use strict; ## A CONFIGURATION FILE FOR AMAVISD-NEW, LISTING ALL CONFIGURATION VARIABLES ## WITH THEIR DEFAULT VALUES (FOR REFERENCE ONLY, NON-AUTHORITATIVE) ## This software is licensed under the GNU General Public License (GPL). ## See comments at the start of file amavisd for the whole license text. ## Copyright (C) 2002-2012 Mark Martinec, All Rights Reserved. ## The 'after-default' comment indicates that these variables obtain their ## default value if the config file left them undefined. It means these values ## are not yet available during processing of the configuration file, but that ## they can derive their value from other configurations variables no matter ## where in the configuration file they appear. ## GENERAL # $myhostname = ... predefined default from uname(3), must be a FQDN # $mydomain = ... no useful default, should be set if used in expressions # $snmp_contact = ''; # $snmp_location = ''; # $daemon_user = undef; # $daemon_group = undef; # $MYHOME = '/var/amavis'; # $TEMPBASE = $MYHOME; # after-default # $db_home = "$MYHOME/db"; # after-default # $pid_file = "$MYHOME/amavisd.pid"; # after-default # $lock_file = undef; # $daemon_chroot_dir = undef; # $max_requests = 20; # retire a child after that many accepts # $max_servers = 2; # number of pre-forked children # $min_servers = undef; # see Net::Server::Prefork for semantics # $min_spare_servers = undef; # $max_spare_servers = undef; # $child_timeout = 8*60; # $localpart_is_case_sensitive = 0; # $enable_db = undef; # $enable_zmq = undef; # @zmq_sockets = ( "ipc://$MYHOME/amavisd-zmq.sock" ); # after-default # $nanny_details_level = 1; # verbosity: 0, 1, 2 # @additional_perl_modules = (); # @local_domains_maps=(\%local_domains,\@local_domains_acl,\$local_domains_re); # @mynetworks = qw( 127.0.0.0/8 [::1] 169.254.0.0/16 [fe80::]/10 # 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [fc00::]/7 ); # @mynetworks_maps = (\@mynetworks); # @client_ipaddr_policy = map { $_ => 'MYNETS' } @mynetworks_maps; ## LOGGING AND DEBUGGING # $log_level = 0; # $logfile = undef; # $do_syslog = undef; # same as 0 # $syslog_ident = 'amavis'; # $syslog_facility = 'mail'; # $logline_maxlen = 980; # enable_log_capture_dump = undef; # $log_short_templ ... built-in default at the end of file amavisd # $log_verbose_templ ... built-in default at the end of file amavisd # $log_recip_templ = ... built-in default at the end of file amavisd # $log_templ = $log_short_templ; # @debug_sender_acl = (); # @debug_sender_maps = (\@debug_sender_acl); # @debug_recipient_maps = (); # $sa_debug = undef; # $allow_preserving_evidence = 1; ## DKIM VERIFICATION # $enable_dkim_verification = undef; # $reputation_factor = 0.2; # @signer_reputation_maps = (); # @author_to_policy_bank_maps = (); # $dkim_minimum_key_bits = 1024; # $myauthservid = $myhostname; # after-default (RFC 5451) # $dkim_minimum_key_bits = 1024; ## DKIM SIGNING # $enable_dkim_signing = undef; # %dkim_signing_keys = (); # @dkim_signature_options_bysender_maps = (); # $dkim_signing_service = undef; # # for (qw(Accept-Language Archived-At Auto-Submitted Content-Alternative # Content-Base Content-Class Content-Description Content-Disposition # Content-Duration Content-Features Content-Id Content-Language # Content-Location Content-MD5 Content-Transfer-Encoding In-Reply-To # List-Archive List-Help List-Id List-Owner List-Post List-Subscribe # List-Unsubscribe Message-Context Message-ID MIME-Version # Organisation Organization Original-Message-ID Pics-Label # Precedence Received References Reply-To Resent-Date Resent-From # Resent-Message-ID Resent-Sender Sensitivity Solicitation # User-Agent VBR-Info X-Mailer)) { $signed_header_fields{lc $_} = 1 } # for (qw(From Date Subject Content-Type)) { $signed_header_fields{lc $_} = 2 } ## MTA INTERFACE - INPUT # @listen_sockets = ... $unix_socketname and $inet_socket_port are added here # $unix_socketname = undef; # Unix socket to accept amavis helper protocol # $unix_socket_mode = undef; # sets sockets protection (numeric mode), or undef # $inet_socket_port = undef; # accept connections on this TCP port(s) (SMTP...) # $inet_socket_bind = [ '127.0.0.1', '[::1]' ]; # if both inet & inet6 avail. # $inet_socket_bind = '127.0.0.1'; # if only inet available # $inet_socket_bind = '[::1]' # if only inet6 available # @inet_acl = qw( 127.0.0.1 [::1] ); # $listen_queue_size = undef; # $protocol = ... defaults to 'SMTP' or 'LMTP' (autodetected) on inet and inet6 # sockets; must be configured explicitly for Unix sockets. # Possible values: 'SMTP', 'LMTP', 