mdf: The configuration

#***********************************************************************
#
# mimedefang-filter config
#
# $Id: filter.conf,v 1.90 2009/04/29 18:05:01 jonas Exp $
#
#***********************************************************************
$Revision: 1.90 $

#***********************************************************************
# Host, domain and mail adresses settings.
#
# AdminAddress receives reports.
# AdminContactAddress is listed as the contact for site-wide policy.
# MyFilterHostName is this hosts name.
# MyFilterHostNames are aliases for this host.
# OurDomains are domains we accept mail for. Note that more domains might
# get added through some sendmail conf files.
# NoUserDomains are domains in wich there are no users.
# If CanAuthenticate is false, authentication will not be checked.
# Mail to WantsReports can have Spam reports added.
# WhiteNets specifies a small list of whitelisted nets.
# OurNets specifies our external IP addresses.
#***********************************************************************
AdminAddress		reports@frukt.fsdb.org
AdminContactAddress	jonas@frukt.org
AdminName		Jonas Eckerman
MyFilterHostName	chip.frukt.org
MyFilterHostNames	chip.frukt.org,chip.i.frukt.org,monty.frukt.org
OurDomains		frukt.org,fsdb.org,truls.org,menvafan.net,edbn.org,wfdb.org
NoUserDomains		10.frukt.org,.*[^-_.a-zA-Z0-9].*\.frukt\.org
LocalNets		10\.0\.\d{1,3}\.\d{1,3}
WhiteNets		195.67.112.193/255.255.255.224; 10.0.0.0/255.255.0.0
OurNets			195.67.112.193/255.255.255.224
#CanAuthenticate	1
#WantsReports		jonas@frukt.org,jonas@truls.org,jonas@fsdb.org
WantsExtraHeaders	@{extraheaders}

#***********************************************************************
# Settings for user/recipient SMTP checks.
#
# NoCheckUserDomains are domains for wich we don't check recipients
# against smtp-servers. Subdomains are autoincluded.
# NoCheckUserServers are storing servers we don't check recipients
# against.
# If CheckUserErrorContinue is true, return CONTINUE instead of TEMPFAIL
# when checking results in errors.
#***********************************************************************
#NoCheckUserDomains	frukt.org
NoCheckUserServers	mailout.telia.com
#CheckUserErrorContinue  1

#***********************************************************************
# Sendmail settings.
#
# SendmailConfig sets the main directory for sendmail config files.
#
# SM_Domains is used to tell the filter to read domain names from
# a sendmail file. The filter handles simple list files with one
# domain on each line and mailertable file. The syntax is:
# SM_Domains ,[filetype],[options]
# Filetype specifies "list" or "table". If not specified, the filter
# makes a guess based on the file name.
# The following options are available at the moment:
# ?: Just log if the file can't be opened (default).
# !: Die if the file can't be opened.
#***********************************************************************
#SendmailConfig		/etc/mail
SM_Domains		mailertable
SM_Domains		virtdomains

#***********************************************************************
# Settings for mail sent/handled by MD.
#
# DaemonAddress is used for most mails.
# Mail sent to MailResultAddress are seen as result report queries.
# Note: Only mail from explicitly whitelisted senders may generate a report.
# Result reports are mailed through MailResultMailer (defaults to localhost).
# If MailResultAttachOriginal is true, the analyzed mail is attached
# to result report.
# If MailResultAttachOriginal is true, the defanged mail is attached
# to result report.
# If MailResultVerify is true, queries must either be sent from trusted
# hosts or be from verified senders.
# Mail sent from hosts in WhiteNets (or authed) to SpamReportAddress are
# saved in the SpamReportSpool directory.
# Spam sent to the SpamReportAddress will also be forwarded to addresses
# in SpamReportForward.
# Mail sent from hosts in WhiteNets (or authed) to HamReportAddress
# are saved in the HamReportSpool directory.
# If StreamBlack is "our", "domain" or "recipient" then mail from relays
# in black nets are streamed by StreamBlack.
#***********************************************************************
DaemonAddress		mailer-daemon@frukt.org
MailResultAddress	filter-result@frukt.org
MailResultMailer	127.0.0.1:1587
MailResulAttachOriginal	1
MailResulAttachDefanged	1
MailResultVerify	1
SpamReportAddress	spam-report@frukt.org
HamReportAddress	ham-report@frukt.org
SpamReportSpool		/var/spool/spam-reports
HamReportSpool		/var/spool/spam-reports
SpamReportForward	@{forward-spam}
SpamReportSender	reports@frukt.fsdb.org
StreamBlack		our
PassAbuse		1

#***********************************************************************
# Settings for spam traps.
#
#***********************************************************************
SpamTrapSpool		/var/spool/spam-trap
SpamTrapAddresses	@{spam-traps}
SpamTrapReportRelay	1
Trap_MaxLoad		20
Trap_MaxSwap		10
Trap_Chance		20
#Trap_Keep
#Trap_TimeWindow
Trap_MaxWindow		15

