#*********************************************************************** # # mimedefang-filter config # # $Id: filter.conf,v 1.91 2009/11/05 13:48:43 jonas Exp $ # #*********************************************************************** $Revision: 1.91 $ #*********************************************************************** # Host, domain and mail adresses settings. # # AdminAddress receives reports. # AdminContactAddress is listed as the contact for site-wide policy. # MyFilterHostName is this hosts name. # MyFilterHostNames are aliases for this host. # OurDomains are domains we accept mail for. Note that more domains might # get added through some sendmail conf files. # NoUserDomains are domains in wich there are no users. # If CanAuthenticate is false, authentication will not be checked. # Mail to WantsReports can have Spam reports added. # WhiteNets specifies a small list of whitelisted nets. # OurNets specifies our external IP addresses. #*********************************************************************** AdminAddress reports@frukt.fsdb.org AdminContactAddress jonas@frukt.org AdminName Jonas Eckerman MyFilterHostName chip.frukt.org MyFilterHostNames chip.frukt.org,chip.i.frukt.org,monty.frukt.org OurDomains frukt.org,fsdb.org,truls.org,menvafan.net,edbn.org,wfdb.org NoUserDomains 10.frukt.org,.*[^-_.a-zA-Z0-9].*\.frukt\.org LocalNets 10\.0\.\d{1,3}\.\d{1,3} WhiteNets 195.67.112.193/255.255.255.224; 10.0.0.0/255.255.0.0 OurNets 195.67.112.193/255.255.255.224 #CanAuthenticate 1 #WantsReports jonas@frukt.org,jonas@truls.org,jonas@fsdb.org WantsExtraHeaders @{extraheaders} #*********************************************************************** # Settings for user/recipient SMTP checks. # # NoCheckUserDomains are domains for wich we don't check recipients # against smtp-servers. Subdomains are autoincluded. # NoCheckUserServers are storing servers we don't check recipients # against. # If CheckUserErrorContinue is true, return CONTINUE instead of TEMPFAIL # when checking results in errors. #*********************************************************************** #NoCheckUserDomains frukt.org NoCheckUserServers mailout.telia.com #CheckUserErrorContinue 1 #*********************************************************************** # Sendmail settings. # # SendmailConfig sets the main directory for sendmail config files. # # SM_Domains is used to tell the filter to read domain names from # a sendmail file. The filter handles simple list files with one # domain on each line and mailertable file. The syntax is: # SM_Domains ,[filetype],[options] # Filetype specifies "list" or "table". If not specified, the filter # makes a guess based on the file name. # The following options are available at the moment: # ?: Just log if the file can't be opened (default). # !: Die if the file can't be opened. #*********************************************************************** #SendmailConfig /etc/mail SM_Domains mailertable SM_Domains virtdomains #*********************************************************************** # Settings for mail sent/handled by MD. # # DaemonAddress is used for most mails. # Mail sent to MailResultAddress are seen as result report queries. # Note: Only mail from explicitly whitelisted senders may generate a report. # Result reports are mailed through MailResultMailer (defaults to localhost). # If MailResultAttachOriginal is true, the analyzed mail is attached # to result report. # If MailResultAttachOriginal is true, the defanged mail is attached # to result report. # If MailResultVerify is true, queries must either be sent from trusted # hosts or be from verified senders. # Mail sent from hosts in WhiteNets (or authed) to SpamReportAddress are # saved in the SpamReportSpool directory. # Spam sent to the SpamReportAddress will also be forwarded to addresses # in SpamReportForward. # Mail sent from hosts in WhiteNets (or authed) to HamReportAddress # are saved in the HamReportSpool directory. # If StreamBlack is "our", "domain" or "recipient" then mail from relays # in black nets are streamed by StreamBlack. #*********************************************************************** DaemonAddress mailer-daemon@frukt.org MailResultAddress filter-result@frukt.org MailResultMailer 127.0.0.1:1587 MailResulAttachOriginal 1 MailResulAttachDefanged 1 MailResultVerify 1 SpamReportAddress spam-report@frukt.org HamReportAddress ham-report@frukt.org SpamReportSpool /var/spool/spam-reports HamReportSpool /var/spool/spam-reports SpamReportForward @{forward-spam} SpamReportSender reports@frukt.fsdb.org StreamBlack our PassAbuse 1 #*********************************************************************** # Settings for spam traps. # #*********************************************************************** SpamTrapSpool /var/spool/spam-trap SpamTrapAddresses @{spam-traps} SpamTrapReportRelay 1 Trap_MaxLoad 