use strict; # Akadia AG, Arvenweg 4, CH-3604 Thun amavisd.conf # -------------------------------------------------------------------------- # File: amavisd.confa # # Autor: Martin Zahn, 20.12.2004 # # Purpose: Configuration file for amavisd-new # # Location: /etc # # -------------------------------------------------------------------------- ## GENERAL $mydomain = 'akadia.com'; $daemon_user = 'amavis'; $daemon_group = 'amavis'; $MYHOME = '/home/amavis'; $TEMPBASE = "/var/tempfs"; $helpers_home = "$MYHOME/var"; $db_home = "$MYHOME/db"; $pid_file = "$MYHOME/var/amavisd.pid"; $lock_file = "$MYHOME/var/amavisd.lock"; $daemon_chroot_dir = undef; $max_servers = 5; $max_requests = 20; $child_timeout = 8*60; $localpart_is_case_sensitive = 0; $enable_db = 1; $enable_global_cache = 1; @local_domains_maps = ([".$mydomain"]); # $mydomain and its subdomains @mynetworks = qw(127.0.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16); @mynetworks_maps = (\@mynetworks); ## LOGGING AND DEBUGGING $log_level = 1; $LOGFILE = "$MYHOME/amavis.log"; # Only used if Syslog not used $DO_SYSLOG = 1; $SYSLOG_LEVEL = 'mail.debug'; # $log_templ = ... built-in default at the end of file amavisd # $log_recip_templ = ... built-in default at the end of file amavisd # @debug_sender_maps = (\@debug_sender_acl); @debug_sender_acl = (); $sa_debug = 1; ## MTA INTERFACE - INPUT # $unix_socketname = undef; # Unix socket to accept amavis helper protocol $inet_socket_port = 10024; # accept connections on this TCP port(s) (SMTP...) $inet_socket_bind = '127.0.0.1'; @inet_acl = qw(127.0.0.1 ::1); # $protocol = ... defaults to SMTP or LMTP (autodetect) on inet socket $smtpd_recipient_limit = 1100; # $smtpd_message_size_limit = undef; # site-wide limit # @message_size_limit_maps = (); # per-recipient limits $smtpd_greeting_banner = '${helo-name} ${protocol} ${product} service ready'; $smtpd_quit_banner = '${helo-name} ${product} closing transmission channel'; # $auth_required_inp = undef; # @auth_mech_avail=(); # empty list disables incoming AUTH; or: qw(PLAIN LOGIN) ## MTA INTERFACE - OUTPUT ## see also $notify_method, $forward_method and $*_quarantine_method # $localhost_name = 'localhost'; # my EHLO name # $local_client_bind_address = undef; # $auth_required_out = undef; # $amavis_auth_user = undef; # for submitting notifications and quarantine # $amavis_auth_pass = undef; # $auth_reauthenticate_forwarded = undef; # our credentials for forwarding too ## MAIL FORWARDING $forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked mail $final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD) $final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_spam_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_bad_header_destiny = D_DISCARD; # (defaults to D_PASS), D_BOUNCE suggested ## QUARANTINE $QUARANTINEDIR = '/var/virusmails'; $virus_quarantine_method = 'local:virus-%i-%n'; $spam_quarantine_method = 'local:spam-%b-%i-%n'; $banned_files_quarantine_method = 'local:banned-%i-%n'; $bad_header_quarantine_method = 'local:badh-%i-%n'; $virus_quarantine_to = 'virus-quarantine'; $banned_quarantine_to = 'banned-quarantine'; $bad_header_quarantine_to= 'bad-header-quarantine'; $spam_quarantine_to = 'spam-quarantine'; $spam_quarantine_bysender_to = undef; # @virus_quarantine_to_maps = (\$virus_quarantine_to); # @banned_quarantine_to_maps = (\$banned_quarantine_to); # @bad_header_quarantine_to_maps = (\$bad_header_quarantine_to); # @spam_quarantine_to_maps = (\$spam_quarantine_to); # @spam_quarantine_bysender_to_maps = (\$spam_quarantine_bysender_to); # %local_delivery_aliases ... predefined, used by method 'local:' $mailfrom_to_quarantine = undef; # undef keeps