use strict; # Configuration file for amavisd-new # Defaults modified for the Debian amavisd-new package # $Id: amavisd.conf,v 1.3 2003/03/05 02:30:30 hmh Exp $ # # This software is licensed under the GNU General Public License (GPL). # See comments at the start of amavisd-new for the whole license text. #Sections: # Section I - Essential daemon and MTA settings # Section II - MTA specific # Section III - Logging # Section IV - Notifications, quarantine # Section V - Per-recipient and per-sender handling, whitelisting, etc. # Section VI - Resource limitations # Section VII - External programs, virus scanners, SpamAssassin #GENERAL NOTES: # This file is a normal Perl code, interpreted by Perl itself. # - make sure this file (or directory where it resides) is NOT WRITABLE # by mere mortals, otherwise it represents a severe security risk! # - for values which are interpreted as booleans, it is recommended # to use 1 for true, and 0 or undef or '' for false. # THIS IS DIFFERENT FROM TRADITIONAL VERSIONS where "no" also meant false, # now it means true, like any nonempty string does! # - Perl syntax applies. Most notably: strings in "" may include variables # (which start with $ or @ signs), in single-quoted strings the $ and @ # have no special meaning, so it is usually easier to use single quoted # strings. Still, in both cases a backslash need to be doubled. # - all e-mail addresses in this file and as used internally by the daemon # are in their raw (rfc2821-unquoted and nonbracketed) form, i.e. # 'Bob "Funny" Dude@example.com', not "Bob \"Funny\" Dude"@example.com # # Section I - Essential daemon and MTA settings # # Set the user and group to which the daemon will change when started as root: $daemon_user = 'amavis'; # (no default (undef)) $daemon_group = 'amavis'; # (no default (undef)) # Runtime directory (no trailing slash, defaults to '/var/amavis') $TEMPBASE = '/var/lib/amavis'; # MTA SETTINGS, UNCOMMENT AS APPROPRIATE, defaults to 'smtp:127.0.0.1:10025' # POSTFIX or EXIM V4 or dual MTA setup (set host IP and port num as required) $notify_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail $forward_method = 'smtp:127.0.0.1:10025'; # where to submit notifications # SENDMAIL MILTER via amavis-milter.c helper program: #$forward_method = undef; # no explicit forwarding, sendmail does it itself #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -i -odd -f ${sender} -- ${recipient}'; # add option -Ac or -C configfile if your sendmail needs it # USING MODIFIED amavis.c RUN AS LOCAL DELIVERY AGENT (classical sendmail) #$forward_method = undef; # no explicit forwarding, amavis.c does it #$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -i -f ${sender} -- ${recipient}'; #$daemon_chroot_dir = '/var/amavis'; # (default is undef => do not chroot) $pid_file = "/var/run/amavis/amavisd.pid"; # (default: "$TEMPBASE/amavisd.pid") $lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$TEMPBASE/amavisd.lock") # Net::Server pre-forking settings # You may want $max_servers to match the width of your MTA pipe # feeding amavisd, e.g. with Postfix the 'Max procs' field in the # master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp # # $max_servers = 10; # number of pre-forked children (default 2) $max_servers = 3; # number of pre-forked children (default 2) $max_requests = 80; # retire a child after that many accepts (default 10) $child_timeout=5*60; # abort child if it does not complete each task in n sec # (default: 8*60 seconds) # Check also the settings of @av_scanners at the end if you want to use # virus scanners. If not, you may want to delete the whole long assignment # to the variable @av_scanners, which will also remove the virus checking # code (e.g. if you only want to do spam scanning). # Here is a QUICK WAY to completely DISABLE some sections of code # that WE DO NOT WANT (it won't even be compiled-in). # For more refined controls leave the following two lines commented out, # and see further down what these two lookup list really mean. # # @bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE ANTI-VIRUS code # @bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE ANTI-SPAM code # # Any setting can be changed with a new assignment, so make sure # you do not unintentionally override these settings further down! # @bypass_spam_checks_acl = qw( ); # No default dependency on spamassassin @bypass_spam_checks_acl = qw( ); # No default dependency on spamassassin # Lookup list of local domains (see README.lookups for syntax details) # @local_domains is used in deciding whether a recipient is local or not. # This affects inserting spam-related headers for local recipients, # limiting recipient virus notifications to local recipients, # in deciding if address extension may be appended, and in SQL lookups # for non-fqdn addresses. Safe to leave empty, but set it up correctly # if you need features that rely on this setting. # #@local_domains = qw(); # default is empty, no recipient is treated as local # @local_domains = qw( .example.com ); # @local_domains = qw( .example.com !host.sub.example.net .sub.example.net ); #@local_domains = qw( .cathey.us cathey.us mikecathey.com veronicasenior.com # beckycathey.com janetta.com lonnybyrd.com catheys.org # jenniferwilliams.org wishbot.com smilingman.catt.com # beta.catt.com ); #or alternatively, using a list of regular expressions: #$local_domains_re = new_RE( qr'[@.]example\.com$'i ); $local_domains_re = new_RE( qr'[@.].