20 Trap_MaxSwap 10 Trap_Chance 20 #Trap_Keep #Trap_TimeWindow Trap_MaxWindow 15 #*********************************************************************** # Settings for bounce collection. # #*********************************************************************** BncCollect 1 #BncExpire 15*24*60*60 #*********************************************************************** # Settings for SpamAssassin. # # Set SALocalTestsOnly if you do not want to use SA's network tests. # Messages larger than SASizeLimit will not be scanned by SA. # Message that has allready been scanned for more than SAMaxScanTime, # will not be scanned by SpamAssassin. # If SAPreInit is true, SpamAssassin will be initialized at filter_init. # If SAPreCompile is true, SpamAssassin will also be precompiled. # SASuspiciousScore sets SpamAssassin hit when virus scanner find something. # If SASuspiciousBodyScore or SASuspiciousHeadScore is set, mail flagged # as having suspicious chars in body/header will generate SpamAssassin # hits instead of being quarantined/rejected. # SARemember tells the filter how long to remember spam messages. #*********************************************************************** SALocalTestsOnly 0 SASizeLimit 512*1024 SAMaxScanTime 25*60 SAPreInit 0 SAPreCompile 0 SASuspiciousScore 1 SASuspiciousBodyScore 5 SASuspiciousHeadScore 5 SARemember 60*60 SpamdSocket /var/run/spamd-mdf/spamd.sock SALocalMaxLoad 8 SALocalMaxSwap 12 SAOutboundMaxLoad 8 SAOutboundMaxSwap 12 #*********************************************************************** # Warning settings. # # If you set AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*********************************************************************** AddWarningsInline 1 #GeneralWarning WARNING: This e-mail has been altered by MIMEDefang at %s. #*********************************************************************** # Log settings. # # DebugLogLevel sets limit for debug logging. #*********************************************************************** DebugLogLevel 0 WhereLog 0 WhereLogTime 2 #AddressListLog 1 #*********************************************************************** # Anti-Virus Fetaures manual settings (paranoid?) # # When messages from whitelisted relays (or authenticated) have been # scanned for more than AVMaxScanTime seconds, virus scanning # is disabled. # Results for mail from local relays are cached AVCacheLocal seconds. # Results for mail from external relays are cached AVCacheExternal seconds. #*********************************************************************** #AVMaxScanTime 25*60 AVCacheLocal 20*60 AVCacheExternal 5*60 #*********************************************************************** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*********************************************************************** #MaxMIMEParts 50 #*********************************************************************** # Settings for security stuff. # # BadExtensions are forbidden extensions. # Attachments matching OfficeExtensions may not be executable files. # BadCSSExtensions are forbidden extensions for CSS in HTML. # # If RemovePartBadExtension is true, parts with bad extensions will # be removed and quarantined. #*********************************************************************** #RemovePartBadExtension 1 #BadExtensions (ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|fxp|hlp|hta|hto|ins|isp|jse?|lib|lnk|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|scr|sct|sh|shb|shs|sys|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\}) #OfficeExtensions (doc|xml|dot|rtf|wps|xls|xlt|csv|xlw|wk4|wk3|wk1|wks|xla|mdb|adp|dbf|ppt|pot|pps|ppa|wmf|emf|mpp|mpt|mpd|pub) #BadCSSExtensions (java|jscript|js|jar|exe) #SuspiciousHeadDiscard 0 #SuspiciousBodyDiscard 0 #VirusDiscard 0 #*********************************************************************** # Settings for blocking. # # If BlockRelay is true, connections will be blocked. # Normally you want to set this to a set of tests, so that only # connections matching those tests will be blocked. # # If BlockSender is true, senders will be blocked. # Normally you want to set this to a set of tests, so that only # senders matching those tests will be blocked. # # See "Exemption lists" for more info about the lists of tests. #*********************************************************************** BlockRelay ?!nsdb:15;?dnswl:list.dnswl.org,hostkarma.junkemailfilter.com=127.0.0.1,hostkarma.junkemailfilter.com=127.0.0.3 # ,karmasphere.email-sender-ip.dnswl.karmasphere.com BlockRelay dnsbl:3,dnsbl-1.uceprotect.net,combined.njabl.org,zen.spamhaus.org,dnsbl.sorbs.net,bl.spamcop.net,cbl.abuseat.org,hostkarma.junkemailfilter.com:127.0.0.2 # ,karmasphere.email-sender-ip.dnsbl.karmasphere.com BlockSender ?!nsdb:1;?ddnswl:list.dnswl.org,hostkarma.junkemailfilter.com=127.0.0.1,hostkarma.junkemailfilter.com=127.0.0.3 # ,karmasphere.email-sender.dnsbl.karmasphere.com BlockSender ddnsbl:zen.spamhaus.org,nomail.rhsbl.sorbs.net,rhsbl.ahbl.org,jwrh.dnsbl.net.au,block.rhs.mailpolice.com,in.dnsbl.org # ,karmasphere.email-sender.dnsbl.karmasphere.com #*********************************************************************** # Settings for checking headers. # # If FixHeaders is set, some headers are modified because they # might mean trouble for some software. # If CheckReceived is true, helo and relay checks will be done on # received headers. #*********************************************************************** #FixHeaders 1 #CheckReceived 0 #*********************************************************************** # Settings for cleaning HTML. # # If DisableBadHTML is set, some html tags/attributes will be # disabled, and some warnings might get inserted in the text. # Parts larger than DBH_SizeLimit will not be checked for this. # If DBH_Report is true, cleaning reports will be created and put in # quarantine dir. # If DBH_ReportDiff is true, difference will be added to reports. # Redundant HTML will be removed for mails to RemoveRedundantHTMLFor. #*********************************************************************** #DisableBadHTML 1 #DBH_SizeLimit 1024*1024 #DBH_Report 1 #DBH_ReportDiff 1 #RemoveRedundantHTMLFor (.*-l@|.*@.*\.|.*list.*@)frukt\.org #*********************************************************************** # Settings for sender rewriting. # # If SRS_Domain and SRS_Secret are set, mail send to the outside will # have get the envelope sender rewritten using the SRS if it is not # from a local domain. # SRS_Domain sets the domain part of the rewritten address. # SRS_Secret is a secret key used when generating the new sender in # order to make forging harder. # If SRS_CopyBounce is true, a copy of bounces to or SRS addresses # will be sent to SRS_CopyBounce if it is an email address or else # to AdminAddress. # # If one or more of SRS_DSNCaptureRelayNet, SRS_DSNCaptureRelayHost, # SRS_DSNCaptureRecipient, SRS_DSNCaptureSender, SRS_DSNCaptureFrom, # SRS_DSNCaptureTo and SRS_DSNCaptureSubject are specified, any # recognized and matching DSN of a DSN to an SRSed sender will be # captured and sent to the original senders. # # Generated addresses are valid for GSND_Expire seconds, and will # be ignored by the reverse rewriter after that time. # If specified, GSND_MaxReturns sets a high limit on the number of # return per recipient are accepted for a generated address. # # GSND_Keep tells the cleaner how long to keep records. #*********************************************************************** SRS_Domain srs.frukt.org SRS_Secret @{srs-secret} SRS_CopyBounce 1 SRS_DSNCaptureRecipient postmaster@frukt.fsdb.org SRS_DSNCaptureSubject Postmaster\s+notify:\s+see\s+transcript\s+for\s+details SRS_DSNCaptureRelayNet (127\.0\.0\.1|10\.0\.\d{1,3}\.\d{1,3}) #GSND_MaxReturns 3 GSND_Expire 60*24*60*60 GSND_Keep 90*24*60*60 #*********************************************************************** # Settings for SMTP check cache. # # SMTP_CacheGood sets the time for wich a CONTINUE result will be cached. # SMTP_CacheFail sets the time for wich a TEMPFAIL result will be cached. # SMTP_CacheBad sets the time for wich a REJECT result will be cached. # SMTP_CacheGoodError sets the time for wich a CONTINUE result will be # cached for use when check results in errors. # # SMTP_Keep tells the cleaner how long to keep records. #*********************************************************************** SMTP_CacheGood 60*60 SMTP_CacheFail 10*60 SMTP_CacheBad 60 SMTP_CacheGoodError 7*24*60*60 SMTP_Keep 14*24*60*60 #*********************************************************************** # Settings for EXPN check. # # EXPN_Servers specifies servers we expand mail addresses with. # EXPN_Cache sets the time for wich a result will be cached. # If EXPN_LocalOnly is set, only addresses that are expanded to # OurDomains will actually be changed. # # EXPN_Keep tells the cleaner how long to keep records. #*********************************************************************** EXPN_Servers 10.0.6.11 EXPN_LocalOnly 1 EXPN_Cache 20*60 EXPN_CacheError 7*24*60*60 EXPN_Keep 14*24*60*60 #*********************************************************************** # Settings for relaydb inspired auto-blacklist. # # This filter implements a blacklist inspired by relydb available from # the OpenBSD ports tree. It counts spam/ham for relay IP addresses like # relaydb. but it also (optionally) counts for verified (by SPF, DKIM and # DomainKeys) sender addresses (if RDB_Sender is true) and domains (if # RDB_Domain) is true. # # Set RelayDB to true to use this list. # # mail with ($hits > RDB_BlackList) will be counted as spam # mail with ($hits < RDB_WhiteList) will be counted as non-spam # # black count must be at least RDB_MinBlack for rejection to occur. # white