#***********************************************************************
# Settings for bounce collection.
#
#***********************************************************************
BncCollect		1
#BncExpire		15*24*60*60

#***********************************************************************
# Settings for SpamAssassin.
#
# Set SALocalTestsOnly if you do not want to use SA's network tests.
# Messages larger than SASizeLimit will not be scanned by SA.
# Message that has allready been scanned for more than SAMaxScanTime,
# will not be scanned by SpamAssassin.
# If SAPreInit is true, SpamAssassin will be initialized at filter_init.
# If SAPreCompile is true, SpamAssassin will also be precompiled.
# SASuspiciousScore sets SpamAssassin hit when virus scanner find something.
# If SASuspiciousBodyScore or SASuspiciousHeadScore is set, mail flagged
# as having suspicious chars in body/header will generate SpamAssassin
# hits instead of being quarantined/rejected.
# SARemember tells the filter how long to remember spam messages.
#***********************************************************************
SALocalTestsOnly	0
SASizeLimit		512*1024
SAMaxScanTime		25*60
SAPreInit		0
SAPreCompile		0
SASuspiciousScore	1
SASuspiciousBodyScore	5
SASuspiciousHeadScore	5
SARemember		60*60
SpamdSocket		/var/run/spamd-mdf/spamd.sock

#***********************************************************************
# Warning settings.
#
# If you set AddWarningsInline to 1, then MIMEDefang tries *very* hard
# to add warnings directly in the message body (text or html) rather
# than adding a separate "WARNING.TXT" MIME part.  If the message
# has no text or html part, then a separate MIME part is still used.
#***********************************************************************
AddWarningsInline	1
#GeneralWarning		WARNING: This e-mail has been altered by MIMEDefang at %s.

#***********************************************************************
# Log settings.
#
# DebugLogLevel sets limit for debug logging.
#***********************************************************************
DebugLogLevel		0
WhereLog		0
WhereLogTime		2
#AddressListLog		1

#***********************************************************************
# Anti-Virus Fetaures manual settings (paranoid?)
#
# When messages from whitelisted relays (or authenticated) have been
# scanned for more than AVMaxScanTime seconds, virus scanning
# is disabled.
# Results for mail from local relays are cached AVCacheLocal seconds.
# Results for mail from external relays are cached AVCacheExternal seconds.
#***********************************************************************
#AVMaxScanTime		25*60
AVCacheLocal		20*60
AVCacheExternal		5*60

#***********************************************************************
# Uncomment this to block messages with more than 50 parts.  This will
# *NOT* work unless you're using Roaring Penguin's patched version
# of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later.
#
# WARNING: DO NOT SET THIS VARIABLE unless you're using at least
# MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail.
#***********************************************************************
#MaxMIMEParts		50

#***********************************************************************
# Settings for security stuff.
#
# BadExtensions are forbidden extensions.
# Attachments matching OfficeExtensions may not be executable files.
# BadCSSExtensions are forbidden extensions for CSS in HTML.
#
# If RemovePartBadExtension is true, parts with bad extensions will
# be removed and quarantined.
#***********************************************************************
#RemovePartBadExtension	1
#BadExtensions		(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|fxp|hlp|hta|hto|ins|isp|jse?|lib|lnk|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|scr|sct|sh|shb|shs|sys|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})
#OfficeExtensions	(doc|xml|dot|rtf|wps|xls|xlt|csv|xlw|wk4|wk3|wk1|wks|xla|mdb|adp|dbf|ppt|pot|pps|ppa|wmf|emf|mpp|mpt|mpd|pub)
#BadCSSExtensions	(java|jscript|js|jar|exe)
#SuspiciousHeadDiscard	0
#SuspiciousBodyDiscard	0
#VirusDiscard		0

#***********************************************************************
# Settings for blocking.
#
# If BlockRelay is true, connections will be blocked.
# Normally you want to set this to a set of tests, so that only
# connections matching those tests will be blocked.
#
# If BlockSender is true, senders will be blocked.
# Normally you want to set this to a set of tests, so that only
# senders matching those tests will be blocked.
#
# See "Exemption lists" for more info about the lists of tests.
#***********************************************************************
BlockRelay	?!nsdb:15;?dnswl:list.dnswl.org,karmasphere.email-sender-ip.dnswl.karmasphere.com,hostkarma.junkemailfilter.com=127.0.0.1,hostkarma.junkemailfilter.com=127.0.0.3
BlockRelay	dnsbl:3,dnsbl-1.uceprotect.net,combined.njabl.org,zen.spamhaus.org,dnsbl.sorbs.net,bl.spamcop.net,cbl.abuseat.org,hostkarma.junkemailfilter.com:127.0.0.2
#		,karmasphere.email-sender-ip.dnsbl.karmasphere.com
BlockSender	?!nsdb:1;?ddnswl:list.dnswl.org,karmasphere.email-sender.dnsbl.karmasphere.com,hostkarma.junkemailfilter.com=127.0.0.1,hostkarma.junkemailfilter.com=127.0.0.3
BlockSender	ddnsbl:zen.spamhaus.org,nomail.rhsbl.sorbs.net,rhsbl.ahbl.org,jwrh.dnsbl.net.au,block.rhs.mailpolice.com,in.dnsbl.org,karmasphere.email-sender.dnsbl.karmasphere.com

