > ># stop anti-virus scanning when the first scanner detects a virus? >#$first_infected_stops_scan = 1; # default is false, all scanners in a section > # are called > ># @av_scanners is a list of n-tuples, where fields semantics is: ># 1. av scanner plain name, to be used in log and reports; ># 2a.scanner program name; this string will be submitted to subroutine ># find_external_programs(), which will try to find the full program path ># name during startup; if program is not found, this scanner is disabled. ># Besides a simple string (full program path name or just the basename ># to be looked for in PATH), this may be an array ref of alternative ># program names or full paths - the first match in the list will be used; ># 2b.alternatively, this second field may be a subroutine reference, ># and the whole n-tuple entry is passed to it as args; it should return ># a triple: ($scan_status,$output,$virusnames_ref), where: ># - $scan_status is: true if a virus was found, 0 if no viruses, ># undef if scanner was unable to complete its job (failed); ># - $output is an optional result string to appear in logging and macro %v; ># - $virusnames_ref is a ref to a list of detected virus names (may be ># undef or a ref to an empty list); ># 3. command arguments to be given to the scanner program; ># a substring {} will be replaced by the directory name to be scanned, i.e. ># "$tempdir/parts", a "*" will be replaced by base file names of parts; ># 4. an array ref of av scanner exit status values, or a regexp (to be ># matched against scanner output), indicating NO VIRUSES found; ># a special case is a value undef, which does not claim file to be clean ># (i.e. it never matches, similar to []), but suppresses a failure warning; ># to be used when the result is inconclusive (useful for specialized and ># quick partial scanners such as jpeg checker); ># 5. an array ref of av scanner exit status values, or a regexp (to be ># matched against scanner output), indicating VIRUSES WERE FOUND; ># a value undef may be used and it never matches (for consistency with 4.); ># Note: the virus match prevails over a 'not found' match, so it is safe ># even if the no. 4. matches for viruses too; ># 6. a regexp (to be matched against scanner output), returning a list ># of virus names found, or a sub ref, returning such a list when given ># scanner output as argument; ># 7. and 8.: (optional) subroutines to be executed before and after scanner ># (e.g. to set environment or current directory); ># see examples for these at KasperskyLab AVP and NAI uvscan. > ># NOTES: ># ># - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the ># whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE ># (which can be handy if all you want to do is spam scanning); ># ># - the order matters: although _all_ available entries from the list ># are tried regardless of their verdict, scanners are run in the order ># specified: the report from the first one detecting a virus will be used ># (providing virus names and scanner output); REARRANGE THE ORDER TO WILL; ># see also $first_infected_stops_scan; ># ># - it doesn't hurt to keep an unused command line scanner entry in the list ># if the program can not be found; the path search is only performed once ># during the program startup; ># ># COROLLARY: to disable a scanner that _does_ exist on your system, ># comment out its entry or use undef or '' as its program name/path ># (second parameter). An example where this is almost a must: disable ># Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl ># (same for Trophie/vscan, and clamd/clamscan), or if another unrelated ># program happens to have a name matching one of the entries ('sweep' ># again comes to mind); ># ># - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES ># for interfacing (where the second parameter starts with \&). ># Keeping such entry and not having a corresponding virus scanner daemon ># causes an unnecessary connection attempt (which eventually times out, ># but it wastes precious time). For this reason the daemonized entries ># are commented in the distribution - just remove the '#' where needed. ># ># CERT list of av resources: http://www.cert.org/other_sources/viruses.html > >@av_scanners = ( > ># ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) ># ['Sophie', ># \&ask_daemon, ["{}/\n", '/var/run/sophie'], ># qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, ># qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], > ># ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ ># ['Sophos SAVI', \&sophos_savi ], > ># ### http://www.clamav.net/ > ['ClamAV-clamd', > \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], > qr/\bOK$/m, qr/\bFOUND$/m, > qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ># # NOTE: run clamd under the same user as amavisd, or run it under its own ># # uid such as clamav, add user clamav to the amavis group, and then add ># # AllowSupplementaryGroups to clamd.conf; ># # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in ># # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". > ># ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) ># # note that Mail::ClamAV requires perl to be build with threading! ># ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/m ], > ># ### http://www.openantivirus.org/ ># ['OpenAntiVirus ScannerDaemon (OAV)', ># \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], ># qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], > ># ### http://www.vanja.com/tools/trophie/ ># ['Trophie', ># \&ask_daemon, ["{}/\n", '/var/run/trophie'], ># qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m, ># qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], > ># ### http://www.grisoft.com/ ># ['AVG Anti-Virus', ># \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], ># qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ], > ># ### http://www.f-prot.com/ ># ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 ># \&ask_daemon, ># ["SCAN FILE {}/*\n", '127.0.0.1:10200'], ># qr/^(0|8|64) /m, ># qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, ># qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], > ># ### http://www.f-prot.com/ ># ['F-Prot f-protd', # old version ># \&ask_daemon, ># ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", ># ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', ># '127.0.0.1:10203', '127.0.0.1:10204'] ], ># qr/(?i)<summary[^>]*>clean<\/summary>/m, ># qr/(?i)<summary[^>]*>infected<\/summary>/m, ># qr/(?i)<name>(.+)<\/name>/m ], > ># ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ ># ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later ># [pack('N',1). # DRWEBD_SCAN_CMD ># pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES ># pack('N', # path length ># length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). ># '{}/*'. # path ># pack('N',0). # content size ># pack('N',0), ># '/var/drweb/run/drwebd.sock', ># # '/var/amavis/var/run/drwebd.sock', # suitable for chroot ># # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default ># # '127.0.0.1:3000', # or over an inet socket ># ], ># qr/\A\x00[\x10\x11][\x00\x10]\x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED ># qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF ># qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm, ># ], ># # NOTE: If using amavis-milter, change length to: ># # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). > > ### http://www.kaspersky.com/ (kav4mailservers) > ['KasperskyLab AVP - aveclient', > ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', > '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], > '-p /var/run/aveserver -s {}/*', > [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, > qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, > ], > # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, > # currupted or protected archives are to be handled > > ### http://www.kaspersky.com/ > ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], > '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? > qr/infected: (.+)/m, > sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, > sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, > ], > > ### The kavdaemon and AVPDaemonClient have been removed from Kasperky > ### products and replaced by aveserver and aveclient > ['KasperskyLab AVPDaemonClient', > [ '/opt/AVP/kavdaemon', 'kavdaemon', > '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', > '/opt/AVP/AvpTeamDream', 'AvpTeamDream', > '/opt/AVP/avpdc', 'avpdc' ], > "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ], > # change the startup-script in /etc/init.d/kavd to: > # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" > # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) > # adjusting /var/amavis above to match your $TEMPBASE. > # The '-f=/var/amavis' is needed if not running it as root, so it > # can find, read, and write its pid file, etc., see 'man kavdaemon'. > # defUnix.prf: there must be an entry "*/var/amavis" (or whatever > # directory $TEMPBASE specifies) in the 'Names=' section. > # cd /opt/AVP/DaemonClients; configure; cd Sample; make > # cp AvpDaemonClient /opt/AVP/ > # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" > > ### http://www.centralcommand.com/ > ['CentralCommand Vexira (new) vascan', > ['vascan','/usr/lib/Vexira/vascan'], > "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". > "--log=/var/log/vascan.log {}", > [0,3], [1,2,5], > qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ], > # Adjust the path of the binary and the virus database as needed. > # 'vascan' does not allow to have the temp directory to be the same as > # the quarantine directory, and the quarantine option can not be disabled. > # If $QUARANTINEDIR is not used, then another directory must be specified > # to appease 'vascan'. Move status 3 to the second list if password > # protected files are to be considered infected. > > ### http://www.avira.com/ > ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus > ['Avira AntiVir', ['antivir','vexira'], > '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m, > qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | > (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ], > # NOTE: if you only have a demo version, remove -z and add 214, as in: > # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, > > ### http://www.commandsoftware.com/ > ['Command AntiVirus for Linux', 'csav', > '-all -archive -packed {}', [50], [51,52,53], > qr/Infection: (.