'AM.PDP', # and with appropriate patches applied also: 'COURIER' or 'QMQPqq' # $soft_bounce = undef; # $smtpd_timeout = 8*60; # $smtpd_recipient_limit = 1100; # $smtpd_message_size_limit = undef; # site-wide limit # @message_size_limit_maps = (); # per-recipient limits # $smtpd_greeting_banner = '${helo-name} ${protocol} ${product} service ready'; # $smtpd_quit_banner = '${helo-name} ${product} closing transmission channel'; # $auth_required_inp = undef; # $auth_required_release = 1; # @auth_mech_avail=(); # empty list disables incoming AUTH; or: qw(PLAIN LOGIN) # $tls_security_level_in = undef; # undef, 'may', 'encrypt', ... # $smtpd_tls_cert_file = undef; # $smtpd_tls_key_file = undef; # $smtp_connection_cache_on_demand = 1; # $smtp_connection_cache_enable = 1; # $enforce_smtpd_message_size_limit_64kb_min = 1; # @smtpd_discard_ehlo_keywords = (); ## MTA INTERFACE - OUTPUT ## see also $notify_method, $forward_method and $*_quarantine_method # $localhost_name = 'localhost'; # my EHLO name, and inserted in Received # $local_client_bind_address = undef; # my source IP address as a SMTP client # $auth_required_out = undef; # $amavis_auth_user = undef; # for submitting notifications and quarantine # $amavis_auth_pass = undef; # $auth_reauthenticate_forwarded = undef; # our credentials for forwarding too # $tls_security_level_out = undef; # undef, 'may', 'encrypt', ... ## MAIL FORWARDING # $forward_method = 'smtp:[127.0.0.1]:10025'; # may be arrayref # # or 'smtp:[::1]:10025' when INET6 available and INET unavail. # @forward_method_maps = ( sub { Opaque(c('forward_method')) } ); # $resend_method = undef; # falls back to $forward_method # $always_bcc = undef; # $final_virus_destiny = D_DISCARD; # subj to @viruses_that_fake_sender_maps # $final_banned_destiny = D_DISCARD; # $final_spam_destiny = D_PASS; # subject to $sa_dsn_cutoff_level # $final_bad_header_destiny = D_PASS; ## QUARANTINE # $release_method = undef; # falls back to $notify_method # $requeue_method = 'smtp:[127.0.0.1]:25'; # # or 'smtp:[::1]:25' when INET6 available and INET unavail. # $release_format = 'resend'; # (dsn), (arf), attach, plain, resend # $report_format = 'arf'; # (dsn), arf, attach, plain, resend # $attachment_password = ''; # '': no pwd, undef: PIN, code ref, or static str # $attachment_email_name = 'msg-%m.eml'; # $attachment_outer_name = 'msg-%m.zip'; # $virus_quarantine_method = 'local:virus-%m'; # $spam_quarantine_method = 'local:spam-%m.gz'; # $banned_files_quarantine_method = 'local:banned-%m'; # $bad_header_quarantine_method = 'local:badh-%m'; # $clean_quarantine_method = undef; # $archive_quarantine_method = undef; # $mail_id_size_bits = 72; # $QUARANTINEDIR = undef; # $quarantine_subdir_levels = undef; # 0 or 1 (undef treated as 0) # $sql_quarantine_chunksize_max; # see SQL section # $virus_quarantine_to = 'virus-quarantine'; # via %local_delivery_aliases # $banned_quarantine_to = 'banned-quarantine'; # $bad_header_quarantine_to= 'bad-header-quarantine'; # $spam_quarantine_to = 'spam-quarantine'; # $spam_quarantine_bysender_to = undef; # $clean_quarantine_to = 'clean-quarantine'; # $archive_quarantine_to = 'archive-quarantine'; # @virus_quarantine_to_maps = (\$virus_quarantine_to); # @banned_quarantine_to_maps = (\$banned_quarantine_to); # @bad_header_quarantine_to_maps = (\$bad_header_quarantine_to); # @spam_quarantine_to_maps = (\$spam_quarantine_to); # @spam_quarantine_bysender_to_maps = (\$spam_quarantine_bysender_to); # @clean_quarantine_to_maps = (\$clean_quarantine_to); # @archive_quarantine_to_maps = (\$archive_quarantine_to); # %local_delivery_aliases ... predefined, used by a delivery method 'local:' # $mailfrom_to_quarantine = undef; # undef keeps original sender ## NOTIFICATIONS (DSN, admin, recip) # $notify_method = 'smtp:[127.0.0.1]:10025'; # # or 'smtp:[::1]:10025' when INET6 available and INET unavail. # $propagate_dsn_if_possible = 1; # $terminate_dsn_on_notify_success = 0; # $newvirus_admin = undef; # $virus_admin = undef; # $spam_admin = undef; # $banned_admin = undef; # $bad_header_admin = undef; # $dsn_bcc = undef; # @newvirus_admin_maps = (\$newvirus_admin); # @virus_admin_maps = (\%virus_admin, \$virus_admin); # @banned_admin_maps = (\$banned_admin); # @spam_admin_maps = (\%spam_admin, \$spam_admin); # @bad_header_admin_maps = (\$bad_header_admin); # $hdr_encoding = 'UTF-8'; # header field bodies charset # $bdy_encoding = 'UTF-8'; # notification body text charset # $hdr_encoding_qb = 'Q'; # quoted-printable (Q or B) # $notify_sender_templ = ... built-in default at the end of file