*\..*$'i ); # # Section II - MTA specific settings (defaults should be ok) # # if $relayhost_is_client is true, IP address in $notify_method and # $forward_method is dynamically overridden with SMTP client peer address # if available, which makes possible for several hosts to share one daemon $relayhost_is_client = 1; # (defaults to false) $insert_received_line = 1; # behave like MTA: insert 'Received:' header # (does not apply to sendmail/milter) # (default is true (1) ) # AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter) # (used with amavis helper clients like amavis-milter.c and amavis.c, # not needed for Postfix and Exim) #$unix_socketname = "$TEMPBASE/amavisd.sock"; # amavis helper protocol socket $unix_socketname = undef; # disable listening on a unix socket # (default is undef, i.e. disabled) # (usual setting is $TEMPBASE/amavisd.sock) # Do we receive quoted or raw addresses from the helper program? # (does not apply to SMTP; defaults to true) $gets_addr_in_quoted_form = 1; # "Bob \"Funny\" Dude"@example.com # $gets_addr_in_quoted_form = 0; # Bob "Funny" Dude@example.com # SMTP-INPUT PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) # (used when MTA is configured to pass mail to amavisd directly via SMTP) $inet_socket_port = 10024; # accept SMTP on this local TCP port # (default is undef, i.e. disabled) # SMTP-INPUT access control # - do not allow free access to the amavisd SMTP port !!! # # when MTA is at the same host, use the following (one or the other or both): $inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface # (default is '127.0.0.1') @inet_acl = qw( 127.0.0.1 66.58.25.29 ); # allow SMTP access only from localhost IP # (default is qw( 127.0.0.1 ) ) # when MTA (one or more) is on a different host, use the following: # @inet_acl = qw(127/8 10.1.0.1 10.1.0.2); # adjust the list as appropriate # $inet_socket_bind = undef; # bind to all IP interfaces # # Example1: # @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 ); # permit only SMTP access from loopback and rfc1918 private address space # # Example2: # @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0 # 127.0.0.1 10/8 172.16/12 192.168/16 ); # matches loopback and rfc1918 private address space except host 192.168.1.12 # and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches) # # Example3: # @inet_acl = qw( 127/8 # !172.16.3.0 !172.16.3.127 172.16.3.0/25 # !172.16.3.128 !172.16.3.255 172.16.3.128/25 ); # matches loopback and both halves of the 172.16.3/24 C-class, # split into two subnets, except all four broadcast addresses # for these subnets # # See README.lookups for details on specifying access control lists. # # Section III - Logging # # If sender matches ACL, turn debugging fully up, just for this one message # @debug_sender_acl = qw( debug@example.com ); # true (e.g. 1) => syslog; false (e.g. 0) => logging to file $DO_SYSLOG = 1; # (defaults to false) #$SYSLOG_LEVEL = 'user.info'; # (defaults to 'mail.info') # Log file (if not using syslog) $LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log) #NOTE: levels are not strictly observed and are somewhat arbitrary # 0: startup/exit/failure messages, viruses detected # 1: args passed from client, some more interesting messages # 2: virus scanner output, timing # 3: server client # 4: decompose parts # 5: more debug details $log_level = 2; # (defaults to 0) # customizeable template for the most interesting log file entry (e.g. with # $log_level=0) (take care to properly quote Perl special characters like '\'): # only log infected messages # $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])], # # [? %#V |[? %#F ||from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]# # |from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]'; # log both infected and noninfected messages $log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], # [?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m'; # # Section IV - Notifications, quarantine # # default template texts for notifications may be overruled by directly # assigning new text to template variables, or by reading template text # from files: # my $notify_files_base = '/etc/amavis/en_US'; # Standard messages #my $notify_files_base = '/etc/amavis/pt_BR'; # Brazillian Portuguese # $notify_sender_templ = read_text("$notify_files_base/template-dsn.txt"); $notify_virus_sender_templ= read_text("$notify_files_base/template-virus-sender.txt"); $notify_virus_admin_templ = read_text("$notify_files_base/template-virus-admin.txt"); $notify_virus_recips_templ= read_text("$notify_files_base/template-virus-recipient.txt"); $notify_spam_sender_templ = read_text("$notify_files_base/template-spam-sender.txt"); $notify_spam_admin_templ = read_text("$notify_files_base/template-spam-admin.txt"); # Treat envelope sender address as unreliable and don't send # sender notification if name(s) of detected virus(es) match the list. # Note that virus names are supplied by external virus scanner(s) and are # not standardized, so virus names may need to be adjusted. # See README.lookups for syntax. # $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid'i ); # Notify virus sender/recipient? # (for admin notifications see $virus_admin and $spam_admin) $warnvirussender = 1; # (defaults to false (undef)) $warnvirusrecip = 0; # (defaults to false (undef)) # Notify spam sender? $warnspamsender = 0; # (defaults to false (undef)) # Notify off-site recipients? (not matching @local_domains/$local_domains_re) # It is a very bad idea to set this one to true when using warn*recip, so don't $warn_offsite = 0; # (defaults to false (undef)) # whom notification reports are sent from (ENVELOPE SENDER); # may be a null reverse path, or a fully qualified address: # (admin and recip sender addresses default to $mailfrom # for compatibility, which in turn defaults to undef (empty) ) # $mailfrom_notify_sender = ''; # null reserse path. Should not be changed! $mailfrom_notify_admin = 'noc@cathey.us'; $mailfrom_notify_recip = 'noc@cathey.us'; $mailfrom_notify_spamadmin = 'noc@cathey.us'; # 'From' HEADER FIELD for sender and admin notifications. # This should be a replyable address, see rfc1894. Not to be confused # with $mailfrom_notify_sender, which is the envelope address and # should be empty (null reverse path) according to rfc2821. # # $hdrfrom_notify_sender = 'amavisd-new '; # (defaults to: "amavisd-new ") # $hdrfrom_notify_admin = $mailfrom_notify_admin; # (defaults to: $mailfrom_notify_admin) # $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin; # (defaults to: $mailfrom_notify_spamadmin) $hdrfrom_notify_sender = 'AMaViS (content filter) '; # whom quarantined messages appear to be sent from (envelope sender) $mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly # (default is undef) # where to send admin virus notifications (should be a fully qualified address) # - the administrator address may be a simple fixed e-mail address (a scalar), # or may depend on the SENDER address (e.g. its domain), in which case # a ref to a hash table can be specified (specify lower-cased keys, # dot is a catchall, see README.lookups). # # Empty or undef lookup disables virus admin notifications. # $virus_admin = undef; # do not send virus admin notifications (default) # $virus_admin = {'not.example.com' => '', '.' => 'virusalert@example.com'}; #$virus_admin = 'noc@cathey.us'; # equivalent to $virus_admin, but for spam admin notifications: # $spam_admin = undef; # do not send spam admin notifications (default) # $spam_admin = {'not.example.com' => '', '.' => 'spamalert@example.com'}; #advanced example, using a hash lookup table: #$virus_admin = { # 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com', # '.sub1.example.com' => 'virusalert@sub1.example.com', # '.sub2.example.com' => '', # don't send admin notifications # 'a.sub3.example.com' => 'abuse@sub3.example.com', # '.sub3.example.com' => 'virusalert@sub3.example.com', # '.example.com' => 'noc@example.com', # catchall for our virus senders # '.' => 'virusalert@hq.example.com', # catchall for the rest #}; # Location to put infected mail into: # - empty for not quarantining, may be a file (mailbox), # or a directory (no trailing slash) # (the default value is undef, meaning no quarantine) # # $QUARANTINEDIR = '/var/lib/amavis/virusmails'; $QUARANTINEDIR = undef; # A finer control of quarantining is available through variable # $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string, # or a ref to a hash lookup table, or a regexp lookup table object, # which makes possible to set up per-recipient quarantine addresses. # # The value of scalar $virus_quarantine_to (or per-recipient lookup results # from the hash table %$virus_quarantine_to) is/are interpreted as follows: # # VARIANT 1: # empty or undef disables virus quarantine; # # VARIANT 2: # a string NOT containg an '@'; # amavisd will behave as a local delivery agent (LDA) and will quarantine # viruses to local files according to hash %local_delivery_aliases (pseudo # aliases map) - see subroutine mail_to_local_mailbox() for details. # One of the predefined aliases is 'virus-quarantine'. # Setting $virus_quarantine_to to this string will: # # * if $QUARANTINEDIR is a directory, each quarantined virus will go # to a separate file in the $QUARANTINEDIR directory (traditional # amavis style, similar to maildir mailbox format); # # * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style # mailbox. All quarantined messages will be appended to this file. # Amavisd child process must obtain an exclusive lock on the file during # delivery, so this may be less efficient than using individual files # or forwarding to MTA, and it may not work across NFS or other non-local # file systems (but may be handy for pickup of quarantined files via IMAP # for example); # # VARIANT 3: # any email address (must contain '@'). # The e-mail messages to be quarantined will be handed to MTA # for delivery to the specified address. If a recipient address local to MTA # is desired, you may leave the domain part empty, e.g. 'infected@', but the # '@' character must nevertheless be included to distinguish it from variant 2. # # This method enables more refined delivery control made available by MTA # (e.g. its aliases file, other local delivery agents, dealing with # privileges and file locking when delivering to user's mailbox, nonlocal # delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined # will not be handed back to amavisd for checking, as this will cause a loop # (hopefully broken at some stage)! If this can be assured, notifications # will benefit too from not being unecessarily virus-scanned. # # By default this is safe to do with Postfix and Exim v4, but probably # not safe with sendmail milter interface without precaution. # (the default value is undef, meaning no quarantine) $virus_quarantine_to = 'virus-quarantine'; # traditional quarantine style #$virus_quarantine_to = 'infected@'; # forward to MTA for delivery #$virus_quarantine_to = 'gallery@some.example.com'; # likewise #$virus_quarantine_to = undef; # no quarantine # #$virus_quarantine_to = new_RE( # [qr'^user@example\.com$'i => 'infected@'], # [qr/.*/ => 'virus-quarantine'] ); # similar for spam # (the default value is undef, meaning no quarantine) $spam_quarantine_to = 'spam-quarantine'; #$spam_quarantine_to = 'quarantine@example.com'; # Add X-Virus-Scanned line to mail? # (default: undef) $X_HEADER_TAG = 'X-Virus-Scanned'; # Leave empty to add no header # (default: undef) $X_HEADER_LINE = "by $myversion (Debian)"; # $remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone $remove_existing_x_scanned_headers= 1; # remove existing headers # (defaults to false) # set $bypass_decode_parts to true if you have a good virus scanner # that can deal with compression and recursively unpacking archives by itself, # and save amavisd the trouble. It is a double-edged sword, make sure you know # what you are doing! # $bypass_decode_parts = 0; # (defaults to false) # don't trust this file type or unpacker for this file type, # keep both the original and the unpacked file # (lookup key is what 'file' utility returned): # $keep_decoded_original_re = new_RE( qr'^(ASCII|text|uuencoded|xxencoded|binhex)'i, ); # Checking for banned MIME types and names. If any mail part matches, # the whole mail is rejected, much like the way viruses are handled. # A list @banned_filename_patterns_re can be defined to provide a list # of Perl regular expressions to be matched against each part's: # # * Content-Type value (both declared and effective mime-type), # including the possible security risk content types # message/partial and message/external-body, as specified by rfc2046; # # * declared (recommended) file names as specified by MIME subfields # Content-Disposition.filename and Content-Type.name, both in their # raw (encoded) form and in rfc2047-decoded form if applicable; # # * file content type as guessed by 'file' utility, both the raw # result from 'file', as well as short type name, classified # into names such as .asc, .txt, .html, .doc, .jpg, .pdf, # .zip, .exe, ... - see subroutine determine_file_types(). # This step is done only if $bypass_decode_parts is not true. $banned_filename_re = new_RE( qr'\.[a-zA-Z][a-zA-Z0-9]{2}\.(vbs|pif|scr|bat|com|lnk)$'i, qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 ); # # Section V - Per-recipient and per-sender handling, whitelisting, etc. # # Here is an overall picture (sequence of events) of how pieces fit together # (only virus controls are shown, spam controls work the same way): # # bypass_virus_checks? ==> PASS # no viruses? ==> PASS # log virus if $log_templ is nonempty # quarantine if $virus_quarantine_to is nonempty # notify admin if admin address (lookup) nonempty # notify recips if $warnvirusrecip and (recipient is local or warn_offsite) # final_destiny==pass? ==> PASS # virus_lovers? ==> PASS # DISCARD or REJECT (depending on final_*_destiny) # NOTE: sender gets a true DSN (delivery status notification: rfc1892, rfc1894) # The home-brewed notify_sender does not exist anymore. $final_virus_destiny = 0; # -1=reject, 0=discard, 1=pass; (defaults to 0) $final_banned_destiny = 1; # -1=reject, 0=discard, 1=pass; (defaults to 1) $final_spam_destiny = 1; # -1=reject, 0=discard, 1=pass; (defaults to -1) # NOTE: perhaps a more informative alternative for spam sender notifications # it to set $warnspamsender to 1 and $final_spam_destiny to 0, as is the # default for virus sender notifications. This way bounces are generated # by amavisd (more informative), and not by MTA. # %virus_lovers, @virus_lovers_acl and $virus_lovers_re lookup tables: # (these should be considered policy options, they do not disable checks, # see bypas*checks for that!) # # Exclude certain RECIPIENTS from virus filtering by adding their lower-cased # envelope e-mail address (or domain only) to the hash %virus_lovers, or to # the access list @virus_lovers_acl - see README.lookups and examples. # Make sure the appropriate form (e.g. external/internal) of address # is used in case of virtual domains, or when mapping external to internal # addresses, etc. - this is MTA-specific. # # Notifications would still be generated however (see the overall # picture above), and infected mail (if passed) gets additional header: # X-AMaViS-Alert: INFECTED, message contains virus: ... # (header not inserted with milter interface!) # # NOTE (milter interface only): in case of multiple recipients, # it is only possible to drop or accept the message in its entirety - for all # recipients. If all of them are virus lovers, we'll accept mail, but if # at least one recipient is not a virus lover, we'll discard the message. # %bypass_virus_checks, @bypass_virus_checks_acl and $bypass_virus_checks_re # lookup tables: # (this is mainly a time-saving option, unlike virus_lovers* !) # # Similar in concept to %virus_lovers, a hash %bypass_virus_checks, # access list @bypass_virus_checks_acl and regexp list $bypass_virus_checks_re # are used to skip entirely the decoding, unpacking and virus checking, # but only if ALL recipients match the lookup. # # %bypass_virus_checks/@bypass_virus_checks_acl/$bypass_virus_checks_re # do NOT GUARANTEE the message will NOT be checked for viruses - this may # still happen when there is more than one recipient for a message, and # not all of them match these lookup tables. To guarantee virus delivery, # a recipient must also match %virus_lovers/@virus_lovers_acl lookups # (but see milter limitations above), # NOTE: it would not be clever to base virus checks on SENDER address, # since there are no guarantees that it is genuine. Many viruses # and spam messages fake sender address. To achieve selective filtering # based on the source of the mail (e.g. IP address, MTA port number, ...), # use mechanisms provided by MTA if available. # Similar to lookup tables controlling virus checking, # there exist spam scanning and banned names/types control counterparts: # %spam_lovers, @spam_lovers_acl # %banned_files_lovers, @banned_files_lovers_acl # and: # %bypass_spam_checks/@bypass_spam_checks_acl/$bypass_spam_checks_re # (but no bypass_banned_checks, as $bypass_decode_parts controls it already) # See README.lookups for detailsabout the syntax. # The following example disables spam checking altogether, # since it matches any recipient e-mail address (any address # is a subdomain of the top-level root DNS domain): # @bypass_spam_checks_acl = qw( . ); # See README.lookups for further detail, and examples below. # $virus_lovers{lc('abuse@example.com')} = 1; # $virus_lovers{lc('postmaster@example.com')} = 1; # $virus_lovers{lc('some.user@')} = 1; # this user, regardless of domain # $virus_lovers{lc('boss@example.com')} = 0; # never, even if domain matches # $virus_lovers{lc('example.com')} = 1; # this domain (but not its subdomains) # @virus_lovers_acl = qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ); # # $bypass_virus_checks{lc('some.user2@butnot.examle.com')} = 1; # @bypass_virus_checks_acl = qw( some.ddd !butnot.examle.com .examle.com ); # @virus_lovers_acl = qw( postmaster@example.com ); # $virus_lovers_re = new_RE( qr'(helpdesk|postmaster)@example\.com$'i ); # $spam_lovers{lc('abuse@example.com')} = 1; # $spam_lovers{lc('postmaster@example.com')} = 1; # @spam_lovers_acl = qw( !.example.com ); # $spam_lovers_re = new_RE( qr'^user@example\.com$'i ); # don't run spam check for these recipient domains: # @bypass_spam_checks_acl = qw( d1.com .d2.com a.d3.com ); # or the other way around (bypass check for all BUT these): # @bypass_spam_checks_acl = qw( !d1.com !.d2.com !a.d3.com . ); # Where to find SQL server(s) and database to support SQL lookups? # A list of triples: (dsn,user,passw). (dsn = data source name) # Specify more than one for multiple (backup) SQL servers. # # @lookup_sql_dsn = # ( ['DBI:mysql:mail:host1', 'some-username1', 'some-password1'], # ['DBI:mysql:mail:host2', 'some-username2', 'some-password2'] ); # If you decide to pass viruses (or spam) to certain users using the # above lookup tables or using $final_virus_destiny=1, you can set # the variable $addr_extension_virus ($addr_extension_spam) to some # string, and the recipient address will have this string appended # as an address extension to the local-part of the address. This extension # can be used by final local delivery agent to place such mail in different # folders. Leave these two variables undefined or empty strings to prevent # appending address extensions. Setting has no effect on users which will # not be receiving viruses/spam. Recipients who do not match access list # @local_domains/$local_domains_re are not affected. # # LDAs usually default to stripping away address extension if no special # handling is specified, so having this option enabled normally does no harm, # provided the $recipients_delimiter matches the setting on the final # MTA's LDA. # $addr_extension_virus = 'virus'; # (default is undef, same as empty) # $addr_extension_spam = 'spam'; # (default is undef, same as empty) # $addr_extension_banned = 'banned'; # (default is undef, same as empty) # Delimiter between local part of the recipient address and address extension # (which can optionally be added, see variables $addr_extension_virus and # $addr_extension_spam). E.g. recipient address gets changed # to . # # Delimiter should match equivalent (final) MTA delimiter setting. # (e.g. for Postfix add 'recipient_delimiter = +' to main.cf) # Setting it to an empty string or to undef disables this feature # regardless of $addr_extension_virus and $addr_extension_spam settings. $recipient_delimiter = '+'; # (default is '+') # true: replace extension; false: append extension $replace_existing_extension = 1; # (default is false) # Affects matching of localpart of e-mail addresses (left of '@') # in lookups: true = case sensitive, false = case insensitive $localpart_is_case_sensitive = 1; # (default is false) # ENVELOPE SENDER WHITELISTING / BLACKLISTING : # (see README.lookups for syntax) # Use SMTP sender whitelist lookups to bypass spam checking: # a hash lookup %whitelist_sender, an ACL @whitelist_sender_acl, # and a regexp lookup table $whitelist_sender_re # ... and the opposite: declare spam (and skip other spam checks) # on blacklisted senders: # a hash lookup %blacklist_sender, an ACL @blacklist_sender_acl, # and a regexp lookup table $blacklist_sender_re #ACL: # @whitelist_sender_acl = qw( .example.com ); #RE: # $whitelist_sender_re = new_RE( # qr'^postmaster@.*\bexample\.com$'i, # qr'owner-[^@]*@'i, qr'-request@'i, # qr'\.example\.com$'i ); # $blacklist_sender_re = new_RE( qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i, qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i, qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlife|smoking2002k)@'i, qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i, qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i, qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i, qr'^\d*Solutions[^@]*@btamail\.net\.cn$'i, ); #HASH lookup variant: # NOTE: Perl operator qw splits its argument string by whitespace # and produces a list. This means that addresses can not contain # whitespace, and there is no provision for comments within the string. # You can use the normal Perl list syntax if you have special requirements, # e.g. map {...} ('one user@bla', '.second.com'), or use read_hash to read # addresses from a file. # # a hash lookup table can be read from a file, # one address per line, comments and empty lines are permitted: # #read_hash(\%whitelist_sender, '/var/amavis/whitelist_sender'); # ... or set directly: map { $whitelist_sender{lc($_)}=1 } (qw( cert-advisory-owner@cert.org owner-alert@iss.net slashdot@slashdot.org bugtraq@securityfocus.com NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM security-alerts@linuxsecurity.com amavis-user-admin@lists.sourceforge.net razor-users-admin@lists.sourceforge.net notification-return@lists.sophos.com mailman-announce-admin@python.org zope-announce-admin@zope.org owner-postfix-users@postfix.org owner-postfix-announce@postfix.org owner-sendmail-announce@Lists.Sendmail.ORG owner-technews@postel.ACM.ORG lvs-users-admin@LinuxVirtualServer.org ietf-123-owner@loki.ietf.org cvs-commits-list-admin@gnome.org rt-users-admin@lists.fsck.com owner-announce@mnogosearch.org owner-hackers@ntp.org owner-bugs@ntp.org clp-request@comp.nus.edu.sg surveys-errors@lists.nua.ie emailNews@genomeweb.com owner-textbreakingnews@CNNIMAIL12.CNN.COM spamassassin-talk-admin@lists.sourceforge.net yahoo-dev-null@yahoo-inc.com )); # # Section VI - Resource limitations # # Sanity limit to the number of allowed recipients per SMTP transaction # $smtpd_recipient_limit = 1000; # (default is 1000) # Resource limitations to protect against mail bombs (e.g. 42.zip) # Maximum recursion level for extraction/decoding (0 or undef disables limit) $MAXLEVELS = 14; # (default is undef, no limit) # Maximum number of extracted files (0 or undef disables the limit) $MAXFILES = 1500; # (default is undef, no limit) # For the cumulative total of all decoded mail parts we set max storage size # to defend against mail bombs. Even though parts may be deleted (replaced # by decoded text) during decoding, the size they occupied is _not_ returned # to the quota pool. # # Parameters to storage quota formula for unpacking/decoding/decompressing # Formula: # quota = max($MIN_EXPANSION_QUOTA, # $mail_size*$MIN_EXPANSION_FACTOR, # min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR)) # In plain words (later condition overrules previous ones): # allow MAX_EXPANSION_FACTOR times initial mail size, # but not more than MAX_EXPANSION_QUOTA, # but not less than MIN_EXPANSION_FACTOR times initial mail size, # but never less than MIN_EXPANSION_QUOTA # # $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) # $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $MIN_EXPANSION_QUOTA = 500*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 500*1024*1024; # bytes (default undef, not enforced) $MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified) $MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified) # # Section VII - External programs, virus scanners # # Specify a path string, which is a colon-separated string of directories # (no