+)/m ], > > ### http://www.symantec.com/ > ['Symantec CarrierScan via Symantec CommandLineScanner', > 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', > qr/^Files Infected:\s+0$/m, qr/^Infected\b/m, > qr/^(?:Info|Virus Name):\s+(.+)/m ], > > ### http://www.symantec.com/ > ['Symantec AntiVirus Scan Engine', > 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', > [0], qr/^Infected\b/m, > qr/^(?:Info|Virus Name):\s+(.+)/m ], > # NOTE: check options and patterns to see which entry better applies > ># ### http://www.f-secure.com/products/anti-virus/ version 4.65 ># ['F-Secure Antivirus for Linux servers', ># ['/opt/f-secure/fsav/bin/fsav', 'fsav'], ># '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. ># '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], ># qr/(?:infection|Infected|Suspected): (.+)/m ], > > ### http://www.f-secure.com/products/anti-virus/ version 5.52 > ['F-Secure Antivirus for Linux servers', > ['/opt/f-secure/fsav/bin/fsav', 'fsav'], > '--virus-action1=report --archive=yes --auto=yes '. > '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], > qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ], > # NOTE: internal archive handling may be switched off by '--archive=no' > # to prevent fsav from exiting with status 9 on broken archives > ># ### http://www.avast.com/ ># ['avast! Antivirus daemon', ># \&ask_daemon, # greets with 220, terminate with QUIT ># ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], ># qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ], > ># ### http://www.avast.com/ ># ['avast! Antivirus - Client/Server Version', 'avastlite', ># '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], ># qr/\t\[L\]\t([^[ \t\015\012]+)/m ], > > ['CAI InoculateIT', 'inocucmd', # retired product > '-sec -nex {}', [0], [100], > qr/was infected by virus (.+)/m ], > # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html > > ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) > ['CAI eTrust Antivirus', 'etrust-wrapper', > '-arc -nex -spm h {}', [0], [101], > qr/is infected by virus: (.+)/m ], > # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer > # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 > > ### http://mks.com.pl/english.html > ['MkS_Vir for Linux (beta)', ['mks32','mks'], > '-s {}/*', [0], [1,2], > qr/--[ \t]*(.+)/m ], > > ### http://mks.com.pl/english.html > ['MkS_Vir daemon', 'mksscan', > '-s -q {}', [0], [1..7], > qr/^... (\S+)/m ], > ># ### http://www.nod32.com/, version v2.52 (old) ># ['ESET NOD32 for Linux Mail servers', ># ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], ># '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. ># '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. ># '--action-on-notscanned=accept {}', ># [0,3], [1,2], qr/virus="([^"]+)"/m ], > ># ### http://www.eset.com/, version v2.7 (old) ># ['ESET NOD32 Linux Mail Server - command line interface', ># ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'], ># '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ], > ># ### http://www.eset.com/, version 2.71.12 ># ['ESET Software ESETS Command Line Interface', ># ['/usr/bin/esets_cli', 'esets_cli'], ># '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ], > > ### http://www.eset.com/, version 3.0 > ['ESET Software ESETS Command Line Interface', > ['/usr/bin/esets_cli', 'esets_cli'], > '--subdir {}', [0], [1,2,3], > qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ], > > ## http://www.nod32.com/, NOD32LFS version 2.5 and above > ['ESET NOD32 for Linux File servers', > ['/opt/eset/nod32/sbin/nod32','nod32'], > '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. > '-w -a --action=1 -b {}', > [0], [1,10], qr/^object=.*, virus="(.*?)",/m ], > ># Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 ># ['ESET Software NOD32 Client/Server (NOD32SS)', ># \&ask_daemon2, # greets with 200, persistent, terminate with QUIT ># ["SCAN {}/*\r\n", '127.0.0.1:8448' ], ># qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ], > > ### http://www.norman.com/products_nvc.shtml > ['Norman Virus Control v5 / Linux', 'nvcc', > '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], > qr/(?i).* virus in .* -> \'(.+)\'/m ], > > ### http://www.pandasoftware.com/ > ['Panda CommandLineSecure 9 for Linux', > ['/opt/pavcl/usr/bin/pavcl','pavcl'], > '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', > qr/Number of files infected[ .]*: 0+(?!\d)/m, > qr/Number of files infected[ .]