count must not be more than RDB_MaxWhite if rejection should occur. # (black count/white count) must be at least RDB_Ratio for rejection to occur. # Entries that has not been touched in RDB_Expire secs will not be processed. # # A value of -1 turns of a specific check. # # If RDB_Touch is true, the relaydb records will be touched when a host # is blocked. # If RDB_StampGrey is true, the relaydb records will be stamped whenever # a mail is received, otherwise they will only be stamped when a mail # is counted as spam or ham. The stamp is checked by the cleaner when # removing old records. # If RDB_Virus is true, infected mail are counted as well as spam. # # RDB_Keep tells the cleaner how long to keep records. #*********************************************************************** RelayDB 1 RDB_Touch 0 RDB_StampGrey 0 RDB_BlackList 12 RDB_WhiteList 3 RDB_MinBlack 10 RDB_MaxWhite -1 RDB_Ratio 30 RDB_Sender 0 RDB_Domain 0 RDB_Virus 1 RDB_OOOSmtpd 1 RDB_Expire 30*24*60*60 RDB_Keep 90*24*60*60 #*********************************************************************** # Settings for spam hash list. # # Entries that has not been touched in SDB_Expire secs will not be processed. # # SDB_Keep tells the cleaner how long to keep records. #*********************************************************************** SpamDB 1 SDB_Expire 7*24*60*60 SDB_Keep 90*24*60*60 #*********************************************************************** # Settings for no spam auto white list. # # Set NoSpamDB true to use this. # # mail with ($hits > NSDB_BlackList) will be counted as spam # mail with ($hits < NSDB_WhiteList) will be counted as non-spam # # If an address has more than NSDB__Count ham and 0 (zero) spam, it will # bypass the spamassassin check. # may be one of "sender", "relay" or "domain". # Setting a count to 0 (zero) or below disables whitelisting for that type. # Setting a count to 0 (zero) disables counting for that type. # # If NSDB_RememberSpam is true, spams will be remembered until cleaned. # # Entries that has not been touched in NSDB_Expire secs will not be processed. # # NSDB_Keep tells the cleaner how long to keep records. #*********************************************************************** NoSpamDB 1 NSDB_BlackList 5 NSDB_WhiteList 0 NSDB_Sender_Count 100 NSDB_Relay_Count -1 NSDB_Domain_Count -1 NSDB_RememberSpam 1 NSDB_OOOSmtpd 1 NSDB_Expire 7*24*60*60 NSDB_Keep 90*24*60*60 #*********************************************************************** # Settings for sent out list. # # If SentOutDB is true, information about messages sent *out* from # this system will be saved. # # Entries that has not been touched in Out_Expire secs will be ignored. # # Out_Keep tells the cleaner how long to keep records. #*********************************************************************** SentOutDB 1 Out_Expire 30*24*60*60 Out_Keep 90*24*60*60 #*********************************************************************** # Settings for greylisting. # # For an explanation of what the purpose of this is, and maybe a hint as to # what values to enter, "check http://projects.puremagic.com/greylisting/". # I think they recommend something like this: # GDB_Black = 1*60*60; # GDB_Grey = 5*60*60; # GDB_White = 36*24*60*60; # GDB_Subnet = 1; # # If Greylist is true, greylisting will be used. # # You can also set Greylist to a list of tests. If you do that, only # hosts that match those tests will be greylisted. # See "Exemption lists" for more info. # # Greylisting is done on a triplet of sending hosts IP, mail from: and # rcpt to:. # # When a session with a new triplet arrives, all sessions with that # triplet will be tempfailed for GDB_Black seconds. # After GDB_Black seconds it will be white-listed for GDB_Grey # seconds. # If a session for the triplet arrives within the GDB_Grey white-listing # period, it will then be white-listed for GDB_White seconds. # If a session for a triplet arrives within the GDB_White white-listing # period, it will be white listed for another GDB_White seconds. # # When a mail gets a spam-score above GDB_Reset, the greylist status for it's # triplet will be reset (wich means the next session with that triplet will be # treaded as though it's a new triplet). # If GDB_ResetHost is true, all triplets from the same host IP will be reset # whenever a spam triggers the reset. # # If GDB_HostWhite is set, hosts will be whitelisted for that time # after a mail from them has been accepted. This will be reset when a mail get # a spam score greater than GDB_HostReset. # If GDB_HostBlack is set, a host will be blacklisted for that time after # it's very first connection attempt. # # If GDB_Subnet is true, only the first 3 octes of the IP-addresses will be # used in the greylist. # If GDB_FromDomain is true, only the domain part of the mail from: address # will be used in the greylist. # If GDB_ToDomain is