trailing slashes!) to be assigned to the environment variable PATH # and to serve for locating external programs below. # NOTE: if $daemon_chroot_dir is nonempty, the directories will be # relative to the chroot directory specified; $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $helpers_home = $TEMPBASE; # (defaults to $TEMPBASE) # Specify one string or a search list of strings (first match wins). # The string (or: each string in a list) may be an absolute path, # or just a program name, to be located via $path; # Empty string or undef (=default) disables the use of that external program. # Optionally command arguments may be specified - only the first substring # up to the whitespace is used for file searching. $file = 'file'; $arc = ['nomarch', 'arc']; $gzip = 'gzip'; $bzip2 = 'bzip2'; $uncompress = ['uncompress', 'gzip -d', 'zcat']; $lha = 'lha'; $unarj = ['arj', 'unarj']; $unrar = 'unrar'; $zoo = 'zoo'; # SpamAssassin settings # $sa_local_tests_only = 1; # defaults to false # $sa_debug = 1; # defaults to false # AWL (auto whitelisting), requires spamassassin 2.44 or better # $sa_auto_whitelist = 1; # defaults to undef $sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger # (less than 1% of spam is > 64k) # default: undef, no limitations # default values, can be overridden by more specific lookups, e.g. SQL $sa_tag_level_deflt = -1000; # add spam info headers, if at or above that level # $sa_tag2_level_deflt = -1000; # add spam info headers, if at or above that level $sa_kill_level_deflt = 6.0; # declare spam at or above this level, # triggers spam evasive actions # such as quarantine, notify, reject/drop # a quick reference: # tag_level controls adding of X-Spam-Status and X-Spam-Level, # kill_level controls X-Spam-Flag: YES, Subject, and 'evasive actions' # string to prepend to Subject header field when message exceeds kill level #$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, =empty) # (only seen when spam is not to be rejected and # recipient is in @local_domains/$local_domains_re) # @av_scanners is a list of n-tuples, where fields semantics is: # 1. av scanner plain name, to be used in log and reports; # 2. scanner program name; this string will be submitted to subroutine # find_external_programs(), which will try to find the full program # path name; if program is not found, this scanner is disabled. # Besides a simple string (full program path name or just the basename # to be looked for in PATH), this may be an array ref of alternative # program names or full paths - the first match in the list will be used; # As a special case for more complex scanners, this field may be # a subroutine reference, and the whole n-tuple is passed to it as args. # 3. command arguments to be given to the scanner program; # a substring {} will be replaced by the directory name to be scanned, # i.e. "$tempdir/parts" # 4. a set of av scanner exit status values, or a regexp (to be matched # against scanner output), indicating NO VIRUSES found; # 5. a set of av scanner exit status values, or a regexp (to be matched # against scanner output), indicating VIRUSES WERE FOUND; # Note: the virus match prevails over a 'not found' match, so it is safe # even if 4. matches for viruses too; # 6. a regexp (to be matched against scanner output), returning a list # of virus names found. # 7. and 8.: (optional) subroutines to be executed before and after scanner # (e.g. to set environment or current directory); # see examples for these at KasperskyLab AVP and Sophos sweep. # NOTES: # # - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the # whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE # (which can be handy if all you want to do is spam scanning); # # - the order matters: when several av scanners are found, they are run # in the order specified; REARRANGE THE ORDER TO WILL; # # - it doesn't hurt to keep an unused command line scanner entry in the list # if the program can not be found; the path search is only performed once # during the program startup; # # CORROLARY: to disable a scanner that _does_ exist on your system, # comment out its entry or use undef or '' as its program name/path # (second parameter). An example where this is almost a must: disable # Sophos sweep if you have its daemonized version Sophie or SAVI-Perl # (same for Trophie/vscan, and clamd/clamscan). # # - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES # for interfacing (where the second parameter starts with \&). # Keeping such entry and not having a corresponding virus scanner daemon # causes an unnecessary connection attempt (which eventually times out, # but it wastes precious time). For this reason the daemonized entries # are commented in the distribution - just remove the '#' where needed. @av_scanners = ( # ### http://www.openantivirus.org/ # ['OpenAntiVirus ScannerDaemon (OAV)', # \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], # qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ], # ### http://clamav.elektrapro.com/ ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", '/var/run/clamd.ctl'], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # ### http://www.vanja.com/tools/sophie/ # ['Sophie', # \&ask_daemon, ["{}/\n", '/var/run/sophie'], # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], # ### http://www.vanja.com/tools/trophie/ # ['Trophie', # \&ask_daemon, ["{}/\n", '/var/run/trophie'], # qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, # qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ], # ['FRISK F-Prot Daemon', # \&ask_daemon, # ["GET {}/*?