amavisd # $notify_virus_sender_templ = ... built-in default at the end of file amavisd # $notify_spam_sender_templ = ... built-in default at the end of file amavisd # $notify_virus_admin_templ = ... built-in default at the end of file amavisd # $notify_spam_admin_templ = ... built-in default at the end of file amavisd # $notify_virus_recips_templ = ... built-in default at the end of file amavisd # $notify_spam_recips_templ = ... built-in default at the end of file amavisd # $notify_release_templ = ... built-in default at the end of file amavisd # $notify_report_templ = ... built-in default at the end of file amavisd # $mailfrom_notify_admin = undef; # $mailfrom_notify_recip = undef; # $mailfrom_notify_spamadmin = undef; ## these are after-defaults: # $hdrfrom_notify_sender = "\"Content-filter at $myhostname\" "; # $hdrfrom_notify_recip = ... derived from $mailfrom_notify_recip # $hdrfrom_notify_admin = ... derived from $mailfrom_notify_admin # $hdrfrom_notify_spamadmin = ... derived from $mailfrom_notify_spamadmin # $hdrfrom_notify_release = $hdrfrom_notify_sender; # $hdrfrom_notify_report = $hdrfrom_notify_sender; # $warnbannedsender = undef; # $warnbadhsender = undef; # $warn_offsite = undef; # $warnvirusrecip = undef; # $warnbannedrecip = undef; # $warnbadhrecip = undef; # @warnvirusrecip_maps = (\$warnvirusrecip); # @warnbannedrecip_maps = (\$warnbannedrecip); # @warnbadhrecip_maps = (\$warnbadhrecip); ## MODIFICATIONS TO PASSED MAIL # %allowed_added_header_fields = ...; # built-in default # %prefer_our_added_header_fields = ...; # built-in default # $remove_existing_x_scanned_headers = 0; # $remove_existing_spam_headers = 1; # @remove_existing_spam_headers_maps = (\$remove_existing_spam_headers); # $allow_fixing_improper_header = 1; # all-white folding lines and long lines # $allow_fixing_improper_header_folding = 1; # $allow_fixing_long_header_lines = 1; # $prepend_header_fields_hdridx = 0; # $X_HEADER_TAG = 'X-Virus-Scanned'; # after-default # $X_HEADER_LINE = "$myproduct_name at $mydomain"; # after-default # $defang_virus = undef; # $defang_banned = undef; # $defang_spam = undef; # $defang_bad_header = undef; # $defang_undecipherable = undef; # $defang_all = undef; # mostly for testing # $allow_disclaimers = undef; # $outbound_disclaimers_only = undef; # $enable_anomy_sanitizer = 0; # @anomy_sanitizer_args = (); # a config file or list of var=value pairs # $altermime = 'altermime'; # a path to the program # @altermime_args_defang = qw(--verbose --removeall); # @altermime_args_disclaimer = qw(--disclaimer=/etc/altermime-disclaimer.txt); # @disclaimer_options_bysender_maps = (); # $undecipherable_subject_tag = '***UNCHECKED*** '; # $sa_spam_subject_tag = undef; # $sa_spam_level_char = '*'; # @spam_subject_tag_maps = (\$sa_spam_subject_tag1); # N.B.: inconsistent name # @spam_subject_tag2_maps = (\$sa_spam_subject_tag); # N.B.: inconsistent name # @spam_subject_tag3_maps = (); ## ADDING ADDRESS EXTENSIONS TO RECIPIENTS - 'plus addressing' # $recipient_delimiter = undef; # $replace_existing_extension = 1; # $addr_extension_virus = undef; # $addr_extension_banned = undef; # $addr_extension_spam = undef; # $addr_extension_bad_header = undef; # @addr_extension_virus_maps = (\$addr_extension_virus); # @addr_extension_banned_maps = (\$addr_extension_banned); # @addr_extension_spam_maps = (\$addr_extension_spam); # @addr_extension_bad_header_maps = (\$addr_extension_bad_header); ## MAIL DECODING # $bypass_decode_parts = undef; # $keep_decoded_original_re = undef; # @keep_decoded_original_maps = (\$keep_decoded_original_re); # $map_full_type_to_short_type_re = ... predefined regexp lookup table # @map_full_type_to_short_type_maps = (\$map_full_type_to_short_type_re); # $MAXLEVELS = undef; # $MAXFILES = undef; # $MIN_EXPANSION_QUOTA = undef; # $MAX_EXPANSION_QUOTA = undef; # $MIN_EXPANSION_FACTOR = 5; # times original mail size # $MAX_EXPANSION_FACTOR = 500; # times original mail size # $path = undef; # $file = 'file'; # For backward compatibility the @decoders list defaults to use of legacy # variables $gzip, $bzip2, $lzop, ... It is cleaner to explicitly assign # a list to @decoders in amavisd.conf and directly specify program paths, # without indirections through legacy variables $gzip, etc. # # $gzip = $bzip2 = $lzop = $rpm2cpio = undef; # $uncompress = $unfreeze = $arc = $unarj = $unrar = undef; # $zoo = $lha = $pax = $cpio = $cabextract = undef; # # @decoders = ( # ['mail', \&do_mime_decode], ### [[qw(asc uue hqx ync)], \&do_ascii], # not safe # ['F', \&do_uncompress, \$unfreeze], # ['Z', \&do_uncompress, \$uncompress], # ['gz', \&do_uncompress, \$gunzip], # ['gz', \&do_gunzip], # ['bz2', \&do_uncompress, \$bunzip2], # ['xz', \&do_uncompress, # ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ], # ['lzma', \&do_uncompress, # ['lzmadec', 'xz -dc --format=lzma', # 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], # ['lrz', \&do_uncompress, # ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], # ['lzo', \&do_uncompress, \$unlzop], # ['rpm', \&do_uncompress, \$rpm2cpio], # [['cpio','tar'], \&do_pax_cpio, \$pax], ### ['tar', \&do_tar], # no longer supported # ['deb', \&do_ar, \$ar], ### ['a', \&do_ar, \$ar], # unpacking .a seems an overkill # ['rar', \&do_unrar, \$unrar], # ['arj', \&do_unarj, \$unarj], # ['arc', \&do_arc, \$arc], # ['zoo', \&do_zoo, \$zoo], # ['doc', \&do_ole, \$ripole], # ['cab', \&do_cabextract, \$cabextract], # ['tnef', \&do_tnef_ext, \$tnef], # ['tnef', \&do_tnef], ### ['lha', \&do_lha, \$lha], # not safe, use 7z instead ### ['sit', \&do_unstuff, \$unstuff], # not safe # [['zip','kmz'], \&do_7zip, ['7za', '7z'] ], # [['zip','kmz'], \&do_unzip], # ['7z', \&do_7zip, ['7zr', '7za', '7z'] ], # [[qw(7z zip gz bz2 Z tar)], # \&do_7zip, ['7za', '7z'] ], # [[qw(xz lzma jar cpio arj rar swf lha iso cab deb rpm)], # \&do_7zip, '7z' ], # ['exe', \&do_executable, \$unrar, \$lha, \$unarj], # ); ## ANTI-VIRUS AND INVALID/FORBIDDEN CONTENTS CONTROLS # @av_scanners = (); # @av_scanners_backup = (); # $first_infected_stops_scan = undef; # $virus_scanners_failure_is_fatal = undef; # $viruses_that_fake_sender_re = undef; # @viruses_that_fake_sender_maps = (\$viruses_that_fake_sender_re, 1); # @virus_name_to_policy_bank_maps = (); # # @virus_name_to_spam_score_maps = # (new_RE( # the order matters, first match wins # [ qr'^Structured\.(SSN|CreditCardNumber)\b' => 0.1 ], # [ qr'^(Heuristics\.)?Phishing\.' => 0.1 ], # [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 0.1 ], # [ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected # [ qr'^Sanesecurity\.' => 0.1 ], # [ qr'^Sanesecurity_PhishBar_' => 0 ], # [ qr'^Sanesecurity.TestSig_' => 0 ], # [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ], # [ qr'^Email\.Spammail\b' => 0.1 ], # [ qr'^MSRBL-(Images|SPAM)\b' => 0.1 ], # [ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 0.1 ], # [ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ], # [ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 0.1 ], # [ qr'^Safebrowsing\.' => 0.1 ], # [ qr'^winnow\.(phish|spam)\.' => 0.1 ], # [ qr'^INetMsg\.SpamDomain' => 0.1 ], # [ qr'^Doppelstern\.(Spam|Scam|Phishing|Junk|Lott|Loan)'=> 0.1 ], # [ qr'^Bofhland\.Phishing' => 0.1 ], # [ qr'^ScamNailer\.' => 0.1 ], # [ qr'^HTML/Bankish' => 0.1 ], # F-Prot # [ qr'^PORCUPINE_JUNK' => 0.1 ], # [ qr'^PORCUPINE_PHISHING' => 0.1 ], # [ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected # [ qr'^MBL_NA\.UNOFFICIAL' => 0.1 ], # false positives # [ qr'^MBL_' => undef ], # keep as infected # )); # @banned_filename_maps = ( 'DEFAULT' ); # %banned_rules = ( 'DEFAULT' => $banned_filename_re); # after-default # $banned_filename_re = undef; # traditional # $banned_namepath_re = undef; # regexp-style # @bypass_virus_checks_maps = (\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # @bypass_banned_checks_maps = (\%bypass_banned_checks, \@bypass_banned_checks_acl, \$bypass_banned_checks_re); # @bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re); # @virus_lovers_maps = (\%virus_lovers, \@virus_lovers_acl, \$virus_lovers_re); # @banned_files_lovers_maps = (\%banned_files_lovers, \@banned_files_lovers_acl, \$banned_files_lovers_re); # @bad_header_lovers_maps = (\%bad_header_lovers, \@bad_header_lovers_acl, \$bad_header_lovers_re); # @unchecked_lovers_maps = (); # $allowed_header_tests{$_} = 1 for qw(other mime 8bit control empty long # syntax missing multiple); ## ANTI-Spam CONTROLS # @spam_scanners = ( ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'] ); # $helpers_home = $MYHOME; # after-default # $sa_configpath = undef; # $sa_siteconfigpath = undef; # $sa_num_instances = 1; # @sa_userconf_maps = (); # @sa_username_maps = (); # $sa_mail_body_size_limit = undef; # $sa_local_tests_only = 0; # $sa_spawned = 0; # $dspam = undef; # $sa_timeout = 30; # @bypass_spam_checks_maps = (\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); # @spam_lovers_maps = (\%spam_lovers, \@spam_lovers_acl, \$spam_lovers_re); # $sa_tag_level_deflt = undef; # $sa_tag2_level_deflt = undef; # $sa_tag3_level_deflt = undef; # $sa_kill_level_deflt = undef; # $sa_dsn_cutoff_level = undef; # $sa_crediblefrom_dsn_cutoff_level = undef; # $sa_quarantine_cutoff_level = undef; # @spam_tag_level_maps = (\$sa_tag_level_deflt); # @spam_tag2_level_maps = (\$sa_tag2_level_deflt); # @spam_tag3_level_maps = (\$sa_tag3_level_deflt); # @spam_kill_level_maps = (\$sa_kill_level_deflt); # @spam_quarantine_cutoff_level_maps = (\$sa_quarantine_cutoff_level); # @spam_notifyadmin_cutoff_level_maps = (); # @spam_dsn_cutoff_level_maps = (\$sa_dsn_cutoff_level); # @spam_dsn_cutoff_level_bysender_maps = (\$sa_dsn_cutoff_level); # @spam_crediblefrom_dsn_cutoff_level_maps = # (\$sa_crediblefrom_dsn_cutoff_level); # @spam_crediblefrom_dsn_cutoff_level_bysender_maps = # (\$sa_crediblefrom_dsn_cutoff_level); # $bounce_killer_score = 0; # $penpals_bonus_score = undef; # $penpals_halflife = 7*24*60*60; # $penpals_threshold_low = 1.0; # $penpals_threshold_high = undef; # $reputation_factor = 0.2; # @score_sender_maps = (); # @signer_reputation_maps = (); # @blacklist_sender_maps = (\%blacklist_sender, \@blacklist_sender_acl, \$blacklist_sender_re); # @whitelist_sender_maps = (\%whitelist_sender, \@whitelist_sender_acl, \$whitelist_sender_re); # $per_recip_blacklist_sender_lookup_tables = undef; # $per_recip_whitelist_sender_lookup_tables = undef; # deprecated # $os_fingerprint_method = undef; # $os_fingerprint_dst_ip_and_port = undef; ## SQL, LDAP, Redis # $database_sessions_persistent = 1; # $trim_trailing_space_in_lookup_result_fields = 0; # $lookup_maps_imply_sql_and_ldap = 1; # @storage_redis_dsn = (); # Redis server(s) for pen pals, IP reput, JSON log # $storage_redis_ttl = 16*24*60*60; # $enable_ip_repu = 1; # @ip_repu_ignore_networks = (); # @ip_repu_ignore_maps = (\@ip_repu_ignore_networks); # $redis_logging_key = undef; # $redis_logging_queue_size_limit = undef; # @lookup_sql_dsn = (); # SQL data source name for lookups, or empty # @storage_sql_dsn = (); # SQL data source name for log/quarantine, or empty # $sql_store_info_for_all_msgs = 1; # $sql_schema_version = $myversion_id_numeric; # $timestamp_fmt_mysql = undef; # $sql_partition_tag = undef; # $sql_allow_8bit_address = 0; # VARCHAR (0), VARBINARY/BYTEA (1) # $sql_lookups_no_at_means_domain = 0; # $sql_quarantine_chunksize_max = 16384; # $sql_select_policy = # 'SELECT *,users.id'. # ' FROM users LEFT JOIN policy ON users.policy_id=policy.id'. # ' WHERE users.email IN (%k) ORDER BY users.priority DESC'; # $sql_select_white_black_list = # 'SELECT wb'. # ' FROM wblist JOIN mailaddr ON wblist.sid=mailaddr.id'. # ' WHERE wblist.rid=? AND mailaddr.email IN (%k)'. # ' ORDER BY mailaddr.priority DESC'; # %sql_clause = ( # 'sel_policy' => \$sql_select_policy, # 'sel_wblist' => \$sql_select_white_black_list, # 'sel_adr' => # 'SELECT id FROM maddr WHERE partition_tag=? AND email=?', # 'ins_adr' => # 'INSERT INTO maddr (partition_tag, email, domain) VALUES (?,?,?)', # 'ins_msg' => # 'INSERT INTO msgs (partition_tag, mail_id, secret_id, am_id,'. # ' time_num, time_iso, sid, policy, client_addr, size, host)'. # ' VALUES (?,?,?,?,?,?,?,?,?,?,?)', # 'upd_msg' => # 'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'. # ' spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=?,'. # ' originating=?'. # ' WHERE partition_tag=? AND mail_id=?', # 'ins_rcp' => # 'INSERT INTO msgrcpt (partition_tag, mail_id, rseqnum, rid, is_local,'. # ' content, ds, rs, bl, wl, bspam_level, smtp_resp)'. # ' VALUES (?,?,?,?,?,?,?,?,?,?,?,?)', # 'ins_quar' => # 'INSERT INTO quarantine (partition_tag, mail_id, chunk_ind, mail_text)'. # ' VALUES (?,?,?,?)', # 'sel_msg' => # obtains partition_tag if missing in a release request # 'SELECT partition_tag FROM msgs WHERE mail_id=?', # 'sel_quar' => # 'SELECT mail_text FROM quarantine'. # ' WHERE partition_tag=? AND mail_id=?'. # ' ORDER BY chunk_ind', # 'sel_penpals' => # no message-id references list # "SELECT msgs.time_num, msgs.mail_id, subject". # " FROM msgs JOIN msgrcpt USING (partition_tag,mail_id)". # " WHERE sid=? AND rid=? AND msgs.content!='V' AND ds='P'". # " ORDER BY msgs.time_num DESC", # LIMIT 1 # 'sel_penpals_msgid' => # with a nonempty list of message-id references # "SELECT msgs.time_num, msgs.mail_id, subject, message_id, rid". # " FROM msgs JOIN msgrcpt USING (partition_tag,mail_id)". # " WHERE sid=? AND msgs.content!='V' AND ds='P' AND message_id IN (%m)". # " AND rid!=sid". # " ORDER BY rid=? DESC, msgs.time_num DESC", # LIMIT 1 # ); ## LDAP, Please see file README.lookups for more info. # $enable_ldap = 0; # $ldap_lookups_no_at_means_domain = 0; # # $default_ldap = { # hostname => 'localhost', # localaddr => undef, # port => undef, # 389 or 636, default provided by Net::LDAP # scheme => undef, # 'ldaps' or 'ldap', depending on hostname # inet6 => $have_inet6 ? 