true, only the domain part of the rcpt to: address # will be used in the greylist. # If GDB_FromStrip is true, some stuff in the user part of the mail from: # address will be replaced in order to handle mailinglists and some other # stuff better. # If GDB_ToStrip is true, some stuff in the user part of the rcpt to: # address will be replaced in order to handle use parameters and some other # stuff better. # # GDB_Keep, GDB_KeepHost and GDB_KeepMsg tells the cleaner how long to keep # the database records. #*********************************************************************** Greylist !hfqdn;!rdns;spff;?os:novell GreyList ?dnswl:list.dnswl.org,hostkarma.junkemailfilter.com=127.0.0.1,hostkarma.junkemailfilter.com=127.0.0.3 GreyList d;!fcdns;?s;?sodb;?mx #GreyList !c:se,org GreyList rdb;nsdb Greylist dnsbl:combined.njabl.org,dnsbl.sorbs.net,dob.sibl.support-intelligence.net,hostkarma.junkemailfilter.com:127.0.0.2 Greylist dnsbl:dnsbl-3.uceprotect.net,dnsbl-2.uceprotect.net,dnsbl-1.uceprotect.net Greylist dnsbl:fresh.spameatingmonkey.net,bl.spameatingmonkey.net GreyList ?c:se,org GDB_Black 3*60 GDB_Grey 72*60*60 GDB_White 36*24*60*60 GDB_HostWhite 7*24*60*60 GDB_HostBlack 10 GDB_Reset 20 GDB_HostReset 5 #GDB_ResetHost 0 GDB_Subnet 1 GDB_FromDomain 0 GDB_FromStrip 1 GDB_ToDomain 0 GDB_ToStrip 1 GDB_Log 1 GDB_Keep 60*24*60*60 GDB_KeepHost 60*24*60*60 GDB_KeepMsg 60*24*60*60 #*********************************************************************** # Sender check settings. # # SC_CacheValid sets the time until a valid address will be re-checked. # SC_CacheUnknown sets the time until an address with an uncertain result # will be re-checked. # SC_CacheInvalid sets the base time until an invalid address will be # re-checked. # SC_CacheInvalid_add will be added to the cache time for an invalid # address for every connection except the first one. # SC_CacheInvalid_max sets a maximum value that the cache time for an # invalid address can get. # # SC_Keep tells the cleaner how long to keep records. #*********************************************************************** SC_CacheValid 7*24*60*60 SC_CacheInvalid 60*60 SC_CacheUnknown 7*24*60*60 SC_CacheInvalid_Add 60*60 SC_CacheInvalid_Max 24*60*60 SC_Keep 30*24*60*60 #*********************************************************************** # MX check settings. # # If MXCheck is true, senders domains will be checked with # Net::validMX::check_valid_mx. # If MX_Tempfail is true, invalid MX will result in a temporary # failure, otherwise it rsults in a permanent reject. # # MX_CacheValid sets the time until a valid MX will be re-checked. # MX_CacheInvalid sets the time until an invalid MX will be # re-checked. # # MX_Keep tells the cleaner how long to keep records. #*********************************************************************** MXCheck 1 MX_Tempfail 1 MX_CacheValid 7*24*60*60 MX_CacheInvalid 60 MX_Keep 30*24*60*60 #*********************************************************************** # Authenticity check settings. # # If DKCheck is true, DomainKeys will be verified. # If DKIMCheck is true, DKIM will be verified. # If SPFCheck is true, SPF will be verified. # If SMIMECheck is true, S/MIME will be verified. # If PGPCheck is true, SPF will be verified. # Connections from AuthPassNets are seen as verified. # If AuthFailWarning is true, a warning will be added to messages # that hard-failed an authenticity check. #*********************************************************************** AuthFailWarning 1 AuthPassNets 127.0.0.1 DKCheck 1 DKIMCheck 1 SPFCheck 1 SMIMECheck 1 PGPCheck 1 #*********************************************************************** # Hashcash settings. # # If HashCash is true, hashcash headers will be added to mail not # destined to our domains. # Hashcash will not be added to mail more than HC_MaxRecipients # recipients (default 20). # Unless HX_Size is specified, hashcash will be created with a size # estimated to take HC_WorkTime seconds (default 10) to make # (per recipient), or 20 bits if the estimation fails. # When hascashes for a message has (together) taken more than # HC_MaxTime to add, no more hascashes will be added. # No hashcash is added when 1 minute load average exceeds HC_MaxLoad. # No hashcash is added when swap percentage exceeds HC_MaxSwap. #*********************************************************************** HashCash 1 #HC_MaxRecipients 10 #HC_WorkTime 20 HC_MaxTime 240 HC_Size 22 HC_MaxLoad 12 HC_MaxSwap 15 #*********************************************************************** # Dictionary / Abuse check settings. # # If DC_TimeWindow and DC_Limit and/or DC_LimitPerTime are set then # connections will be checked for some abusive behaviour attacks. # # Note: The dictionary check list is kept in RAM and therefore each # MD child has it's own list. # # Entries are purged when they are older than DC_TimeWindow seconds. # If