-dumb%20-archive HTTP/1.0\r\n\r\n", # ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202', # '127.0.0.1:10203','127.0.0.1:10204'] ], # qr/(?i)]*>clean<\/summary>/, # qr/(?i)]*>infected<\/summary>/, # qr/(?i)(.+)<\/name>/ ], # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ # ['Sophos SAVI', \&sophos_savi ], # ### http://clamav.elektrapro.com/ # ['Clam Antivirus - clamscan', 'clamscan', # '--stdout --disable-summary -r {}', [0], [1], # qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # ['KasperskyLab AntiViral Toolkit Pro (AVP)', 'kavscanner', # "-* -P -B -Y -O- {}", [0,3], [4], # qr/infected: (.+)/, # sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, # sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, # ], # # ['KasperskyLab AVPDaemonClient', # ['/opt/AVP/kavdaemon','kavdaemon','/opt/AVP/avpdc','avpdc'], # '{}', [0], [3,4,5,6], qr/infected: (.+)/ ], # # ['H+B EDV AntiVir', 'antivir', # '-allfiles -noboot -s -z {}', [0], [1], # qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | # (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], # # ['Command AntiVirus for Linux', 'csav', # '-all -archive -packed {}', [50], [51,52,53], # qr/Infection: (.+)/ ], # # ['Symantec CarrierScan via Symantec CommandLineScanner', 'cscmdline', # '-a scan -i 1 -v -s 127.0.0.1:7777 {}', # qr/Files Infected: 0/, qr/^Infected: /, # qr/Info:\s+(.+)/ ], # # ['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb', # '-al -ar -fm -go -ha -ml -ni -ot -sd -up {}', # [0], [1], sub {('no-name')} ], # # ['FRISK F-Prot Antivirus/Linux', ['f-prot','f-prot.sh'], # '-DUMB -ARCHIVE {}', [0,8], [3,6], # qr/Infection: (.+)/ ], # # ['F-Secure Antivirus', 'fsav', # '--dumb --archive {}', [0], [3,8], # qr/infection: (.+)/ ], # # ['CAI InoculateIT', 'inocucmd', # '-sec -nex {}', [0], [100], # qr/was infected by virus (.+)/ ], # # ['MkS_Vir for Linux (beta)', 'mks32', # '-e -c {}/*', [0], [1,2], # qr/--(.+)/ ], # # ['ESET Software NOD32', 'nod32', # '-all -subdir+ {}', [0], [1,2], # qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ], # # ['ESET Software NOD32 - Client/Server Version', 'nod32cli', # '-a -r -d recurse --heur standard {}', [0], [10,11], # qr/^\S+\s+infected:\s+(.+)/ ], # # ['Norman Virus Control v5 / Linux', 'nvccmd', # '-c -l:0 -s -u {}', [0], [1], # qr/(?i).* virus in .* -> \'(.+)\'/ ], # # ['Panda Antivirus for Linux', ['pavcl','pavc'], # '{} -aut -eng -heu -nso -aex -nor -cmp', # qr/Number of files infected\.*: 0(?!\d)/, # qr/Number of files infected\.*: 0*[1-9]/, # qr/Found virus :\s*(\S+)/ ], # # ['GeCAD RAV AntiVirus 8', 'ravav', # # NOTE: the command line switches changed with scan engine 8.5 ! # '--all --archive --mail {}', [0,1], [2,3,4,5], # qr/Infected: (.+)/ ], # # ['NAI McAfee AntiVirus (uvscan)', 'uvscan', # '--secure -rv --summary --noboot {}', [0], [13], # qr/(?x) Found (?: # \ the\ (.+)\ (?:virus|trojan) | # \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | # :\ (.+)\ NOT\ a\ virus)/ ], # # ['VirusBuster (Client + Daemon)', 'vbengd', # # HINT: for an infected file it returns always 3, # # although the man-page tells a different story # '-f -log scandir {}', [0], [3], # qr/Virus found = (.*);/ ], # # ['Sophos Anti Virus (sweep)', 'sweep', # '-nb -f -all -rec -ss -sc -archive {}', # [0], qr/Virus .*? found/, # qr/^>>> Virus(?:(?: fragment)? '?(.+?)'? found)/, # sub {$ENV{SAV_IDE}='/usr/local/sav'}, # ], # # ['CentralCommand Vexira - engine based on H+BEDV AntiVir/X', 'vexira', # '-allfiles -noboot -s -z {}', [0], [1], # qr/(?i)VIRUS: .* virus (.+)/ ], # # ['CyberSoft VFind', 'vfind', # '-vexit {}', [0], [23], # qr/##==>>>> VIRUS ID: CVDL (.+)/ ], # # ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], # '-a {}/*', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ); @av_scanners_backup = ( ### http://clamav.elektrapro.com/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --disable-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # ### http://www.f-prot.com/ # ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], # '-dumb -archive -packed {}', [0,8], [3,6], # qr/Infection: (.+)/ ], # # ### http://www.trendmicro.com/ # ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], # '-a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], # ## Commented out because the name 'sweep' clashes with the Debian package of ## the same name. Make sure the correct sweep is found in the path when enabling ## ## ### http://www.sophos.com/ ## ['Sophos Anti Virus (sweep)', 'sweep', ## '-nb -f -all -rec -ss -sc -archive {}', ## [0,2], qr/Virus .*? found/, ## qr/^>>> Virus(?:(?: fragment)? '?(.+?)'? found)/, ## # sub {$ENV{SAV_IDE}='/usr/local/sav'}, ## ], ); 1; # insure a defined return