1959 lines
86 KiB
Text
1959 lines
86 KiB
Text
# Main configuration file for the MailScanner E-Mail Virus Scanner
|
|
#
|
|
# It's good practice to check through configuration files to make sure
|
|
# they fit with your system and your needs, whatever you expect them to
|
|
# contain.
|
|
#
|
|
# Note: If your directories are symlinked (soft-linked) in any way,
|
|
# please put their *real* location in here, not a path that
|
|
# includes any links. You may get some very strange error
|
|
# messages from some of the virus scanners if you don't.
|
|
#
|
|
# Note for Version 4.00 and above:
|
|
# A lot of the settings can take a ruleset as well as just simple
|
|
# values. These rulesets are files containing rules which are applied
|
|
# to the current message to calculate the value of the configuration
|
|
# option. The rules are checked in the order they appear in the ruleset.
|
|
#
|
|
# Note for Version 4.03 and above:
|
|
# As well as rulesets, you can now include your own functions in
|
|
# here. Look at the directory containing Config.pm and you will find
|
|
# CustomConfig.pm. In here, you can add your own "value" function and
|
|
# an Initvalue function to set up any global state you need such as
|
|
# database connections. Then for a setting below, you can put:
|
|
# Configuration Option = &ValueFunction
|
|
# where "ValueFunction" is the name of the function you have
|
|
# written in CustomConfig.pm.
|
|
#
|
|
|
|
#
|
|
# Definition of variables which are substituted into definitions below.
|
|
#
|
|
# You can add any %variables% that you want to use in addition to the
|
|
# ones provided.
|
|
#
|
|
# You can also use any shell environment variables here such as $HOSTNAME
|
|
# or ${HOSTNAME} in configuration settings and rulesets. See the
|
|
# definition of "Hostname" for an example.
|
|
#
|
|
|
|
# Set the directory containing all the reports in the required language
|
|
%report-dir% = /etc/MailScanner/reports/en
|
|
|
|
# Configuration directory containing this file
|
|
%etc-dir% = /etc/MailScanner
|
|
|
|
# Rulesets directory containing your ".rules" files
|
|
%rules-dir% = /etc/MailScanner/rules
|
|
|
|
# Configuration directory containing files related to MCP
|
|
# (Message Content Protection)
|
|
%mcp-dir% = /etc/MailScanner/mcp
|
|
|
|
# Enter a short identifying name for your organisation below, this is
|
|
# used to make the X-MailScanner headers unique for your organisation.
|
|
# Multiple servers within one site should use an identical value here
|
|
# to avoid adding multiple redundant headers where mail has passed
|
|
# through several servers within your organisation.
|
|
#
|
|
# Note: Some Symantec scanners complain (incorrectly) about "."
|
|
# ***** characters appearing in the names of headers.
|
|
# Some other mail servers complain about "_" characters
|
|
# appearing in the names of headers as well.
|
|
# So don't put "." or "_" in this setting.
|
|
#
|
|
# **** RULE: It must not contain any spaces! ****
|
|
#
|
|
# Note: This change has to be reflected in the 'bayes_ignore_header'
|
|
# options in /etc/MailScanner/spam.assassin.prefs.conf,
|
|
%org-name% = ORG_NAME
|
|
|
|
# Enter the full name of your organisation below, this is used in the
|
|
# signature placed at the bottom of report messages sent by MailScanner.
|
|
# It can include pretty much any text you like. You can make the result
|
|
# span several lines by including "\n" sequences in the text. These will
|
|
# be replaced by line-breaks.
|
|
%org-long-name% = ORG_LONG_NAME
|
|
|
|
# Enter the location of your organisation's web site below. This is used
|
|
# in the signature placed at the bottom of report messages sent by
|
|
# MailScanner. It should preferably be the location of a page that you
|
|
# have written explaining why you might have rejected the mail and what
|
|
# the recipient and/or sender should do about it.
|
|
%web-site% = ORG_WEB_SITE
|
|
|
|
#
|
|
# System settings
|
|
# ---------------
|
|
#
|
|
|
|
# How many MailScanner processes do you want to run at a time?
|
|
# There is no point increasing this figure if your MailScanner server
|
|
# is happily keeping up with your mail traffic.
|
|
# If you are running on a server with more than 1 CPU, or you have a
|
|
# high mail load (and/or slow DNS lookups) then you should see better
|
|
# performance if you increase this figure.
|
|
# If you are running on a small system with limited RAM, you should
|
|
# note that each child takes just over 20MB.
|
|
#
|
|
# As a rough guide, try 5 children per CPU. But read the notes above.
|
|
Max Children = 1