there are more than DC_Limit entries (after purging) for a host, # it will be temp-failed. The following specifies what events will # add entries to the database. # # DC_UnknownUser unknown user (including relay attempt) # DC_GreyNew new greylist triplet # DC_InvalidMX invalid MX record # DC_BadHelo forged HELO # DC_BlackHost black hosts # DC_Virus virus found # DC_LostConnection connection was lost # DC_Timeout communication timeout # DC_BadSender bad mail from address 1 # DC_Noop no action command given # DC_Abuse abusive behaviour # # This list is not checked for hosts thar are white-listed in the # greylist (see GDB_HostWhite above). # # DC_Keep tells the cleaner how long to keep records. #*********************************************************************** DC_GreyNew 1 DC_UnknownUser 1 DC_InvalidMX 1 DC_BadHelo 1 DC_BlackHost 1 DC_Virus 1 DC_LostConnection 1 DC_Timeout 1 DC_BadSender 1 #DC_Noop 1 DC_Abuse 1 DC_OOOSmtpdConnect 1 DC_OOOSmtpdData 1 DC_TimeWindow 3*60 DC_Limit 10 DC_LimitPerTime 0.2 DC_Keep 24*60*60 #*********************************************************************** # Attach replacement settings. # # If attachments_path and attachments_url are set, attachments bigger than # attachment_max_size will be saved to under attachment_path and replaced # with a link to the saved atachment at attachemnt_url. # If attachments_maxmailsize is set, all attachments will be replaced for # mail larger than this. # Attaches smaller than attachments_min_size will not be replaced. # # Some separate utility (such as tmpreaper) is needed for cleaning. #*********************************************************************** attachments_path /var/spool/www #attachments_meta .meta attachments_url http://gateway.frukt.org/spool attachments_maxsize 10240 attachments_hardlimit 32*1024*1024 #attachments_maxsize 10*1024*1024 #attachments_min_size 512*1024 attachments_recipients testjonas@frukt.org,testted@frukt.org attachments_domain fil.frukt.org #*********************************************************************** # Settings for options setting mailers. # # Relays identifying themselves (through HELO) as *.RelayOptionsDomain # may set some options (also through HELO) for how they are handled. # Options are set with by prepending them to the domain. Like this: # outsider.notempfail.relay-options.frukt.org # # Currently the following options are recognized: # outsider : Partially treat this connection as coming from the outside. # notempfail : Prefer permanent failure to tempfail. #*********************************************************************** RelayOptionsDomain relay-options.frukt.org #*********************************************************************** # High and low scores settings. #*********************************************************************** hilo_keep 366*24*60*60 hilo_entries 10 hilo_margin 10 #*********************************************************************** # Silly settings. #*********************************************************************** SillyFortunes /usr/local/share/games/fortune/mod/_recursive-multiliners SillyOneliners /usr/local/share/games/fortune/mod/_recursive-oneliners SillyExclaim Hubba, hubba, hopp! #*********************************************************************** # Settings for database. # # The database is used by greylisting, dictionary lists and sender # validation cache. # # The database *must* be created/updated by mdfdb-clean.pl before this # filter can use it. # # Database_Spec is a DBI database specification. # Currently this filter is using SQL syntax only checked to work with # DBD::SQLite and DBD::mysql. # # The sa_database_* settings specify database ujsed by our SpamAssassin # plugins. # #*********************************************************************** #Database_Spec dbi:SQLite:dbname=/var/spool/MIMEDefang/filterdata.db #Database_spec dbi:SQLite:dbname=./filterdata.db #Database_User #Database_Pass database_spec DBI:mysql:mdf:localhost database_user md database_pass vetet sa_database_spec DBI:mysql:gsa:localhost sa_database_user sa sa_database_pass bulle #*********************************************************************** # Settings for reports. # # if quarantine_url is set, mailed reports may link to quarantined mail. #*********************************************************************** quarantine_url http://gateway.frukt.org/quarantine spamparse_url http://gateway.frukt.org/reports #*********************************************************************** # Exemption lists. # # A list of tests that hosts/connections must match for something to # occur. Used for greylist and blocking. #*********************************************************************** # If a test is prefixed with "!" or "not " it will count as a match when # it doesn't match. # If it is prefixed with "?" or "except " (before eventual "!" or "not ") # a match means that the greylist will not be used. # The following tests are available: # # Dynamic : Matches on dynamic-looking reverse lookup hostnames. # Server : Matches on reverse lookup hostnames looking like server names. # MX : Checks if server is MX for some stuff. # DNSBL[:domain,domain,...] : Checks the IP addresses in the listed DNS # blacklists. If not blacklists are listed, default lists is used. If the # first "domain" is a number, the IP must be found in that number of lists. # Country<:country_or_code,country_or_code,...