#***********************************************************************
# Settings for checking headers.
#
# If FixHeaders is set, some headers are modified because they
# might mean trouble for some software.
# If CheckReceived is true, helo and relay checks will be done on
# received headers.
#***********************************************************************
#FixHeaders		1
#CheckReceived		0

#***********************************************************************
# Settings for cleaning HTML.
#
# If DisableBadHTML is set, some html tags/attributes will be
# disabled, and some warnings might get inserted in the text.
# Parts larger than DBH_SizeLimit will not be checked for this.
# If DBH_Report is true, cleaning reports will be created and put in
# quarantine dir.
# If DBH_ReportDiff is true, difference will be added to reports.
# Redundant HTML will be removed for mails to RemoveRedundantHTMLFor.
#***********************************************************************
#DisableBadHTML		1
#DBH_SizeLimit		1024*1024
#DBH_Report		1
#DBH_ReportDiff		1
#RemoveRedundantHTMLFor	(.*-l@|.*@.*\.|.*list.*@)frukt\.org

#***********************************************************************
# Settings for sender rewriting.
#
# If SRS_Domain and SRS_Secret are set, mail send to the outside will
# have get the envelope sender rewritten using the SRS if it is not
# from a local domain.
# SRS_Domain sets the domain part of the rewritten address.
# SRS_Secret is a secret key used when generating the new sender in
# order to make forging harder.
# If SRS_CopyBounce is true, a copy of bounces to or SRS addresses
# will be sent to SRS_CopyBounce if it is an email address or else
# to AdminAddress.
#
# If one or more of SRS_DSNCaptureRelayNet, SRS_DSNCaptureRelayHost,
# SRS_DSNCaptureRecipient, SRS_DSNCaptureSender, SRS_DSNCaptureFrom,
# SRS_DSNCaptureTo and SRS_DSNCaptureSubject are specified, any
# recognized and matching DSN of a DSN to an SRSed sender will be
# captured and sent to the original senders.
#
# Generated addresses are valid for GSND_Expire seconds, and will
# be ignored by the reverse rewriter after that time.
# If specified, GSND_MaxReturns sets a high limit on the number of
# return per recipient are accepted for a generated address.
#
# GSND_Keep tells the cleaner how long to keep records.
#***********************************************************************
SRS_Domain		srs.frukt.org
SRS_Secret		@{srs-secret}
SRS_CopyBounce		1
SRS_DSNCaptureRecipient	postmaster@frukt.fsdb.org
SRS_DSNCaptureSubject	Postmaster\s+notify:\s+see\s+transcript\s+for\s+details
SRS_DSNCaptureRelayNet  (127\.0\.0\.1|10\.0\.\d{1,3}\.\d{1,3})
#GSND_MaxReturns	3
GSND_Expire		60*24*60*60
GSND_Keep		90*24*60*60

#***********************************************************************
# Settings for SMTP check cache.
#
# SMTP_CacheGood sets the time for wich a CONTINUE result will be cached.
# SMTP_CacheFail sets the time for wich a TEMPFAIL result will be cached.
# SMTP_CacheBad sets the time for wich a REJECT result will be cached.
# SMTP_CacheGoodError sets the time for wich a CONTINUE result will be
# cached for use when check results in errors.
#
# SMTP_Keep tells the cleaner how long to keep records.
#***********************************************************************
SMTP_CacheGood		60*60
SMTP_CacheFail		10*60
SMTP_CacheBad		60
SMTP_CacheGoodError	7*24*60*60
SMTP_Keep		14*24*60*60

#***********************************************************************
# Settings for EXPN check.
#
# EXPN_Servers specifies servers we expand mail addresses with.
# EXPN_Cache sets the time for wich a result will be cached.
# If EXPN_LocalOnly is set, only addresses that are expanded to
# OurDomains will actually be changed.
#
# EXPN_Keep tells the cleaner how long to keep records.
#***********************************************************************
EXPN_Servers		10.0.6.11
EXPN_LocalOnly		1
EXPN_Cache		20*60
EXPN_CacheError		7*24*60*60
EXPN_Keep		14*24*60*60

