Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ks37777 ~]# cat /etc/amavisd
- amavisd/ amavisd-custom-geoip-client.conf
- amavisd.conf amavisd-custom-geoip-client.conf~
- amavisd.conf~
- [root@ks37777 ~]# cat /etc/amavisd.conf
- use strict;
- # a minimalistic configuration file for amavisd-new with all necessary settings
- #
- # see amavisd.conf-default for a list of all variables with their defaults;
- # see amavisd.conf-sample for a traditional-style commented file;
- # for more details see documentation in INSTALL, README_FILES/*
- # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
- # COMMONLY ADJUSTED SETTINGS:
- # @bypass_virus_checks_maps = (1); # controls running of anti-virus code
- # @bypass_spam_checks_maps = (1); # controls running of anti-spam code
- # $bypass_decode_parts = 1; # controls running of decoders&dearchivers
- # config perso file
- include_config_files('/etc/amavisd-custom-geoip-client.conf');
- $enable_dkim_verification = 1;
- ##$enable_dkim_signing = 1; # you need this one
- ##dkim_key('nicolaspichot.fr', 'dk', '/var/db/dkim/nicolaspichot.fr.pem');
- ##dkim_key('renelacroute.fr', 'dk', '/var/db/dkim/renelacroute.fr.pem');
- ##dkim_key('fakessh.eu', 'dk', '/var/db/dkim/fakessh.eu.pem');
- $max_servers = 5; # num of pre-forked children (2..30 is common), -m
- $daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u
- $daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g
- $mydomain = 'ks37777.kimsufi.com'; # a convenient default for other settings
- $MYHOME = '/var/amavis'; # a convenient default for other settings, -H
- $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
- $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
- $QUARANTINEDIR = "/var/virusmails";
- # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine
- # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R
- $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D
- $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S
- $lock_file = "$MYHOME/var/amavisd.lock"; # -L
- $pid_file = "$MYHOME/var/amavisd.pid"; # -P
- #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
- $log_level = 0; # verbosity 0..5, -d
- $log_recip_templ = undef; # disable by-recipient level-0 log entries
- $DO_SYSLOG = 1; # log via syslogd (preferred)
- $syslog_facility = 'mail'; # Syslog facility as a string
- # e.g.: mail, daemon, user, local0, ... local7
- $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
- # choose from: emerg, alert, crit, err, warning, notice, info, debug
- $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
- $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
- $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
- @local_domains_maps = ( [".$mydomain","renelacroute.fr","smtp.renelacroute.fr","roundcube.renelacroute.fr","mail.renelacroute.fr","fakessh.eu","smtp.fakessh.eu","roundcube.fakessh.eu","mail.fakessh.eu","nicolaspichot.fr","smtp.nicolaspichot.fr","roundcube.fakessh.eu","mail.fakessh.eu"] ); # list of all local domains
- @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
- 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 91.121.7.86 );
- $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
- # option(s) -p overrides $inet_socket_port and $unix_socketname
- $inet_socket_port = 10024; # listen on this local TCP port(s)
- ##$inet_socket_port = [10024,10025]; # listen on multiple TCP ports
- $policy_bank{'MYNETS'} = { # mail originating from @mynetworks
- originating => 1, # is true in MYNETS by default, but let's make it explicit
- os_fingerprint_method => undef, # don't query p0f for internal clieny
- };
- # it is up to MTA to re-route mail from authenticated roaming users or
- # from internal hosts to a dedicated TCP port (such as 10026) for filtering
- $interface_policy{'10025'} = 'ORIGINATING';
- $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
- originating => 1, # declare that mail was submitted by our smtp client
- allow_disclaimers => 1, # enables disclaimer insertion if available
- # notify administrator of locally originating malware
- virus_admin_maps => ["virusalert\@$mydomain"],
- spam_admin_maps => ["virusalert\@$mydomain"],
- warnbadhsender => 1,
- # forward to a smtpd service providing DKIM signing service
- forward_method => 'smtp:[127.0.0.1]:10026',
- # force MTA conversion to 7-bit (e.g. before DKIM signing)
- smtpd_discard_ehlo_keywords => ['8BITMIME'],
- bypass_banned_checks_maps => [1], # allow sending any file names and types
- terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
- };
- $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
- # Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c
- # (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'):
- $policy_bank{'AM.PDP-SOCK'} = {
- protocol => 'AM.PDP',
- auth_required_release => 0, # do not require secret_id for amavisd-release
- };
- $sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
- $sa_tag2_level_deflt = 5; # add 'spam detected' headers at that level
- $sa_kill_level_deflt = 10; # triggers spam evasive actions (e.g. blocks mail)
- $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
- # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
- $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
- $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
- $sa_mail_body_size_limit = 400*10024; # don't waste time on SA if mail is larger
- $sa_local_tests_only = 0; # only tests which do not require internet access?
- # @lookup_sql_dsn =
- # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
- # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
- # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
- # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
- # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
- # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)
- $virus_admin = "virusalert\@$mydomain"; # notifications recip.
- $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
- $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
- $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
- $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
- @addr_extension_virus_maps = ('virus');
- @addr_extension_banned_maps = ('banned');
- @addr_extension_spam_maps = ('spam');
- @addr_extension_bad_header_maps = ('badh');
- $recipient_delimiter = '+';
- # $recipient_delimiter = '+'; # undef disables address extensions altogether
- # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
- $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
- # $dspam = 'dspam';
- $MAXLEVELS = 14;
- $MAXFILES = 1500;
- $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
- $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
- $sa_spam_subject_tag = '[SPAM]';
- $defang_virus = 1; # MIME-wrap passed infected mail
- $defang_banned = 1; # MIME-wrap passed mail containing banned name
- # for defanging bad headers only turn on certain minor contents categories:
- $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
- $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters
- $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
- # OTHER MORE COMMON SETTINGS (defaults may suffice):
- # $myhostname = 'host.example.com'; # must be a fully-qualified domain name!
- # $notify_method = 'smtp:[127.0.0.1]:10025';
- # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
- $final_virus_destiny = D_REJECT;
- $final_banned_destiny = D_PASS;
- $final_spam_destiny = D_PASS;
- $final_bad_header_destiny = D_PASS;
- # $bad_header_quarantine_method = undef;
- # $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl
- ## hierarchy by which a final setting is chosen:
- ## policy bank (based on port or IP address) -> *_by_ccat
- ## *_by_ccat (based on mail contents) -> *_maps
- ## *_maps (based on recipient address) -> final configuration value
- # SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)
- # $warnbadhsender,
- # $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
- #
- # @bypass_virus_checks_maps, @bypass_spam_checks_maps,
- # @bypass_banned_checks_maps, @bypass_header_checks_maps,
- #
- # @virus_lovers_maps, @spam_lovers_maps,
- # @banned_files_lovers_maps, @bad_header_lovers_maps,
- #
- # @blacklist_sender_maps, @score_sender_maps,
- #
- # $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,
- # $bad_header_quarantine_to, $spam_quarantine_to,
- #
- # $defang_bad_header, $defang_undecipherable, $defang_spam
- $bypass_decode_parts = 1;
- # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS
- @keep_decoded_original_maps = (new_RE(
- qr'^MAIL$', # retain full original message for virus checking (can be slow)
- qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
- qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
- # qr'^Zip archive data', # don't trust Archive::Zip
- ));
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement