--- amavisd.conf-sample Thu Aug 12 10:51:41 2004 +++ amavisd.conf Thu Aug 12 15:23:07 2004 @@ -58,24 +58,25 @@ # More refined control is available with each individual setting further down. # $MYHOME is not used directly by the program. No trailing slash! #$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis') +$MYHOME = '/var/amavis'; # $mydomain serves as a quick default for some other configuration settings. # More refined control is available with each individual setting further down. # $mydomain is never used directly by the program. -$mydomain = 'example.com'; # (no useful default) +$mydomain = 'amigo.net'; # (no useful default) # $myhostname = 'host.example.com'; # fqdn of this host, default by uname(3) # Set the user and group to which the daemon will change if started as root # (otherwise just keeps the UID unchanged, and these settings have no effect): -$daemon_user = 'vscan'; # (no default; customary: vscan or amavis) -$daemon_group = 'sweep'; # (no default; customary: vscan or amavis) +#$daemon_user = 'vscan'; # (no default; customary: vscan or amavis) +#$daemon_group = 'sweep'; # (no default; customary: vscan or amavis) # Runtime working directory (cwd), and a place where # temporary directories for unpacking mail are created. # (no trailing slash, may be a scratch file system) -$TEMPBASE = $MYHOME; # (must be set if other config vars use is) -#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean? +#$TEMPBASE = $MYHOME; # (must be set if other config vars use is) +$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean? #$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db" @@ -135,11 +136,11 @@ #$notify_method = $forward_method; # COURIER using courierfilter -#$forward_method = undef; # no explicit forwarding, Courier does it itself -#$notify_method = 'pipe:flags=q argv=perl -e $pid=fork();if($pid==-1){exit(75)}elsif($pid==0){exec(@ARGV)}else{exit(0)} /usr/sbin/sendmail -f ${sender} -- ${recipient}'; +$forward_method = undef; # no explicit forwarding, Courier does it itself +$notify_method = 'pipe:flags=q argv=perl -e $pid=fork();if($pid==-1){exit(75)}elsif($pid==0){exec(@ARGV)}else{exit(0)} /usr/sbin/sendmail -f ${sender} -- ${recipient}'; # Only set $courierfilter_shutdown to 1 if you are using courierfilter to # control the startup and shutdown of amavis -#$courierfilter_shutdown = 1; # (default 0) +$courierfilter_shutdown = 1; # (default 0) # prefer to collect mail for forwarding as BSMTP files? #$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp"; @@ -151,8 +152,8 @@ # feeding amavisd, e.g. with Postfix the 'Max procs' field in the # master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp # -$max_servers = 2; # number of pre-forked children (default 2) -$max_requests = 10; # retire a child after that many accepts (default 10) +$max_servers = 75; # number of pre-forked children (default 2) +$max_requests = 20; # retire a child after that many accepts (default 10) $child_timeout=5*60; # abort child if it does not complete each task in n sec # (default: 8*60 seconds) @@ -168,7 +169,7 @@ # and see further down what these two lookup lists really mean. # # @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code -# @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code +@bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code # # Any setting can be changed with a new assignment, so make sure # you do not unintentionally override these settings further down! @@ -201,23 +202,23 @@ # Section II - MTA specific (defaults should be ok) # -#$insert_received_line = 1; # behave like MTA: insert 'Received:' header +$insert_received_line = 0; # behave like MTA: insert 'Received:' header # (does not apply to sendmail/milter) # (default is true) # AMAVIS-CLIENT AND COURIER PROTOCOL INPUT SETTINGS (e.g. with sendmail milter) # (used with amavis helper clients like amavis-milter.c and amavis.c, # NOT needed for Postfix or Exim or dual-sendmail - keep it undefined. -$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket -#$unix_socketname = "/var/lib/courier/allfilters/amavisd"; # Courier socket -#$protocol = 'COURIER'; # uncomment if using Courier +#$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket +$unix_socketname = "/var/spool/courier/allfilters/amavisd"; # Courier socket +$protocol = 'COURIER'; # uncomment if using Courier #$unix_socketname = undef; # disable listening on a unix socket # (default is undef, i.e. disabled) # (usual setting is $MYHOME/amavisd.sock) # SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) # (used when MTA is configured to pass mail to amavisd via SMTP or LMTP) -$inet_socket_port = 10024; # accept SMTP on this local TCP port +#$inet_socket_port = 10024; # accept SMTP on this local TCP port # (default is undef, i.e. disabled) # multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028]; @@ -276,7 +277,7 @@ # true (e.g. 1) => syslog; false (e.g. 0) => logging to file $DO_SYSLOG = 1; # (defaults to false) -#$SYSLOG_LEVEL = 'user.info'; # (facility.priority, default 'mail.info') +$SYSLOG_LEVEL = 'mail.info'; # (facility.priority, default 'mail.info') # Log file (if not using syslog) $LOGFILE = "$MYHOME/amavis.log"; # (defaults to empty, no log) @@ -288,7 +289,7 @@ # 3: server, client # 4: decompose parts # 5: more debug details -$log_level = 2; # (defaults to 0) +$log_level = 0; # (defaults to 0) # Customizable template for the most interesting log file entry (e.g. with # $log_level=0) (take care to properly quote Perl special characters like '\') @@ -410,9 +411,9 @@ # session, as the mail has already been enqueued. Do not use with # Courier. -$final_virus_destiny = D_BOUNCE; # (defaults to D_DISCARD) -$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) -$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE) +$final_virus_destiny = D_REJECT; # (defaults to D_DISCARD) +$final_banned_destiny = D_REJECT; # (defaults to D_BOUNCE) +$final_spam_destiny = D_REJECT; # (defaults to D_BOUNCE) $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested # Alternatives to consider for spam: @@ -485,9 +486,9 @@ # # Empty or undef lookup disables virus admin notifications. -$virus_admin = "virusalert\@$mydomain"; +# $virus_admin = "virusalert\@$mydomain"; # $virus_admin = 'virus-admin@example.com'; -# $virus_admin = undef; # do not send virus admin notifications (default) +$virus_admin = undef; # do not send virus admin notifications (default) # #@virus_admin_maps = ( # by-sender maps # {'not.example.com'=>'', '.'=>'virusalert@example.com'}, @@ -520,9 +521,9 @@ # (admin and recip sender addresses default to a null return path) # If using strings in double quotes, don't forget to quote @, i.e. \@ # -$mailfrom_notify_admin = "virusalert\@$mydomain"; -$mailfrom_notify_recip = "virusalert\@$mydomain"; -$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; +$mailfrom_notify_admin = "postmaster\@$mydomain"; +$mailfrom_notify_recip = "postmaster\@$mydomain"; +$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # 'From' HEADER FIELD for sender and admin notifications. # This should be a replyable address, see rfc1894. Not to be confused @@ -550,7 +551,7 @@ # or a directory (no trailing slash) # (the default value is undef, meaning no quarantine) # -$QUARANTINEDIR = '/var/virusmails'; +#$QUARANTINEDIR = '/var/virusmails'; #$virus_quarantine_method = 'local:virus-%i-%n'; # default #$spam_quarantine_method = 'local:spam-%b-%i-%n'; # default @@ -625,7 +626,7 @@ # (default values are: virus-quarantine, banned-quarantine, spam-quarantine) -$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine +#$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine #$virus_quarantine_to = 'infected@'; # forward to MTA for delivery #$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar #$virus_quarantine_to = 'virus-quarantine@example.com'; # similar @@ -639,9 +640,9 @@ #); # similar for banned names and bad headers and spam (set to undef to disable) -$banned_quarantine_to = 'banned-quarantine'; # local quarantine -$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine -$spam_quarantine_to = 'spam-quarantine'; # local quarantine +$banned_quarantine_to = undef; # local quarantine +$bad_header_quarantine_to = undef; # local quarantine +$spam_quarantine_to = undef; # local quarantine # or to a mailbox: #$spam_quarantine_to = "spam-quarantine\@$mydomain"; @@ -658,13 +659,13 @@ # Add X-Virus-Scanned header field to mail? -$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef) +$X_HEADER_TAG = undef; # (default: undef) # Leave empty to add no header field # (default: undef) -$X_HEADER_LINE = "by amavisd-new at $mydomain"; +$X_HEADER_LINE = undef; # a string to prepend to Subject (for local recipients only) if mail could # not be decoded or checked entirely, e.g. due to password-protected archives -$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it +#$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it # MIME defanging wraps the entire