#***********************************************************************
# Settings for relaydb inspired auto-blacklist.
#
# This filter implements a blacklist inspired by relydb available from
# the OpenBSD ports tree. It counts spam/ham for relay IP addresses like
# relaydb. but it also (optionally) counts for verified (by SPF, DKIM and
# DomainKeys) sender addresses (if RDB_Sender is true) and domains (if
# RDB_Domain) is true.
#
# Set RelayDB to true to use this list.
#
# mail with ($hits > RDB_BlackList) will be counted as spam
# mail with ($hits < RDB_WhiteList) will be counted as non-spam
#
# black count must be at least RDB_MinBlack for rejection to occur.
# white count must not be more than RDB_MaxWhite if rejection should occur.
# (black count/white count) must be at least RDB_Ratio for rejection to occur.
# Entries that has not been touched in RDB_Expire secs will not be processed.
#
# A value of -1 turns of a specific check.
#
# If RDB_Touch is true, the relaydb records will be touched when a host
# is blocked.
# If RDB_StampGrey is true, the relaydb records will be stamped whenever
# a mail is received, otherwise they will only be stamped when a mail
# is counted as spam or ham. The stamp is checked by the cleaner when
# removing old records.
# If RDB_Virus is true, infected mail are counted as well as spam.
#
# RDB_Keep tells the cleaner how long to keep records.
#***********************************************************************
RelayDB			1
RDB_Touch		0
RDB_StampGrey		0
RDB_BlackList		12
RDB_WhiteList		3
RDB_MinBlack		10
RDB_MaxWhite		-1
RDB_Ratio		30
RDB_Sender		0
RDB_Domain		0
RDB_Virus		1
RDB_OOOSmtpd		1
RDB_Expire		30*24*60*60
RDB_Keep		90*24*60*60

#***********************************************************************
# Settings for spam hash list.
#
# Entries that has not been touched in SDB_Expire secs will not be processed.
#
# SDB_Keep tells the cleaner how long to keep records.
#***********************************************************************
SpamDB			1
SDB_Expire		7*24*60*60
SDB_Keep		90*24*60*60

#***********************************************************************
# Settings for no spam auto white list.
#
# Set NoSpamDB true to use this.
#
# mail with ($hits > NSDB_BlackList) will be counted as spam
# mail with ($hits < NSDB_WhiteList) will be counted as non-spam
#
# If an address has more than NSDB__Count ham and 0 (zero) spam, it will
# bypass the spamassassin check.
#  may be one of "sender", "relay" or "domain".
# Setting a count to 0 (zero) or below disables whitelisting for that type.
# Setting a count to 0 (zero) disables counting for that type.
#
# If NSDB_RememberSpam is true, spams will be remembered until cleaned.
#
# Entries that has not been touched in NSDB_Expire secs will not be processed.
#
# NSDB_Keep tells the cleaner how long to keep records.
#***********************************************************************
NoSpamDB		1
NSDB_BlackList		5
NSDB_WhiteList		0
NSDB_Sender_Count	100
NSDB_Relay_Count	-1
NSDB_Domain_Count	-1
NSDB_RememberSpam	1
NSDB_OOOSmtpd		1
NSDB_Expire		7*24*60*60
NSDB_Keep		90*24*60*60

#***********************************************************************
# Settings for sent out list.
#
# If SentOutDB is true, information about messages sent *out* from
# this system will be saved.
#
# Entries that has not been touched in Out_Expire secs will be ignored.
#
# Out_Keep tells the cleaner how long to keep records.
#***********************************************************************
SentOutDB		1
Out_Expire		30*24*60*60
Out_Keep		90*24*60*60

#***********************************************************************
# Settings for greylisting.
#
# For an explanation of what the purpose of this is, and maybe a hint as to
# what values to enter, "check http://projects.puremagic.com/greylisting/".
# I think they recommend something like this:
# GDB_Black = 1*60*60;
# GDB_Grey = 5*60*60;
# GDB_White = 36*24*60*60;
# GDB_Subnet = 1;
# 
# If Greylist is true, greylisting will be used.
#
# You can also set Greylist to a list of tests. If you do that, only
# hosts that match those tests will be greylisted.
# See "Exemption lists" for more info.
#
# Greylisting is done on a triplet of sending hosts IP, mail from: and
# rcpt to:.
#
# When a session with a new triplet arrives, all sessions with that
# triplet will be tempfailed for GDB_Black seconds.
# After GDB_Black seconds it will be white-listed for GDB_Grey
# seconds.
# If a session for the triplet arrives within the GDB_Grey white-listing
# period, it will then be white-listed for GDB_White seconds.
# If a session for a triplet arrives within the GDB_White white-listing
# period, it will be white listed for another GDB_White seconds.
#
# When a mail gets a spam-score above GDB_Reset, the greylist status for it's
# triplet will be reset (wich means the next session with that triplet will be
# treaded as though it's a new triplet).
# If GDB_ResetHost is true, all triplets from the same host IP will be reset
# whenever a spam triggers the reset.
#
# If GDB_HostWhite is set, hosts will be whitelisted for that time
# after a mail from them has been accepted. This will be reset when a mail get
# a spam score greater than GDB_HostReset.
# If GDB_HostBlack is set, a host will be blacklisted for that time after
# it's very first connection attempt.
#
# If GDB_Subnet is true, only the first 3 octes of the IP-addresses will be
# used in the greylist.
# If GDB_FromDomain is true, only the domain part of the mail from: address
# will be used in the greylist.
# If GDB_ToDomain is true, only the domain part of the rcpt to: address
# will be used in the greylist.
# If GDB_FromStrip is true, some stuff in the user part of the mail from:
# address will be replaced in order to handle mailinglists and some other
# stuff better.
# If GDB_ToStrip is true, some stuff in the user part of the rcpt to:
# address will be replaced in order to handle use parameters and some other 
# stuff better.
#
# GDB_Keep, GDB_KeepHost and GDB_KeepMsg tells the cleaner how long to keep
# the database records.
#***********************************************************************
Greylist		!hfqdn;!rdns;spff;?os:novell
GreyList		?dnswl:list.dnswl.org,hostkarma.junkemailfilter.com=127.0.0.1,hostkarma.junkemailfilter.com=127.0.0.3
GreyList		d;!fcdns;?s;?sodb;?mx
#GreyList		!c:se,org
GreyList		rdb;nsdb
Greylist		dnsbl:combined.njabl.org,dnsbl.sorbs.net,dob.sibl.support-intelligence.net,hostkarma.junkemailfilter.com:127.0.0.2
Greylist		dnsbl:dnsbl-3.uceprotect.net,dnsbl-2.uceprotect.net,dnsbl-1.uceprotect.net
GreyList		?c:se,org
GDB_Black		3*60
GDB_Grey		72*60*60
GDB_White		36*24*60*60
GDB_HostWhite		7*24*60*60
GDB_HostBlack		10
GDB_Reset		20
GDB_HostReset		5
#GDB_ResetHost		0
GDB_Subnet		1
GDB_FromDomain		0
GDB_FromStrip		1
GDB_ToDomain		0
GDB_ToStrip		1
GDB_Log			1
GDB_Keep		60*24*60*60
GDB_KeepHost		60*24*60*60
GDB_KeepMsg		60*24*60*60