|
|
|
|
# User to run as (not normally used for sendmail)
|
|
# If you want to change the ownership or permissions of the quarantine or
|
|
# temporary files created by MailScanner, please see the "Incoming Work"
|
|
# settings later in this file.
|
|
#Run As User = mail
|
|
Run As User = postfix
|
|
#Run As User = Debian-exim
|
|
|
|
# Group to run as (not normally used for sendmail)
|
|
#Run As Group = mail
|
|
Run As Group = postfix
|
|
#Run As Group = Debian-exim
|
|
|
|
# How often (in seconds) should each process check the incoming mail
|
|
# queue for new messages? If you have a quiet mail server, you might
|
|
# want to increase this value so it causes less load on your server, at
|
|
# the cost of slightly increasing the time taken for an average message
|
|
# to be processed.
|
|
Queue Scan Interval = 6
|
|
|
|
# Set location of incoming mail queue
|
|
#
|
|
# This can be any one of
|
|
# 1. A directory name
|
|
# Example: /var/spool/exim4_incoming/input
|
|
# 2. A wildcard giving directory names
|
|
# Example: /var/spool/mqueue.in/*
|
|
# 3. The name of a file containing a list of directory names,
|
|
# which can in turn contain wildcards.
|
|
# Example: /etc/MailScanner/mqueue.in.list.conf
|
|
#
|
|
# If you are using sendmail and have your queues split into qf, df, xf
|
|
# directories, then just specify the main directory, do not give me the
|
|
# directory names of the qf,df,xf directories.
|
|
# Example: if you have /var/spool/mqueue.in/qf
|
|
# /var/spool/mqueue.in/df
|
|
# /var/spool/mqueue.in/xf
|
|
# then just tell me /var/spool/mqueue.in. I will find the subdirectories
|
|
# automatically.
|
|
#
|
|
#Incoming Queue Dir = /var/spool/exim4_incoming/input
|
|
Incoming Queue Dir = /var/spool/postfix/hold
|
|
|
|
# Set location of outgoing mail queue.
|
|
# This can also be the filename of a ruleset.
|
|
#Outgoing Queue Dir = /var/spool/exim4/input
|
|
Outgoing Queue Dir = /var/spool/postfix/incoming
|
|
|
|
# Set where to unpack incoming messages before scanning them
|
|
# This can completely safely use tmpfs or a ramdisk, which will
|
|
# give you a significant performance improvement.
|
|
# NOTE: The path given here must not include any links at all,
|
|
# NOTE: but must be the absolute path to the directory.
|
|
Incoming Work Dir = /var/spool/MailScanner/incoming
|
|
|
|
# Set where to store infected and message attachments (if they are kept)
|
|
# This can also be the filename of a ruleset.
|
|
Quarantine Dir = /var/spool/MailScanner/quarantine
|
|
|
|
# Set where to store the process id number so you can stop MailScanner
|
|
PID file = /var/run/MailScanner/MailScanner.pid
|
|
|
|
# To avoid resource leaks, re-start periodically
|
|
Restart Every = 14400
|
|
|
|
# Set whether to use postfix, sendmail, exim or zmailer.
|
|
# If you are using postfix, then see the "SpamAssassin User State Dir"
|
|
# setting near the end of this file
|
|
MTA = postfix
|
|
|
|
# Set how to invoke MTA when sending messages MailScanner has created
|
|
# (e.g. to sender/recipient saying "found a virus in your message")
|
|
# This can also be the filename of a ruleset.
|
|
Sendmail = /usr/sbin/sendmail
|
|
|
|
# Sendmail2 is provided for Exim users.
|
|
# It is the command used to attempt delivery of outgoing cleaned/disinfected
|
|
# messages.
|
|
# This is not usually required for sendmail.
|
|
# This can also be the filename of a ruleset.
|
|
#For Exim users: Sendmail2 = /usr/sbin/exim4 -DOUTGOING
|
|
#For sendmail users: Sendmail2 = /usr/sbin/sendmail
|
|
Sendmail2 = /usr/sbin/sendmail -DOUTGOING
|
|
#Sendmail2 = /usr/sbin/sendmail
|
|
|
|
#
|
|
# Incoming Work Dir Settings
|
|
# --------------------------
|
|
#
|
|
# You should not normally need to touch these settings at all,
|
|
# unless you are using ClamAV and need to be able to use the
|
|
# external archive unpackers instead of ClamAV's built-in ones.
|
|
|
|
# If you want to create the temporary working files so they are owned
|
|
# by a user other than the "Run As User" setting at the top of this file,
|
|
# you can change that here.
|
|
# Note: If the "Run As User" is not "root" then you cannot change the
|
|
# user but may still be able to change the group, if the
|
|
# "Run As User" is a member of both of the groups "Run As Group"
|
|
# and "Incoming Work Group".
|
|
Incoming Work User =
|
|
Incoming Work Group =
|
|
|
|
# If you want processes running under the same *group* as MailScanner to
|
|
# be able to read the working files (and list what is in the
|
|
# directories, of course), set to 0640. If you want *all* other users to
|