original mail in a MIME container of type # 'Content-type: multipart/mixed', where the first part is a text/plain with @@ -673,8 +674,8 @@ # Defanging is only done when enabled (selectively by malware type) # and the malware is allowed to pass (*_lovers or *_destiny=D_PASS) # -$defang_virus = 1; # default is false: don't modify mail body -$defang_banned = 1; # default is false: don't modify mail body +$defang_virus = 0; # default is false: don't modify mail body +$defang_banned = 0; # default is false: don't modify mail body # $defang_bad_header = 1; # default is false: don't modify mail body # $defang_undecipherable = 1; # default is false: don't modify mail body # $defang_spam = 1; # default is false: don't modify mail body @@ -748,11 +749,11 @@ # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name - qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, + qr'\.[^./]*\.(vbs|pif|scr|bat|cmd|com|dll)$'i, # qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID) - qr'^application/x-msdownload$'i, # block these MIME types +# qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, # qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046 @@ -761,13 +762,13 @@ [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow anything in Unix archives # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow anything within such archives - qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic + qr'.\.(vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic # qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js| # jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb| # vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. - qr'^\.(exe-ms)$', # banned file(1) types +# qr'^\.(exe-ms)$', # banned file(1) types # qr'^\.(exe|lha|tnef|cab)$', # banned file(1) types ); # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 @@ -796,7 +797,7 @@ $banned_namepath_re = new_RE( # block these MIME types - qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi, +# qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownload (\t.*)? $'xmi, qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi, # # block rfc2046 MIME types @@ -845,7 +846,7 @@ # banned filename extensions (in declared names) anywhere - basic qr'(?# BLOCK COMMON NAME EXENSIONS ) - ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com) (\t.*)? $'xmi, + ^ (.*\t)? N= [^\t\n]* \. (vbs|pif|scr|bat|com) (\t.*)? $'xmi, # # banned filename extensions (in declared names) anywhere - long # qr'(?# BLOCK MORE NAME EXTENSIONS ) @@ -858,8 +859,8 @@ # qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS ) # ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi, - qr'(?# BLOCK Microsoft EXECUTABLES ) - ^ (.*\t)? T=(exe-ms) (\t.*)? $'xm, # banned file(1) type +# qr'(?# BLOCK Microsoft EXECUTABLES ) +# ^ (.*\t)? T=(exe-ms) (\t.*)? $'xm, # banned file(1) type # qr'(?# BLOCK ANY EXECUTABLE ) # ^ (.*\t)? T=exe (\t.*)? $'xm, # banned file(1) type @@ -938,7 +939,7 @@ # The following example disables spam checking altogether, # since it matches any recipient e-mail address (any address # is a subdomain of the top-level root DNS domain): -# @bypass_spam_checks_maps = (1); + @bypass_spam_checks_maps = (1); # See README.lookups for further detail, and examples below. @@ -1499,14 +1500,15 @@ # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ # ['Sophos SAVI', \&sophos_savi ], -# ### http://www.clamav.net/ -# ['ClamAV-clamd', +### http://www.clamav.net/ +['ClamAV-clamd', # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], -# qr/\bOK$/, qr/\bFOUND$/, -# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], -# # NOTE: run clamd under the same user as amavisd; match the socket -# # name (LocalSocket) in clamav.conf to the socket name in this entry -# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], + \&ask_daemon, ["CONTSCAN {}\n", "127.0.0.1:3310"], + qr/\bOK$/, qr/\bFOUND$/, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], +# NOTE: run clamd under the same user as amavisd; match the socket +# name (LocalSocket) in clamav.conf to the socket name in this entry +# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], # ### http://www.clamav.net/ and CPAN (Perl modules) # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], @@ -1775,7 +1777,7 @@ # # other options to consider: -mime -oe -idedir=/usr/local/sav # always succeeds (uncomment to consider mail clean if all other scanners fail) -# ['always-clean', sub {0}], +['always-clean', sub {0}], );