> : Matches the top level part # of the domain and the country or country coce of origin for the IP address. # OperatingSystem<:strings> : Matches against the OS reported by IP2OS. # Host<:domain,domain,...> : Matches against the reverse lookup hostname. # RelayDB : Matches if IP address has one or more spam in the relaydb. # NoSpamDB : Matches if relay or sender has remembered spam in the nospamdb. # SentOutDB : Maches if mail looks like a reply to a mail in the sent out db. # SPFPass : Matches if mail passes SPF # SPFFail : Matches if maill failes SPF # All : Allways matches. #*********************************************************************** # External files. # # The filter will look for the files in the subdir "filter" in the # MIMEDefang config dir, in the MIMEDefang config, in /etc/mail and # in /usr/local/etc/mail. # # It will look for files named as below and prefixed "mimedefang-". # # There are a couple of file formats: # # Plain files are simple files with an IP addresses or host names on each # line. # # List files are files with one address specifier on each line. The address # specifier is a keyword followed by space and an address. The addresses are # regular expressions. The currently known keywords are: # Host A IP address or hostname. # Sender A mail address. # Some lists may allow keyword-prefixes. In that case the keyword has the # prefix and an underscore prepended. # # Filtered list files are list files with an extra value and space prepended # to each line. This extra value must match for the line to be checked. # # Email lists are lists where each line contains a keyword specifier followed by # space and an address. The keyword specifier is a comma separated list of # keywords. The address is a regular expression. # # In the common lists, a ! as the first character on a line means that if the # rest of the line matches the a non-match will occur. # # The list type will be noted in () after the name below. #*********************************************************************** # antivirus (special) # ! # : # # @ # = # # This file contains settings for MIMEDefangs antivirus features. # # Lines of the format "!" will disable that scanner. # Lines of the format ": will disable that scanner # when load average is higher than . # Lines of the format "%: will disable that scanner # when swap usage is more percent of total memory. # Lines of the format " " will configure that scanner. # # Lines of the format # "@: [: ...] [rule [desc]]" # specifies mapping from virus results matching the regexes to spam hits. # The regex will be used as /^$/i. can be one of: # type message or entity # code The scanners result code # category The results category # action The suggested action # virusname The name of the found virus/threat # map:file[:name] Match against map file formated "name regex" # If [rule] is not specified, $VirusName will be used as rule name. # When a virus scan result matches all regexes for one line, it will # be used as an additional hit for the spam score and will *not* be # handled as a virus. # If is "-", the virus hit will just be removed. # If is prefixed with a = the rest of the remaining maps will be # ignored. # # Lines of the format # "=: [: ...] ," # specifies mapping from virus results to ne virus results. # # Example: # # NAI broke in the new FreeBSD. Need some very old compatibility stuff. # !NAI # # Wasn't there when MD was installed? # FPROT /usr/local/bin/f-prot # # Wasn't there when MD was installed? To resource hungry, temporarily disabled? # BDC /usr/local/bin/bdc # 16:BDC # # Phishes aren't really viruses, but we still don't like them. # @ category:virus virusname:.*Sanesecurity.* map:/var/db/clamav/virusmaps:sanesecurity.* =5.0 # @ category:virus virusname:.*MSRBL.* map:/var/db/clamav/virusmaps:msrbl.* =5.0 # @ category:virus virusname:(Email|HTML)\.Phishing\..* 10.0 # # Some virus hits aren't. # @category:virus virusname:(?:PE\.)?[A-Za-z0-9]+\.ExceededFileSize =- # # Some aren't, but are still bad # =category:virus virusname:[A-Za-z0-9]+\.Exceeded(?:Files|Recursion)Limit suspicious,quarantine # =category:virus virusname:Oversized\.