1 : 0, # version => 3, # timeout => 120, # deref => 'find', # bind_dn => undef, # bind_password => undef, # tls => 0, # verify => 'none', # sslversion => 'tlsv1', # clientcert => undef, # clientkey => undef, # cafile => undef, # capath => undef, # sasl => 0, # sasl_mech => undef, # space-separated list of mech names # sasl_auth_id => undef, # }; ## hierarchy by which a final setting is chosen: ## policy bank (based on port or IP address) -> *_by_ccat ## *_by_ccat (based on mail contents) -> *_maps ## *_maps (based on recipient address) -> final configuration value ## MAPPING A CONTENTS CATEGORY TO A SETTING CHOSEN # %final_destiny_maps_by_ccat = ( # CC_VIRUS, sub { c('final_virus_destiny') }, # CC_BANNED, sub { c('final_banned_destiny') }, # CC_UNCHECKED, sub { c('final_unchecked_destiny') }, # CC_SPAM, sub { c('final_spam_destiny') }, # CC_BADH, sub { c('final_bad_header_destiny') }, # CC_MTA.',1', D_TEMPFAIL, # CC_MTA.',2', D_REJECT, # CC_OVERSIZED, D_BOUNCE, # CC_CATCHALL, D_PASS, # ); # %forward_method_maps_by_ccat = ( # CC_CATCHALL, sub { ca('forward_method_maps') }, # ); # %smtp_reason_by_ccat = ( # # currently only used for blocked messages only, status 5xx # # a multiline message will produce a valid multiline SMTP response # CC_VIRUS, 'id=%n - INFECTED: %V', # CC_BANNED, 'id=%n - BANNED: %F', # CC_UNCHECKED, 'id=%n - UNCHECKED', # CC_SPAM, 'id=%n - spam', # CC_SPAMMY.',1', 'id=%n - spammy (tag3)', # CC_SPAMMY, 'id=%n - spammy', # CC_BADH.',1', 'id=%n - BAD HEADER: MIME error', # CC_BADH.',2', 'id=%n - BAD HEADER: nonencoded 8-bit character', # CC_BADH.',3', 'id=%n - BAD HEADER: contains invalid control character', # CC_BADH.',4', 'id=%n - BAD HEADER: line made up entirely of whitespace', # CC_BADH.',5', 'id=%n - BAD HEADER: line longer than RFC 5322 limit', # CC_BADH.',6', 'id=%n - BAD HEADER: syntax error', # CC_BADH.',7', 'id=%n - BAD HEADER: missing required header field', # CC_BADH.',8', 'id=%n - BAD HEADER: duplicate header field', # CC_BADH, 'id=%n - BAD HEADER', # CC_OVERSIZED, 'id=%n - Message size exceeds recipient\'s size limit', # CC_MTA.',1', 'id=%n - Temporary MTA failure on relaying', # CC_MTA.',2', 'id=%n - Rejected by next-hop MTA on relaying', # CC_MTA, 'id=%n - Unable to relay message back to MTA', # CC_CLEAN, 'id=%n - CLEAN', # CC_CATCHALL, 'id=%n - OTHER', # should not happen # ); # %lovers_maps_by_ccat = ( # CC_VIRUS, sub { ca('virus_lovers_maps') }, # CC_BANNED, sub { ca('banned_files_lovers_maps') }, # CC_UNCHECKED, sub { ca('unchecked_lovers_maps') }, # CC_SPAM, sub { ca('spam_lovers_maps') }, # CC_SPAMMY, sub { ca('spam_lovers_maps') }, # CC_BADH, sub { ca('bad_header_lovers_maps') }, # ); # %defang_maps_by_ccat = ( # CC_VIRUS, sub { c('defang_virus') }, # CC_BANNED, sub { c('defang_banned') }, # CC_UNCHECKED, sub { c('defang_undecipherable') }, # CC_SPAM, sub { c('defang_spam') }, # CC_SPAMMY, sub { c('defang_spam') }, # # CC_BADH.',3', 1, # NUL or CR character in header section # # CC_BADH.',5', 1, # header line longer than 998 characters # # CC_BADH.',6', 1, # header field syntax error # CC_BADH, sub { c('defang_bad_header') }, # ); # %subject_tag_maps_by_ccat = ( # CC_VIRUS, [ '***INFECTED*** ' ], # CC_BANNED, undef, # CC_UNCHECKED, sub { [ c('undecipherable_subject_tag') ] }, # not by-recip # CC_SPAM, undef, # CC_SPAMMY.',1', sub { ca('spam_subject_tag3_maps') }, # CC_SPAMMY, sub { ca('spam_subject_tag2_maps') }, # CC_CLEAN.',1', sub { ca('spam_subject_tag_maps') }, # ); # %quarantine_method_by_ccat = ( # CC_VIRUS, sub { c('virus_quarantine_method') }, # CC_BANNED, sub { c('banned_files_quarantine_method') }, # CC_UNCHECKED, sub { c('unchecked_quarantine_method') }, # CC_SPAM, sub { c('spam_quarantine_method') }, # CC_BADH, sub { c('bad_header_quarantine_method') }, # CC_CLEAN, sub { c('clean_quarantine_method') }, # ); # %quarantine_to_maps_by_ccat = ( # CC_VIRUS, sub { ca('virus_quarantine_to_maps') }, # CC_BANNED, sub { ca('banned_quarantine_to_maps') }, # CC_UNCHECKED, sub { ca('unchecked_quarantine_to_maps') }, # CC_SPAM, sub { ca('spam_quarantine_to_maps') }, # CC_BADH, sub { ca('bad_header_quarantine_to_maps') }, # CC_CLEAN, sub { ca('clean_quarantine_to_maps') }, # ); # %admin_maps_by_ccat = ( # CC_VIRUS, sub { ca('virus_admin_maps') }, # CC_BANNED, sub { ca('banned_admin_maps') }, # CC_UNCHECKED, sub { ca('virus_admin_maps') }, # CC_SPAM, sub { ca('spam_admin_maps') }, # CC_BADH, sub { ca('bad_header_admin_maps') }, # ); # %always_bcc_by_ccat = ( # CC_CATCHALL, sub { c('always_bcc') }, # ); # %dsn_bcc_by_ccat = ( # CC_CATCHALL, sub { c('dsn_bcc') }, # ); # %mailfrom_notify_admin_by_ccat = ( # CC_SPAM, sub { c('mailfrom_notify_spamadmin') }, # CC_CATCHALL, sub { c('mailfrom_notify_admin') }, # ); # %hdrfrom_notify_admin_by_ccat = ( # CC_SPAM, sub { c('hdrfrom_notify_spamadmin') }, # CC_CATCHALL, sub { c('hdrfrom_notify_admin') }, # ); # %mailfrom_notify_recip_by_ccat = ( # CC_CATCHALL, sub { c('mailfrom_notify_recip') }, # ); # %hdrfrom_notify_recip_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_recip') }, # ); # %hdrfrom_notify_sender_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_sender') }, # ); # %hdrfrom_notify_release_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_release') }, # ); # %hdrfrom_notify_report_by_ccat = ( # CC_CATCHALL, sub { c('hdrfrom_notify_report') }, # ); # %notify_admin_templ_by_ccat = ( # CC_SPAM, sub { cr('notify_spam_admin_templ') }, # CC_CATCHALL, sub { cr('notify_virus_admin_templ') }, # ); # %notify_recips_templ_by_ccat = ( # CC_SPAM, sub { cr('notify_spam_recips_templ') }, #usualy empty # CC_CATCHALL, sub { cr('notify_virus_recips_templ') }, # ); # %notify_sender_templ_by_ccat = ( # bounce templates # CC_VIRUS, sub { cr('notify_virus_sender_templ') }, # CC_BANNED, sub { cr('notify_virus_sender_templ') }, #historical reason # CC_SPAM, sub { cr('notify_spam_sender_templ') }, # CC_CATCHALL, sub { cr('notify_sender_templ') }, # ); # %notify_release_templ_by_ccat = ( # CC_CATCHALL, sub { cr('notify_release_templ') }, # ); # %notify_report_templ_by_ccat = ( # CC_CATCHALL, sub { cr('notify_report_templ') }, # ); # %notify_autoresp_templ_by_ccat = ( # CC_CATCHALL, sub { cr('notify_autoresp_templ') }, # ); # %warnsender_by_ccat = ( # deprecated use, except perhaps for CC_BADH # CC_VIRUS, undef, # CC_BANNED, sub { c('warnbannedsender') }, # CC_SPAM, undef, # CC_BADH, sub { c('warnbadhsender') }, # ); # %warnrecip_maps_by_ccat = ( # CC_VIRUS, sub { ca('warnvirusrecip_maps') }, # CC_BANNED, sub { ca('warnbannedrecip_maps') }, # CC_SPAM, undef, # CC_BADH, sub { ca('warnbadhrecip_maps') }, # ); # %addr_extension_maps_by_ccat = ( # CC_VIRUS, sub { ca('addr_extension_virus_maps') }, # CC_BANNED, sub { ca('addr_extension_banned_maps') }, # CC_SPAM, sub { ca('addr_extension_spam_maps') }, # CC_SPAMMY, sub { ca('addr_extension_spam_maps') }, # CC_BADH, sub { ca('addr_extension_bad_header_maps') }, # # CC_OVERSIZED, 'oversized'; # ); # %addr_rewrite_maps_by_ccat = ( ); ## POLICY BANKS # %interface_policy = (); # maps input interface/port to policy bank name # $policy_bank{''} = { ...predefined... }; ## the built-in policy bank (empty name) is predefined, and includes ## references to most other variables listed above (the dynamic config ## variables), which are accessed only indirectly through the currently ## installed policy bank. Overlaying a policy bank with another policy ## bank may bring-in references to entirely different variables, ## possibly unnamed. Here is a list of configuration variables ## referenced from the built-in policy bank by keys of the same name ## (e.g. { log_level => \$log_level, inet_acl => \@inet_acl, ...} ) ## ## $child_timeout $smtpd_timeout ## $policy_bank_name $protocol @inet_acl ## $myhostname $myauthservid $snmp_contact $snmp_location ## $myprogram_name $syslog_ident $syslog_facility ## $log_level $log_templ $log_recip_templ $enable_log_capture_dump ## $forward_method $notify_method $resend_method $report_format ## $release_method $requeue_method $release_format ## $attachment_password $attachment_email_name $attachment_outer_name ## $os_fingerprint_method $os_fingerprint_dst_ip_and_port ## $originating @smtpd_discard_ehlo_keywords $soft_bounce ## $propagate_dsn_if_possible $terminate_dsn_on_notify_success ## $amavis_auth_user $amavis_auth_pass $auth_reauthenticate_forwarded ## $auth_required_out $auth_required_inp $auth_required_release ## @auth_mech_avail $tls_security_level_in $tls_security_level_out ## $local_client_bind_address $smtpd_message_size_limit ## $localhost_name $smtpd_greeting_banner $smtpd_quit_banner ## $mailfrom_to_quarantine $warn_offsite $bypass_decode_parts @decoders ## @av_scanners @av_scanners_backup @spam_scanners ## $first_infected_stops_scan $virus_scanners_failure_is_fatal ## $sa_spam_level_char $sa_mail_body_size_limit ## $penpals_bonus_score $penpals_halflife $bounce_killer_score ## $reputation_factor ## $undecipherable_subject_tag $localpart_is_case_sensitive ## $recipient_delimiter $replace_existing_extension ## $hdr_encoding $bdy_encoding $hdr_encoding_qb ## $allow_disclaimers $outbound_disclaimers_only ## $prepend_header_fields_hdridx ## $allow_fixing_improper_header ## $allow_fixing_improper_header_folding $allow_fixing_long_header_lines ## %allowed_added_header_fields %prefer_our_added_header_fields ## %allowed_header_tests ## $X_HEADER_TAG $X_HEADER_LINE ## $remove_existing_x_scanned_headers $remove_existing_spam_headers ## %sql_clause $partition_tag ## %local_delivery_aliases $banned_namepath_re ## $per_recip_whitelist_sender_lookup_tables ## $per_recip_blacklist_sender_lookup_tables ## @anomy_sanitizer_args @altermime_args_defang ## @altermime_args_disclaimer @disclaimer_options_bysender_maps ## %signed_header_fields @dkim_signature_options_bysender_maps ## $enable_dkim_verification $enable_dkim_signing $dkim_signing_service ## $dkim_minimum_key_bits $enable_ldap $enable_ip_repu $redis_logging_key ## ## @local_domains_maps ## @mynetworks_maps @client_ipaddr_policy @ip_repu_ignore_maps ## @forward_method_maps @newvirus_admin_maps @banned_filename_maps ## @spam_quarantine_bysender_to_maps ## @spam_tag_level_maps @spam_tag2_level_maps @spam_tag3_level_maps ## @spam_kill_level_maps ## @spam_subject_tag_maps @spam_subject_tag2_maps @spam_subject_tag3_maps ## @spam_dsn_cutoff_level_maps @spam_dsn_cutoff_level_bysender_maps ## @spam_crediblefrom_dsn_cutoff_level_maps ## @spam_crediblefrom_dsn_cutoff_level_bysender_maps ## @spam_quarantine_cutoff_level_maps @spam_notifyadmin_cutoff_level_maps ## @whitelist_sender_maps @blacklist_sender_maps @score_sender_maps ## @author_to_policy_bank_maps @signer_reputation_maps ## @message_size_limit_maps @debug_sender_maps @debug_recipient_maps ## @bypass_virus_checks_maps @bypass_spam_checks_maps ## @bypass_banned_checks_maps @bypass_header_checks_maps ## @viruses_that_fake_sender_maps ## @virus_name_to_spam_score_maps @virus_name_to_policy_bank_maps ## @remove_existing_spam_headers_maps ## @sa_userconf_maps @sa_username_maps ## ## %final_destiny_maps_by_ccat %forward_method_maps_by_ccat ## %lovers_maps_by_ccat %defang_maps_by_ccat %subject_tag_maps_by_ccat ## %quarantine_method_by_ccat %quarantine_to_maps_by_ccat ## %notify_admin_templ_by_ccat %notify_recips_templ_by_ccat ## %notify_sender_templ_by_ccat %notify_autoresp_templ_by_ccat ## %notify_release_templ_by_ccat %notify_report_templ_by_ccat ## %warnsender_by_ccat ## %hdrfrom_notify_admin_by_ccat %mailfrom_notify_admin_by_ccat ## %hdrfrom_notify_recip_by_ccat %mailfrom_notify_recip_by_ccat ## %hdrfrom_notify_sender_by_ccat ## %hdrfrom_notify_release_by_ccat %hdrfrom_notify_report_by_ccat ## %admin_maps_by_ccat %warnrecip_maps_by_ccat ## %always_bcc_by_ccat %dsn_bcc_by_ccat ## %addr_extension_maps_by_ccat %addr_rewrite_maps_by_ccat ## %smtp_reason_by_ccat # legacy dynamic configuration variables: ## $final_virus_destiny $final_banned_destiny $final_unchecked_destiny ## $final_spam_destiny $final_bad_header_destiny ## @virus_lovers_maps @spam_lovers_maps @unchecked_lovers_maps ## @banned_files_lovers_maps @bad_header_lovers_maps ## $always_bcc $dsn_bcc ## $mailfrom_notify_sender $mailfrom_notify_recip ## $mailfrom_notify_admin $mailfrom_notify_spamadmin ## $hdrfrom_notify_sender $hdrfrom_notify_recip ## $hdrfrom_notify_admin $hdrfrom_notify_spamadmin ## $hdrfrom_notify_release $hdrfrom_notify_report ## $notify_virus_admin_templ $notify_spam_admin_templ ## $notify_virus_recips_templ $notify_spam_recips_templ ## $notify_virus_sender_templ $notify_spam_sender_templ ## $notify_sender_templ $notify_release_templ ## $notify_report_templ $notify_autoresp_templ ## $warnbannedsender $warnbadhsender ## $defang_virus $defang_banned $defang_spam ## $defang_bad_header $defang_undecipherable $defang_all ## $virus_quarantine_method $banned_files_quarantine_method ## $unchecked_quarantine_method $spam_quarantine_method ## $bad_header_quarantine_method $clean_quarantine_method ## $archive_quarantine_method ## @virus_quarantine_to_maps @banned_quarantine_to_maps ## @unchecked_quarantine_to_maps @spam_quarantine_to_maps ## @bad_header_quarantine_to_maps @clean_quarantine_to_maps ## @archive_quarantine_to_maps ## @virus_admin_maps @banned_admin_maps ## @spam_admin_maps @bad_header_admin_maps @spam_modifies_subj_maps ## @warnvirusrecip_maps @warnbannedrecip_maps @warnbadhrecip_maps ## @addr_extension_virus_maps @addr_extension_spam_maps ## @addr_extension_banned_maps @addr_extension_bad_header_maps 1; # insure a defined return value