#***********************************************************************
# Sender check settings.
#
# SC_CacheValid sets the time until a valid address will be re-checked.
# SC_CacheUnknown sets the time until an address with an uncertain result
# will be re-checked.
# SC_CacheInvalid sets the base time until an invalid address will be
# re-checked.
# SC_CacheInvalid_add will be added to the cache time for an invalid
# address for every connection except the first one.
# SC_CacheInvalid_max sets a maximum value that the cache time for an
# invalid address can get.
#
# SC_Keep tells the cleaner how long to keep records.
#***********************************************************************
SC_CacheValid		7*24*60*60
SC_CacheInvalid		60*60
SC_CacheUnknown		7*24*60*60
SC_CacheInvalid_Add	60*60
SC_CacheInvalid_Max	24*60*60
SC_Keep			30*24*60*60

#***********************************************************************
# MX check settings.
#
# If MXCheck is true, senders domains will be checked with
# Net::validMX::check_valid_mx.
# If MX_Tempfail is true, invalid MX will result in a temporary
# failure, otherwise it rsults in a permanent reject.
#
# MX_CacheValid sets the time until a valid MX will be re-checked.
# MX_CacheInvalid sets the time until an invalid MX will be
# re-checked.
#
# MX_Keep tells the cleaner how long to keep records.
#***********************************************************************
MXCheck			1
MX_Tempfail		1
MX_CacheValid		7*24*60*60
MX_CacheInvalid		60
MX_Keep			30*24*60*60

#***********************************************************************
# Authenticity check settings.
#
# If DKCheck is true, DomainKeys will be verified.
# If DKIMCheck is true, DKIM will be verified.
# If SPFCheck is true, SPF will be verified.
# If SMIMECheck is true, S/MIME will be verified.
# If PGPCheck is true, SPF will be verified.
# Connections from AuthPassNets are seen as verified.
# If AuthFailWarning is true, a warning will be added to messages
# that hard-failed an authenticity check.
#***********************************************************************
AuthFailWarning		1
AuthPassNets		127.0.0.1
DKCheck			1
DKIMCheck		1
SPFCheck		1
SMIMECheck		1
PGPCheck		1

#***********************************************************************
# Hashcash settings.
#
# If HashCash is true, hashcash headers will be added to mail not
# destined to our domains.
# Hashcash will not be added to mail more than HC_MaxRecipients
# recipients (default 20).
# Unless HX_Size is specified, hashcash will be created with a size
# estimated to take HC_WorkTime seconds (default 10) to make
# (per recipient), or 20 bits if the estimation fails.
# When hascashes for a message has (together) taken more than
# HC_MaxTime to add, no more hascashes will be added.
# No hashcash is added when 1 minute load average exceeds HC_MaxLoad.
# No hashcash is added when swap percentage exceeds HC_MaxSwap.
#***********************************************************************
HashCash		1
#HC_MaxRecipients	10
#HC_WorkTime		20
HC_MaxTime		240
HC_Size			22
HC_MaxLoad		12
HC_MaxSwap		15