[A-Za-z0-9]+ suspicious,quarantine # =category:virus virusname:Broken.Executable suspicious,quarantine # backups (list) # # This file contains IP or domain addresses of your backup MX server. # # Example: # Host 195.67.112.221 # Host backup-mx.frukt.org # blacklist (list) # # This list identifies senders from wich we do not accept mail. # # Example: # Sender big\@boss\.com # Sender club\@dtftravel\.emv1\.com # Host (.*\.|)artprice\.com # Host (.*\.|)artmarket\.com # blacklist-by-recipient (filtered list) # # This list does the same as "blacklist", but filtered on the recipient # address. # # Example: # .*\@om\.srfriks\.org Sender nyhetsbrev\@dagensps\.se # listserv\@frukt\.org Sender alert\@bankofamerica\.com # annonsisrfhuset\@om\.srfriks\.org Host .* # rcpt-map (special) # # # This maps recipient domains to address to check for deliverability # thorugh SMTP sesssions to MX servers. # # The address spec is used like this: sprintf(spec,user,domain) # # Example: # exkomp.frukt.org %s@exkomp.nu # recipient-whitelist (email list) # # This list bypasses some checks based on recipient. The keywords are: # grey Bypass the greylist. # spam Bypass the spam check. # relay Bypass relay checks against Received headers. # security Bypass virus and securoity checks. # html Bypass HTML cleaning. # # Example: # grey,spam lars.*\@frukt.org # grey,spam nilsson.*\@fsdb.org # sender-whitelist (email list) # # This list bypasses some checks based on sender. The keywords are: # sendercheck Bypass sender check. # relaydb Bypass relaydb. # result Allow result queries. # # Example: # result jpe\@algonet\.se # sendercheck rbl\@iris\.se # spamassassin-bypass (list) # # This list specifies senders for wich the SpamAssassin check will # be bypassed. It has the follwing keyword-prefixes: # verified Only check on verified addresses. # Only check addresses verified by . # # Example: # !Host mail\d+\.anp\.se # !Sender bounce\@mail\.anp\.se # Host 209\.237\.227\.199 # Host 206\.191\.13\.82 # Verified_Sender .*\@[^.@]+\.apache\.org # Verified_Sender .*\@regeringen\.se # Verified_Sender .*\@lists\.roaringpenguin\.com # SPF_Sender .*\@domain.tld # DKIM_Sender .*\@domain.tld # virus-bypass (plain) # # This list specifies senders for wich mails will not be checked for # viruses. The format is the same as for spamassassin-bypass, but # any keyword may be prefixed with a scanner name to limit the bypass # to that scanner. # # Example: # 10.0.6.2 # 10.0.6.10 # whitelist (list) # # Mail from addresses listed in this file will bypass a whole bunch # of the checks. # # Example: # Host 213\.150\.135\.181 # Host 213\.150\.135\.182 # whitelist-by-recipient (filtered list) # # Mail from senders specified in this file will not be checked against # blacklist-by-recipient. # # Example: # gurkor\@frukt\.org Host .*\.iris\.se # boilerplates (special) # #
[format:] # # Specifies boilerplates that should be added to mail. #
is a email address regular expression that specifies for wich # senders the boilerplate should be added. # spcifies the name of the boilerplate source. This file will be # searched for the same way as config files. If the file name ends in .html, # the file is handled as a HTML file, otrherwise as a plain text file. # [format] specifies the format of the added boilerplate. The following # formats may be used (the default is A); # B Add both a text and a html part. # T Add a text part. # H Add a html part. # A A a html part if the boilerplate was a html file, # otherwise add a text part. # # Example: # .*\@fsdb.org T:fsdb_move # users@ (special) # # Lists mail users at . # # @ = # # # Contains one user per line. # Lines starting with "!" results in a negative match. # Lines starting with "@" are settings, as follows: # @delimiter Sets a regex delimiting user and extra info. Often +. # @default Sets the result when no match is found (normally 0). # @definitive If unset, matching addresses may still be checked # against storing server. # # Example: # !baduser # jonas # kalle # local-delivery (special) # # Lists addresses for wich mail should be locally delivered to a directory. # #
[-+=>] # # One adress (regular expression) per line. # Optional action specs (default is "="): # > Deliver locally only. # - --"-- # = Deliver a copy locally. # + --"-- # Path must be terminated with "/". # # Example: # forget\@fsdb.org > /var/spool/mail.forget/ # wastespace\@fsdb.org = /var/spool/wasted.space/ # flags (special) # # Specifies custom headers that should be added when a criterium is matched. # # #
: # # When matching lines, the header "X-Filter-Flags" with all matching # flags (separated by ,) will be inserted. # # When matching
lines, the specified header will be inserted with # the specified value. Underscores in the value will be replaced with space. # # The currently available test is # header
# where
is the name of a mail header, and will be matched # against the headers value(s). # # Example: # gone header Envelope-To null\@dev.frukt.org # X-Destination: Nowhere header Envelope-To null\@dev.frukt.org