original sender ## NOTIFICATIONS $notify_method = $forward_method; # where to submit notifications $virus_admin = "martin.zahn\@$mydomain"; $spam_admin = "martin.zahn\@$mydomain"; # @virus_admin_maps = (\%virus_admin, \$virus_admin); # @spam_admin_maps = (\%spam_admin, \$spam_admin); # $hdr_encoding = 'iso-8859-1'; # header field bodies charset # $bdy_encoding = 'iso-8859-1'; # notification body text charset # $hdr_encoding_qb = 'Q'; # quoted-printable (Q or B) # $notify_sender_templ = ... built-in default at the end of file amavisd # $notify_virus_sender_templ = ... built-in default at the end of file amavisd # $notify_spam_sender_templ = ... built-in default at the end of file amavisd # $notify_virus_admin_templ = ... built-in default at the end of file amavisd # $notify_spam_admin_templ = ... built-in default at the end of file amavisd # $notify_virus_recips_templ = ... built-in default at the end of file amavisd # $notify_spam_recips_templ = ... built-in default at the end of file amavisd $mailfrom_notify_admin = undef; $mailfrom_notify_recip = undef; $mailfrom_notify_spamadmin = undef; ## these are after-defaults: # $hdrfrom_notify_sender = "\"Content-filter at $myhostname\" "; # $hdrfrom_notify_recip = ... derived from $mailfrom_notify_recip # $hdrfrom_notify_admin = ... derived from $mailfrom_notify_admin # $hdrfrom_notify_spamadmin = ... derived from $mailfrom_notify_spamadmin $warnvirussender = undef; $warnspamsender = undef; $warnbannedsender = undef; $warnbadhsender = undef; $warn_offsite = undef; $warnvirusrecip = undef; $warnbannedrecip = undef; $warnbadhrecip = undef; # @warnvirusrecip_maps = (\$warnvirusrecip); # @warnbannedrecip_maps = (\$warnbannedrecip); # @warnbadhrecip_maps = (\$warnbadhrecip); ## MODIFICATIONS TO PASSED MAIL $insert_received_line = 1; # behave like MTA: insert 'Received:' header $remove_existing_x_scanned_headers = 0; $remove_existing_spam_headers = 0; $X_HEADER_TAG = 'X-Virus-Scanned'; # after-default $X_HEADER_LINE = "$myproduct_name at $mydomain"; # after-default $defang_virus = undef; $defang_banned = undef; $defang_bad_header = undef; $defang_undecipherable = undef; $defang_spam = undef; # $defang_all = undef; # mostly for testing $undecipherable_subject_tag = '*** UNCHECKED *** '; $sa_spam_subject_tag = '*** SPAM *** '; $sa_spam_modifies_subj = 1; $sa_spam_level_char = '*'; $sa_spam_report_header = 1; # @spam_modifies_subj_maps= (\$sa_spam_modifies_subj); # @spam_subject_tag_maps = (\$sa_spam_subject_tag1); # N.B.: inconsistent name # @spam_subject_tag2_maps = (\$sa_spam_subject_tag); # N.B.: inconsistent name ## ADDING ADDRESS EXTENSIONS TO RECIPIENTS - 'plus addressing' # $recipient_delimiter = undef; # $replace_existing_extension = 1; # $addr_extension_virus = undef; # $addr_extension_spam = undef; # $addr_extension_banned = undef; # $addr_extension_bad_header = undef; # @addr_extension_virus_maps = (\$addr_extension_virus); # @addr_extension_spam_maps = (\$addr_extension_spam); # @addr_extension_banned_maps = (\$addr_extension_banned); # @addr_extension_bad_header_maps = (\$addr_extension_bad_header); ## MAIL DECODING # $bypass_decode_parts = undef; # $keep_decoded_original_re = undef; # @keep_decoded_original_maps = (\$keep_decoded_original_re); # $map_full_type_to_short_type_re = ... predefined regexp lookup table # @map_full_type_to_short_type_maps = (\$map_full_type_to_short_type_re); # $path = undef; # $file = $gzip = $bzip2 = $lzop = $rpm2cpio = undef; # $uncompress = $unfreeze = $arc = $unarj = $unrar = undef; # $zoo = $lha = $cpio = $cabextract = undef; # $MAXLEVELS = undef; # $MAXFILES = undef; # $MIN_EXPANSION_QUOTA = undef; # $MAX_EXPANSION_QUOTA = undef; # $MIN_EXPANSION_FACTOR = 5; # times original mail size # $MAX_EXPANSION_FACTOR = 500; # times original mail size ## ANTI-VIRUS AND INVALID/FORBIDDEN CONTENTS CONTROLS (Disabled) # @av_scanners = (); # @av_scanners_backup = (); # $first_infected_stops_scan = undef; # $viruses_that_fake_sender_re = undef; # @viruses_that_fake_sender_maps = (\$viruses_that_fake_sender_re, 1); # $banned_namepath_re = undef; # new-style # $banned_filename_re = undef; # traditional # @banned_filename_maps = (\$banned_filename_re); # traditional # $virus_check_negative_ttl= 3*60; # time to cache contents as not infected # $virus_check_positive_ttl= 30*60; # time to cache contents as infected # @bypass_virus_checks_maps = (\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_virus_checks_maps = (1); # ***** uncomment to DISABLE anti-virus code ****** # @bypass_banned_checks_maps = (\%bypass_banned_checks, \@bypass_banned_checks_acl, \$bypass_banned_checks_re); # @bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re); # @virus_lovers_maps = (\%virus_lovers, \@virus_lovers_acl, \$virus_lovers_re); # @banned_files_lovers_maps = (\%banned_files_lovers, \@banned_files_lovers_acl, \$banned_files_lovers_re); # @bad_header_lovers_maps = (\%bad_header_lovers, \@bad_header_lovers_acl, \$bad_header_lovers_re); ## ANTI-SPAM CONTROLS (SpamAssassin) $sa_mail_body_size_limit = 200*1024; $sa_local_tests_only = 0; # $sa_auto_whitelist = 0; # (not used any longer since SA 3.0.0) # $dspam = undef; $sa_timeout = 30; $spam_check_negative_ttl = 30*60; # time to cache contents as not spam $spam_check_positive_ttl = 30*60; # time to cache contents as spam # @bypass_spam_checks_maps = (\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); # @spam_lovers_maps = (\%spam_lovers, \@spam_lovers_acl, \$spam_lovers_re); $sa_tag_level_deflt = 2.0; $sa_tag2_level_deflt = 3.0; $sa_kill_level_deflt = $sa_tag2_level_deflt; $sa_dsn_cutoff_level = undef; # @spam_tag_level_maps = (\$sa_tag_level_deflt); # @spam_tag2_level_maps = (\$sa_tag2_level_deflt); # @spam_kill_level_maps = (\$sa_kill_level_deflt); # @spam_dsn_cutoff_level_maps = (\$sa_dsn_cutoff_level); # Block these Senders (Default), per-recipient done with MySql @score_sender_maps = ({ '.' => [ # the '.' matches any recipient new_RE ( [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0] ) ] }); # @blacklist_sender_maps = (\%blacklist_sender, \@blacklist_sender_acl, \$blacklist_sender_re); # @whitelist_sender_maps = (\%whitelist_sender, \@whitelist_sender_acl, \$whitelist_sender_re); # $per_recip_blacklist_sender_lookup_tables = undef; # $per_recip_whitelist_sender_lookup_tables = undef; # deprecated ## SQL & LDAP # @lookup_sql_dsn = ( # ['DBI:mysql:database=maia;host=opal.akadia.com;port=3306','amavis','some_pass'] # ); @lookup_sql_dsn = ( ['DBI:mysql:database=maia;host=opal.akadia.com;port=3306','amavis','some_pass'], ['DBI:mysql:database=maia;host=rabbit.akadia.com;port=3306','amavis','some_pass'] ); ## External programs $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $file = 'file'; # optional: $gzip = 'gzip'; $bzip2 = 'bzip2'; $lzop = 'lzop'; $rpm2cpio = ['rpm2cpio.pl','rpm2cpio']; $cabextract = 'cabextract'; $uncompress = ['uncompress', 'gzip -d', 'zcat']; $unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; $arc = ['nomarch', 'arc']; $unarj = ['arj', 'unarj']; # both can extract, arj is recommended $unrar = ['rar', 'unrar']; # both can extract, same options $zoo = 'zoo'; $lha = 'lha'; $cpio = ['gcpio','cpio']; $ar = 'ar'; $dspam = 'dspam'; ## Banned and Allowd Filename Extensions $banned_filename_re = new_RE( qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, qr'^application/x-msdownload$'i, qr'^application/x-msdos-program$'i, qr'^application/hta$'i, [ qr'^\.