#***********************************************************************
# Dictionary / Abuse check settings.
#
# If DC_TimeWindow and DC_Limit and/or DC_LimitPerTime are set then
# connections will be checked for some abusive behaviour attacks.
#
# Note: The dictionary check list is kept in RAM and therefore each
# MD child has it's own list.
#
# Entries are purged when they are older than DC_TimeWindow seconds.
# If there are more than DC_Limit entries (after purging) for a host,
# it will be temp-failed. The following specifies what events will
# add entries to the database.
#
# DC_UnknownUser	unknown user (including relay attempt)
# DC_GreyNew		new greylist triplet
# DC_InvalidMX		invalid MX record
# DC_BadHelo		forged HELO
# DC_BlackHost		black hosts
# DC_Virus		virus found
# DC_LostConnection	connection was lost
# DC_Timeout		communication timeout
# DC_BadSender		bad mail from address		1
# DC_Noop		no action command given
# DC_Abuse		abusive behaviour
#
# This list is not checked for hosts thar are white-listed in the
# greylist (see GDB_HostWhite above).
#
# DC_Keep tells the cleaner how long to keep records.
#***********************************************************************
DC_GreyNew		1
DC_UnknownUser		1
DC_InvalidMX		1
DC_BadHelo		1
DC_BlackHost		1
DC_Virus		1
DC_LostConnection	1
DC_Timeout		1
DC_BadSender		1
#DC_Noop		1
DC_Abuse		1
DC_OOOSmtpdConnect	1
DC_OOOSmtpdData		1
DC_TimeWindow		3*60
DC_Limit		10
DC_LimitPerTime		0.2
DC_Keep			24*60*60

#***********************************************************************
# Attach replacement settings.
#
# If attachments_path and attachments_url are set, attachments bigger than
# attachment_max_size will be saved to under attachment_path and replaced
# with a link to the saved atachment at attachemnt_url.
# If attachments_maxmailsize is set, all attachments will be replaced for
# mail larger than this.
# Attaches smaller than attachments_min_size will not be replaced.
#
# Some separate utility (such as tmpreaper) is needed for cleaning.
#***********************************************************************
attachments_path	/var/spool/www
#attachments_meta	.meta
attachments_url		http://gateway.frukt.org/spool
attachments_maxsize	10240
attachments_hardlimit	32*1024*1024
#attachments_maxsize	10*1024*1024
#attachments_min_size	512*1024
attachments_recipients	testjonas@frukt.org,testted@frukt.org
attachments_domain	fil.frukt.org

#***********************************************************************
# Settings for options setting mailers.
#
# Relays identifying themselves (through HELO) as *.RelayOptionsDomain
# may set some options (also through HELO) for how they are handled.
# Options are set with by prepending them to the domain. Like this:
# outsider.notempfail.relay-options.frukt.org
#
# Currently the following options are recognized:
# outsider   : Partially treat this connection as coming from the outside.
# notempfail : Prefer permanent failure to tempfail.
#***********************************************************************
RelayOptionsDomain	relay-options.frukt.org

#***********************************************************************
# High and low scores settings.
#***********************************************************************
hilo_keep		366*24*60*60
hilo_entries		10
hilo_margin		10

#***********************************************************************
# Silly settings.
#***********************************************************************
SillyFortunes		/usr/local/share/games/fortune/mod/_recursive-multiliners
SillyOneliners		/usr/local/share/games/fortune/mod/_recursive-oneliners
SillyExclaim		Hubba, hubba, hopp!

#***********************************************************************
# Settings for database.
#
# The database is used by greylisting, dictionary lists and sender
# validation cache.
#
# The database *must* be created/updated by mdfdb-clean.pl before this
# filter can use it.
#
# Database_Spec is a DBI database specification.
# Currently this filter is using SQL syntax only checked to work with
# DBD::SQLite and DBD::mysql.
#
# The sa_database_* settings specify database ujsed by our SpamAssassin
# plugins.
#
#***********************************************************************
#Database_Spec		dbi:SQLite:dbname=/var/spool/MIMEDefang/filterdata.db
#Database_spec		dbi:SQLite:dbname=./filterdata.db
#Database_User
#Database_Pass
database_spec		DBI:mysql:mdf:localhost
database_user		md
database_pass		vetet
sa_database_spec	DBI:mysql:gsa:localhost
sa_database_user	sa
sa_database_pass	bulle

#***********************************************************************
# Settings for reports.
#
# if quarantine_url is set, mailed reports may link to quarantined mail.
#***********************************************************************
quarantine_url		http://gateway.frukt.org/quarantine
spamparse_url		http://gateway.frukt.org/reports

#***********************************************************************
# Exemption lists.
#
# A list of tests that hosts/connections must match for something to
# occur. Used for greylist and blocking.
#***********************************************************************

# If a test is prefixed with "!" or "not " it will count as a match when
# it doesn't match.

# If it is prefixed with "?" or "except " (before eventual "!" or "not ")
# a match means that the greylist will not be used.