*: 0*[1-9]/m, > qr/Found virus :\s*(\S+)/m ], > # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' > # before starting amavisd - the bases are then loaded only once at startup. > # To reload bases in a signature update script: > # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr > # Please review other options of pavcl, for example: > # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies > ># ### http://www.pandasoftware.com/ ># ['Panda Antivirus for Linux', ['pavcl'], ># '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', ># [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], ># qr/Found virus :\s*(\S+)/m ], > ># GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. ># Check your RAV license terms before fiddling with the following two lines! ># ['GeCAD RAV AntiVirus 8', 'ravav', ># '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ], ># # NOTE: the command line switches changed with scan engine 8.5 ! ># # (btw, assigning stdin to /dev/null causes RAV to fail) > > ### http://www.nai.com/ > ['NAI McAfee AntiVirus (uvscan)', 'uvscan', > '--secure -rv --mime --summary --noboot --mailbox --program --timeout 180 - {}', [0], [13], > qr/(?x) Found (?: > \ the\ (.+)\ (?:virus|trojan) | > \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | > :\ (.+)\ NOT\ a\ virus)/m, > # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, > # sub {delete $ENV{LD_PRELOAD}}, > ], > # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before > # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 > # and then clear it when finished to avoid confusing anything else. > # NOTE2: to treat encrypted files as viruses replace the [13] with: > # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/ > > ### http://www.virusbuster.hu/en/ > ['VirusBuster', ['vbuster', 'vbengcl'], > "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], > qr/: '(.*)' - Virus/m ], > # VirusBuster Ltd. does not support the daemon version for the workstation > # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of > # binaries, some parameters AND return codes have changed (from 3 to 1). > # See also the new Vexira entry 'vascan' which is possibly related. > ># ### http://www.virusbuster.hu/en/ ># ['VirusBuster (Client + Daemon)', 'vbengd', ># '-f -log scandir {}', [0], [3], ># qr/Virus found = (.*);/m ], ># # HINT: for an infected file it always returns 3, ># # although the man-page tells a different story > > ### http://www.cyber.com/ > ['CyberSoft VFind', 'vfind', > '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m, > # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, > ], > > ### http://www.avast.com/ > ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], > '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], > > ### http://www.ikarus-software.com/ > ['Ikarus AntiVirus for Linux', 'ikarus', > '{}', [0], [40], qr/Signature (.+) found/m ], > > ### http://www.bitdefender.com/ > ['BitDefender', 'bdscan', # new version > '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m, > qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m, > qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ], > > ### http://www.bitdefender.com/ > ['BitDefender', 'bdc', # old version > '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m, > qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m, > qr/(?:suspected|infected): (.*)(?:\033|$)/m ], > # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may > # not apply to your version of bdc, check documentation and see 'bdc --help' > > ### ArcaVir for Linux and Unix http://www.arcabit.pl/ > ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], > '-v 1 -summary 0 -s {}', [0], [1,2], > qr/(?:VIR|WIR):[ \t]*(.+)/m ], > ># ### a generic SMTP-client interface to a SMTP-based virus scanner ># ['av_smtp', \&ask_av_smtp, ># ['{}', 'smtp:[127.0.0.1]:5525', 'dummy@localhost'], ># qr/^2/, qr/^5/, qr/^\s*(.*?)\s*$/m ], > ># ['File::Scan', sub {Amavis::AV::ask_av(sub{ ># use File::Scan; my($fn)=@_; ># my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); ># my($vname) = $f->scan($fn); ># $f->error ? (2,"Error: ".$f->error) ># : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, ># ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ], > ># ### fully-fledged checker for JPEG marker segments of invalid length ># ['check-jpeg', ># sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, ># ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], ># # NOTE: place file JpegTester.pm somewhere where Perl can find it, ># # for example in /usr/local/lib/perl5/site_perl > ># ### example: simpleminded checker for JPEG marker segments with ># ### invalid length (only checks first 32k, which is not thorough enough) ># ['check-jpeg-simple', ># sub { Amavis::AV::ask_av(sub { ># my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg'); ># open(FF,$f) or die "jpeg: open err $f: $!"; ># binmode(FF) or die "jpeg: binmode err $f: $!"; ># defined read(FF,$_,32000) or die "jpeg: read err $f: $!"; ># close(FF) or die "jpeg: close err $f: $!"; ># if (/^\xff\xd8\xff/) { ># @r=(0,'jpeg ok'); ># while (!