(rpm|cpio|zip|tar|pdf)$' => 0 ], # Allowed qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|exe|fxp|hlp|hta|inf|ins|isp| js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg| reg|scr|sct|shb|shs|vb|vbe|vbs|wsc|wsf|wsh)$'ix, qr'^\.(exe-ms)$', qr'^\.(exe|lha|tnef|cab|dll)$', ); ## POLICY BANKS # %interface_policy = (); # maps input interface/port to policy bank name # $policy_bank{''} = { ...predefined... }; ## the built-in policy bank (empty name) is predefined, and includes ## references to most other variables listed above (the dynamic config ## variables), which are accessed only indirectly through the currently ## installed policy bank. Overlaying a policy bank with another policy ## bank may bring-in references to entirely different variables, ## possibly unnamed. Here is a list of configuration variables ## referenced from the built-in policy bank by keys of the same name ## (e.g. { log_level => \$log_level, inet_acl => \@inet_acl, ...} ) ## ## $policy_bank_name $protocol @inet_acl @mynetworks ## $log_level $log_templ $log_recip_templ ## $forward_method $notify_method ## $amavis_auth_user $amavis_auth_pass $auth_reauthenticate_forwarded ## $auth_required_out $auth_required_inp @auth_mech_avail ## $local_client_bind_address ## $localhost_name $smtpd_greeting_banner $smtpd_quit_banner ## $final_virus_destiny $final_spam_destiny ## $final_banned_destiny $final_bad_header_destiny ## $warnvirussender $warnspamsender $warnbannedsender $warnbadhsender ## $warn_offsite ## @av_scanners @av_scanners_backup $first_infected_stops_scan ## $bypass_decode_parts ## $defang_virus $defang_banned $defang_spam ## $defang_bad_header $defang_undecipherable $defang_all ## $undecipherable_subject_tag ## $sa_spam_report_header $sa_spam_level_char $sa_mail_body_size_limit ## $localpart_is_case_sensitive $recipient_delimiter $replace_existing_extension ## $hdr_encoding $bdy_encoding $hdr_encoding_qb ## $notify_xmailer_header $X_HEADER_TAG $X_HEADER_LINE ## $remove_existing_x_scanned_headers $remove_existing_spam_headers ## $hdrfrom_notify_sender $hdrfrom_notify_recip ## $hdrfrom_notify_admin $hdrfrom_notify_spamadmin ## $mailfrom_notify_sender $mailfrom_notify_recip ## $mailfrom_notify_admin $mailfrom_notify_spamadmin ## $mailfrom_to_quarantine $virus_quarantine_method $spam_quarantine_method ## $banned_files_quarantine_method $bad_header_quarantine_method ## %local_delivery_aliases $notify_sender_templ ## $notify_virus_sender_templ $notify_spam_sender_templ ## $notify_virus_admin_templ $notify_spam_admin_templ ## $notify_virus_recips_templ $notify_spam_recips_templ ## $banned_namepath_re ## $per_recip_whitelist_sender_lookup_tables ## $per_recip_blacklist_sender_lookup_tables ## @local_domains_maps @mynetworks_maps ## @bypass_virus_checks_maps @bypass_spam_checks_maps ## @bypass_banned_checks_maps @bypass_header_checks_maps ## @virus_lovers_maps @spam_lovers_maps ## @banned_files_lovers_maps @bad_header_lovers_maps ## @warnvirusrecip @warnbannedrecip @warnbadhrecip ## @virus_admin_maps @spam_admin_maps @virus_quarantine_to_maps ## @banned_quarantine_to_maps @bad_header_quarantine_to_maps ## @spam_quarantine_to_maps @spam_quarantine_bysender_to_maps ## @banned_filename_maps ## @spam_tag_level_maps @spam_tag2_level_maps @spam_kill_level_maps ## @spam_dsn_cutoff_level_maps @spam_modifies_subj_maps ## @spam_subject_tag_maps @spam_subject_tag2_maps ## @whitelist_sender_maps @blacklist_sender_maps @score_sender_maps ## @addr_extension_virus_maps @addr_extension_spam_maps ## @addr_extension_banned_maps @addr_extension_bad_header_maps ## @debug_sender_maps 1;