# The following tests are available:
#
# Dynamic : Matches on dynamic-looking reverse lookup hostnames.
# Server : Matches on  reverse lookup hostnames looking like server names.
# MX : Checks if server is MX for some stuff.
# DNSBL[:domain,domain,...] : Checks the IP addresses in the listed DNS
# blacklists. If not blacklists are listed, default lists is used. If the
# first "domain" is a number, the IP must be found in that number of lists.
# Country<:country_or_code,country_or_code,...> : Matches the top level part
# of the domain and the country or country coce of origin for the IP address.
# OperatingSystem<:strings> : Matches against the OS reported by IP2OS.
# Host<:domain,domain,...> : Matches against the reverse lookup hostname.
# RelayDB : Matches if IP address has one or more spam in the relaydb.
# NoSpamDB : Matches if relay or sender has remembered spam in the nospamdb.
# SentOutDB : Maches if mail looks like a reply to a mail in the sent out db.
# SPFPass : Matches if mail passes SPF
# SPFFail : Matches if maill failes SPF
# All : Allways matches.

#***********************************************************************
# External files.
#
# The filter will look for the files in the subdir "filter" in the
# MIMEDefang config dir, in the MIMEDefang config, in /etc/mail and
# in /usr/local/etc/mail.
#
# It will look for files named as below and prefixed "mimedefang-".
#
# There are a couple of file formats:
#
# Plain files are simple files with an IP addresses or host names on each
# line.
#
# List files are files with one address specifier on each line. The address
# specifier is a keyword followed by space and an address. The addresses are
# regular expressions. The currently known keywords are:
#	Host	A IP address or hostname.
#	Sender	A mail address.
# Some lists may allow keyword-prefixes. In that case the keyword has the
# prefix and an underscore prepended.
#
# Filtered list files are list files with an extra value and space prepended
# to each line. This extra value must match for the line to be checked.
#
# Email lists are lists where each line contains a keyword specifier followed by
# space and an address. The keyword specifier is a comma separated list of
# keywords. The address is a regular expression.
#
# In the common lists, a ! as the first character on a line means that if the
# rest of the line matches the a non-match will occur.
#
# The list type will be noted in () after the name below.
#***********************************************************************

# antivirus (special)
#	!
#       :
#		
#	@
#	=
#
# This file contains settings for MIMEDefangs antivirus features.
#
# Lines of the format "!" will disable that scanner.
# Lines of the format ": will disable that scanner
# when load average is higher than .
# Lines of the format "%: will disable that scanner
# when swap usage is more  percent of total memory.
# Lines of the format " " will configure that scanner.
#
# Lines of the format
# "@: [: ...]  [rule [desc]]"
# specifies mapping from virus results matching the regexes to spam hits.
# The regex will be used as /^$/i.  can be one of:
#	type		message or entity
#	code		The scanners result code
#	category	The results category
#	action		The suggested action
#	virusname	The name of the found virus/threat
#	map:file[:name]	Match against map file formated "name	regex"
# If [rule] is not specified, $VirusName will be used as rule name.
# When a virus scan result matches all regexes for one line, it will
# be used as an additional hit for the spam score and will *not* be
# handled as a virus.
# If  is "-", the virus hit will just be removed.
# If  is prefixed with a = the rest of the remaining maps will be
# ignored.
#
# Lines of the format
# "=: [: ...] ,"
# specifies mapping from virus results to ne virus results.
#
# Example:
#   # NAI broke in the new FreeBSD. Need some very old compatibility stuff.
#   !NAI
#   # Wasn't there when MD was installed?
#   FPROT /usr/local/bin/f-prot
#   # Wasn't there when MD was installed? To resource hungry, temporarily disabled?
#   BDC /usr/local/bin/bdc
#   16:BDC
#   # Phishes aren't really viruses, but we still don't like them.
#   @ category:virus virusname:.*Sanesecurity.* map:/var/db/clamav/virusmaps:sanesecurity.* =5.0
#   @ category:virus virusname:.*MSRBL.* map:/var/db/clamav/virusmaps:msrbl.* =5.0
#   @ category:virus virusname:(Email|HTML)\.Phishing\..* 10.0
#   # Some virus hits aren't.
#   @category:virus virusname:(?:PE\.)?[A-Za-z0-9]+\.ExceededFileSize =-
#   # Some aren't, but are still bad
#   =category:virus virusname:[A-Za-z0-9]+\.Exceeded(?:Files|Recursion)Limit suspicious,quarantine
#   =category:virus virusname:Oversized\.[A-Za-z0-9]+ suspicious,quarantine
#   =category:virus virusname:Broken.Executable suspicious,quarantine


# backups (list)
#
# This file contains IP or domain addresses of your backup MX server.
#
# Example:
#	Host 195.67.112.221
#	Host backup-mx.frukt.org


# blacklist (list)
#
# This list identifies senders from wich we do not accept mail.
#
# Example:
#	Sender big\@boss\.com
#	Sender club\@dtftravel\.emv1\.com
#	Host (.*\.|)artprice\.com
#	Host (.*\.|)artmarket\.com