/\G(?:\xff\xd9|\z)/gc) { # EOI or eof ># if (/\G\xff+(?=\xff|\z)/gc) {} # fill-bytes before marker ># elsif (/\G\xff([\x01\xd0-\xd8])/gc) {} # TEM, RSTi, SOI ># elsif (/\G\xff([^\x00\xff])(..)/gcs) { # marker segment start ># my($n)=unpack("n",$2)-2; ># $n=32766 if $n>32766; # Perl regexp limit ># if ($n<0) {@r=(1,"bad jpeg: len=$n, pos=".pos); last} ># elsif (/\G.{$n}/gcs) {} # ok ># elsif (/\G.{0,$n}\z/gcs) {last} # truncated ># else {@r=(1,"bad jpeg: unexpected, pos=".pos); last} ># } ># elsif (/\G[^\xff]+/gc) {} # ECS ># elsif (/\G(?:\xff\x00)+/gc) {} # ECS ># else {@r=(2,"bad jpeg: unexpected char, pos=".pos); last} ># } ># }; @r}, @_) }, ># ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ], > ># ### an example/testing/template virus scanner (external), wastes 3 seconds ># ['wasteful sleeper example', ># '/bin/sleep', '3', # calls external program ># undef, undef, qr/no such/m ], > ># ### an example/testing/template virus scanner (internal), does nothing ># ['null', ># sub {}, ["{}"], # supplies its own subroutine, no external program ># undef, undef, qr/no such/m ], > >); > > ># If no virus scanners from the @av_scanners list produce 'clean' nor ># 'infected' status (i.e. they all fail to run or the list is empty), ># then _all_ scanners from the @av_scanners_backup list are tried ># (again, subject to $first_infected_stops_scan). When there are both ># daemonized and equivalent or similar command-line scanners available, ># it is customary to place slower command-line scanners in the ># @av_scanners_backup list. The default choice is somewhat arbitrary, ># move entries from one list to another as desired, keeping main scanners ># in the primary list to avoid warnings. > >@av_scanners_backup = ( > > ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV > ['ClamAV-clamscan', 'clamscan', > "--stdout --no-summary -r --tempdir=$TEMPBASE {}", > [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], > > ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 > ['F-PROT Antivirus for UNIX', ['fpscan'], > '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 > [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], > qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ], > > ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) > ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], > '-dumb -ai -archive -packed -server {}', [0,8], [3,6], # or: [0], [3,6,8], > qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ], > > ### http://www.trendmicro.com/ - backs up Trophie > ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], > '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ], > > ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD > ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier > ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], > '-path={} -al -go -ot -cn -upn -ok-', > [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ], > > ### http://www.kaspersky.com/ > ['Kaspersky Antivirus v5.5', > ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', > '/opt/kav/5.5/kav4unix/bin/kavscanner', > '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], > '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], > qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m, ># sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, ># sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, > ], > ># Commented out because the name 'sweep' clashes with Debian and FreeBSD ># package/port of an audio editor. Make sure the correct 'sweep' is found ># in the path when enabling. ># ># ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl ># ['Sophos Anti Virus (sweep)', 'sweep', ># '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. ># '--no-reset-atime {}', ># [0,2], qr/Virus .*? found/m, ># qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, ># ], ># # other options to consider: -idedir=/usr/local/sav > ># Always succeeds and considers mail clean. ># Potentially useful when all other scanners fail and it is desirable ># to let mail continue to flow with no virus checking (when uncommented). ># ['always-clean', sub {0}], > >); > > ># ># Section VIII - Debugging ># > ># The most useful debugging tool is to run amavisd-new non-detached ># from a terminal window using command: # amavisd debug > ># Some more refined approaches: > ># If sender matches ACL, turn debugging fully up, just for this one message >#@debug_sender_maps = ( ["test-sender\@$mydomain"] ); >#@debug_sender_maps = ( [qw( debug@example.com debug@example.net )] ); > ># May be useful along with @debug_sender_maps: ># Prevent all decoded originals being deleted (replaced by decoded part) >#@keep_decoded_original_maps = (1); > ># Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug') >#$sa_debug = '1,all'; # defaults to false > > ># ># Section IX - Policy banks (dynamic policy switching) ># > >## Define some policy banks (sets of settings) and give them >## arbitrary names (the names '', 'MYNETS' and 'MYUSERS' have special meaning): ># ># $policy_bank{'ALT'} = { ># log_level => 3, ># syslog_ident => 'alt-amavis', ># syslog_facility => 'LOCAL3', ># inet_acl => [qw( 10.0.1.14 )], ># final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS, ># forward_method => 'smtp:*:*', ># notify_method => 'smtp:[127.0.0.1]:10025', ># virus_admin_maps => "abuse\@$mydomain", ># spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@example.com )]], ># spam_tag_level_maps => 2.1, ># spam_tag2_level_maps => 6.32, ># spam_kill_level_maps => 6.72, ># spam_dsn_cutoff_level_maps => 8, ># defang_spam => 1, ># local_client_bind_address => '10.11.12.13', ># localhost_name => 'amavis.example.com', ># smtpd_greeting_banner => ># '${helo-name} ${protocol} ${product} ${version-id} (${version-date}) TEST service ready'; ># auth_mech_avail => [qw(PLAIN LOGIN)], ># auth_required_inp => 1, ># auth_required_out => 1, ># amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX', ># av_scanners => [ # provide only 'free' scanners ># ['ClamAV-clamd', ># \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], ># qr/\bOK$/, qr/\bFOUND$/, ># qr/^.*?: (?!Infected Archive)(.*) FOUND$/, ># ], ># ], ># av_scanners_backup => [ ># ['ClamAV-clamscan', 'clamscan', ># "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], ># qr/^.*?: (?!Infected Archive)(.*) FOUND$/, ># ], ># ], ># }; > ># NOTE: the use of policy banks for changing protocol on the input socket is ># only needed when different protocols need to be spoken on different sockets ># at the same time. For normal use just set globally e.g.: $protocol='AM.PDP'; ># >#$policy_bank{'AM.PDP-SOCK'} = { ># protocol => 'AM.PDP', # Amavis policy delegation protocol ># auth_required_release => 0, # do not require secret_id for amavisd-release >#}; ># >#$policy_bank{'AM.PDP-INET'} = { ># protocol => 'AM.PDP', # Amavis policy delegation protocol ># inet_acl => [qw( 127.0.0.1 [::1] )], # restrict to these IP addresses >#}; ># >## the name 'MYNETS' has special semantics: this policy bank gets loaded >## whenever MTA supplies the original SMTP client IP address (Postfix XFORWARD >## extension or a new AM.PDP protocol) and that address matches @mynetworks. ># ># $terminate_dsn_on_notify_success = 1; ># $policy_bank{'MYNETS'} = { # mail originating from @mynetworks ># originating => 1, # is true in MYNETS by deflt, but let's make it explicit ># terminate_dsn_on_notify_success => 0, ># spam_kill_level_maps => 6.9, ># syslog_facility => 'LOCAL4', # tell syslog to log to a separate file ># virus_admin_maps => ["virusalert\@$mydomain"], # alert of internal viruses ># spam_admin_maps => ["spamalert\@$mydomain"], # alert of internal spam ># bypass_spam_checks_maps => [1], # or: don't spam-check internal mail ># bypass_banned_checks_maps => [1], # don't banned-check internal mail ># warnbadhsender => 1, # warn local senders about their broken MUA ># banned_filename_maps => ['MYNETS-DEFAULT'], # more permissive banning rules ># spam_quarantine_cutoff_level_maps => undef, # quarantine all local spam ># spam_dsn_cutoff_level_maps => undef, # ensure NDN regardless of spam level ># spam_dsn_cutoff_level_bysender_maps => # but only from local domain senders ># [ { lc(".$mydomain") => undef, '.' => 15 } ], ># }; > >## the name 'MYUSERS' has special semantics: this policy bank gets loaded >## whenever the sender matches @local_domains_maps. This only makes sense >## if local sender addresses can be trusted -- for example by requiring >## authentication before letting users send with their local address. ># ># $policy_bank{'MYUSERS'} = { ># final_virus_destiny => D_BOUNCE, # bounce only to authenticated local users ># final_banned_destiny=> D_BOUNCE, ># }; > > >## Now we can assign policy banks to amavisd tcp port numbers listed in >## $inet_socket_port. Whenever the connection from MTA is received, first >## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in >## all the global/legacy settings, then it gets overlaid by the bank >## named in the $interface_policy{$port} if any, and finally the bank >## 'MYNETS' is overlaid if it exists and the SMTP client IP address >## is known (by XFORWARD command from MTA) and it matches @mynetworks. > ># $interface_policy{'10026'} = 'ALT'; > ># used by amavisd-release utility of a new AM.PDP-based amavis-milter client >#$interface_policy{'9998'} = 'AM.PDP-INET'; >#$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; > ># invoke custom hooks or additional configuration files: ># include_config_files('/etc/amavisd-custom.conf'); > ># Want to execute additional configuration files from some directory? >#{ my($d) = '/etc/amavis/conf.d'; # do *.cf or *.conf files in this directory ># local(*D); opendir(D,$d) or die "Can't open dir $d: $!"; ># my(@d) = sort grep {/\.(cf|conf)$/ && -f} map {/^(.*)$/,"$d/$1"} readdir(D); ># closedir(D) or die "Can't close $d: $!"; ># include_config_files($_) for (@d); >#} > >1; # insure a defined return value
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=298003">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 397763
: 298003