# blacklist-by-recipient (filtered list)
#
# This list does the same as "blacklist", but filtered on the recipient
# address.
#
# Example:
#	.*\@om\.srfriks\.org Sender nyhetsbrev\@dagensps\.se
#	listserv\@frukt\.org Sender alert\@bankofamerica\.com
#	annonsisrfhuset\@om\.srfriks\.org Host .*

# rcpt-map (special)
#		
#
# This maps recipient domains to address to check for deliverability
# thorugh SMTP sesssions to MX servers.
#
# The address spec is used like this: sprintf(spec,user,domain)
#
# Example:
#	exkomp.frukt.org %s@exkomp.nu

# recipient-whitelist (email list)
#
# This list bypasses some checks based on recipient. The keywords are:
#	grey		Bypass the greylist.
#	spam		Bypass the spam check.
#	relay		Bypass relay checks against Received headers.
#	security	Bypass virus and securoity checks.
#	html		Bypass HTML cleaning.
#
# Example:
#   grey,spam lars.*\@frukt.org
#   grey,spam nilsson.*\@fsdb.org

# sender-whitelist (email list)
#
# This list bypasses some checks based on sender. The keywords are:
#	sendercheck	Bypass sender check.
#	relaydb		Bypass relaydb.
#	result		Allow result queries.
#
# Example:
#	result      jpe\@algonet\.se
#	sendercheck rbl\@iris\.se

# spamassassin-bypass (list)
#
# This list specifies senders for wich the SpamAssassin check will
# be bypassed. It has the follwing keyword-prefixes:
#	verified	Only check on verified addresses.
#		Only check addresses verified by .
#
# Example:
#	!Host           mail\d+\.anp\.se
#	!Sender         bounce\@mail\.anp\.se
#	Host            209\.237\.227\.199
#	Host            206\.191\.13\.82
#	Verified_Sender .*\@[^.@]+\.apache\.org
#	Verified_Sender .*\@regeringen\.se
#	Verified_Sender .*\@lists\.roaringpenguin\.com
#	SPF_Sender      .*\@domain.tld
#	DKIM_Sender     .*\@domain.tld

# virus-bypass (plain)
#
# This list specifies senders for wich mails will not be checked for
# viruses. The format is the same as for spamassassin-bypass, but
# any keyword may be prefixed with a scanner name to limit the bypass
# to that scanner.
#
# Example:
#	10.0.6.2
#	10.0.6.10

# whitelist (list)
#
# Mail from addresses listed in this file will bypass a whole bunch
# of the checks.
#
# Example:
#	Host 213\.150\.135\.181
#	Host 213\.150\.135\.182

# whitelist-by-recipient (filtered list)
#
# Mail from senders specified in this file will not be checked against
# blacklist-by-recipient.
#
# Example:
#	gurkor\@frukt\.org Host .*\.iris\.se

# boilerplates (special)
#
#	
	[format:]
#
# Specifies boilerplates that should be added to mail.
# 
 is a email address regular expression that specifies for wich
# senders the boilerplate should be added.
#  spcifies the name of the boilerplate source. This file will be
# searched for the same way as config files. If the file name ends in .html,
# the file is handled as a HTML file, otrherwise as a plain text file.
# [format] specifies the format of the added boilerplate. The following
# formats may be used (the default is A);
#	B	Add both a text and a html part.
#	T	Add a text part.
#	H	Add a html part.
#	A	A a html part if the boilerplate was a html file,
#		otherwise add a text part.
#
# Example:
#	.*\@fsdb.org T:fsdb_move

# users@ (special)
#
# Lists mail users at .
#
#	@ = 
#	
#
# Contains one user per line.
# Lines starting with "!" results in a negative match.
# Lines starting with "@" are settings, as follows:
#	@delimiter	Sets a regex delimiting user and extra info. Often +.
#	@default	Sets the result when no match is found (normally 0).
#	@definitive	If unset, matching addresses may still be checked
#			against storing server.
#
# Example:
#	!baduser
#	jonas
#	kalle

# local-delivery (special)
#
# Lists addresses for wich mail should be locally delivered to a directory.
#
#	
	[-+=>]	
#
# One adress (regular expression) per line.
# Optional action specs (default is "="):
#	>	Deliver locally only.
#	-	--"--
#	=	Deliver a copy locally.
#	+	--"--
# Path must be terminated with "/".
#
# Example:
#	forget\@fsdb.org	> /var/spool/mail.forget/
#	wastespace\@fsdb.org	= /var/spool/wasted.space/

# flags (special)
#
# Specifies custom headers that should be added when a criterium is matched.
#
#					
#	
: 		
#
# When matching  lines, the header "X-Filter-Flags" with all matching
# flags (separated by ,) will be inserted.
#
# When matching 
 lines, the specified header will be inserted with
# the specified value. Underscores in the value will be replaced with space.
#
# The currently available test is
#	header	
 
# where 
 is the name of a mail header, and  will be matched
# against the headers value(s).
#
# Example:
#	gone				header  Envelope-To     null\@dev.frukt.org
#	X-Destination:  Nowhere         header  Envelope-To     null\@dev.frukt.org

(2008-01-11)