|
# be able to read them, set to 0644. For a detailed description, if
|
|
# you're not already familiar with it, refer to `man 2 chmod`.
|
|
# Typical use: external helper programs of virus scanners (notably ClamAV),
|
|
# like unpackers.
|
|
# Use with care, you may well open security holes.
|
|
Incoming Work Permissions = 0600
|
|
|
|
#
|
|
# Quarantine and Archive Settings
|
|
# -------------------------------
|
|
#
|
|
# If, for example, you are using a web interface so that users can manage
|
|
# their quarantined files, you might want to change the ownership and
|
|
# permissions of the quarantined so that they can be read and/or deleted
|
|
# by the web server.
|
|
# Don't touch this unless you know what you are doing!
|
|
|
|
# If you want to create the quarantine/archive so the files are owned
|
|
# by a user other than the "Run As User" setting at the top of this file,
|
|
# you can change that here.
|
|
# Note: If the "Run As User" is not "root" then you cannot change the
|
|
# user but may still be able to change the group, if the
|
|
# "Run As User" is a member of both of the groups "Run As Group"
|
|
# and "Quarantine Group".
|
|
Quarantine User = root
|
|
Quarantine Group = www-data
|
|
|
|
# If you want processes running under the same *group* as MailScanner to
|
|
# be able to read the quarantined files (and list what is in the
|
|
# directories, of course), set to 0640. If you want *all* other users to
|
|
# be able to read them, set to 0644. For a detailed description, if
|
|
# you're not already familiar with it, refer to `man 2 chmod`.
|
|
# Typical use: let the webserver have access to the files so users can
|
|
# download them if they really want to.
|
|
# Use with care, you may well open security holes.
|
|
Quarantine Permissions = 0660
|
|
|
|
#
|
|
# Processing Incoming Mail
|
|
# ------------------------
|
|
#
|
|
|
|
# In every batch of virus-scanning, limit the maximum
|
|
# a) number of unscanned messages to deliver
|
|
# b) number of potentially infected messages to unpack and scan
|
|
# c) total size of unscanned messages to deliver
|
|
# d) total size of potentially infected messages to unpack and scan
|
|
|
|
Max Unscanned Bytes Per Scan = 100000000
|
|
Max Unsafe Bytes Per Scan = 50000000
|
|
Max Unscanned Messages Per Scan = 30
|
|
Max Unsafe Messages Per Scan = 30
|
|
|
|
# If more messages are found in the queue than this, then switch to an
|
|
# "accelerated" mode of processing messages. This will cause it to stop
|
|
# scanning messages in strict date order, but in the order it finds them
|
|
# in the queue. If your queue is bigger than this size a lot of the time,
|
|
# then some messages could be greatly delayed. So treat this option as
|
|
# "in emergency only".
|
|
Max Normal Queue Size = 800
|
|
|
|
# If this is set to yes, then email messages passing through MailScanner
|
|
# will be processed and checked, and all the other options in this file
|
|
# will be used to control what checks are made on the message.
|
|
# If this is set to no, then email messages will NOT be processed or
|
|
# checked *at all*, and so any viruses or other problems will be ignored.
|
|
#
|
|
# The purpose of this option is to set it to be a ruleset, so that you
|
|
# can skip all scanning of mail destined for some of your users/customers
|
|
# and still scan all the rest.
|
|
# A sample ruleset would look like this:
|
|
# To: bad.customer.com no
|
|
# From: ignore.domain.com no
|
|
# FromOrTo: default yes
|
|
# That will scan all mail except mail to bad.customer.com and mail from
|
|
# ignore.domain.com. To set this up, put the 3 lines above into a file
|
|
# called /etc/MailScanner/rules/scan.messages.rules and set the next line to
|
|
# Scan Messages = %rules-dir%/scan.messages.rules
|
|
# This can also be the filename of a ruleset (as illustrated above).
|
|
Scan Messages = yes
|
|
|
|
# The maximum number of attachments allowed in a message before it is
|
|
# considered to be an error. Some email systems, if bouncing a message
|
|
# between 2 addresses repeatedly, add information about each bounce as
|
|
# an attachment, creating a message with thousands of attachments in just
|
|
# a few minutes. This can slow down or even stop MailScanner as it uses
|
|
# all available memory to unpack these thousands of attachments.
|
|
# This can also be the filename of a ruleset.
|
|
Maximum Attachments Per Message = 200
|
|
|
|
# Expand TNEF attachments using an external program (or a Perl module)?
|
|
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
|
|
# the facility built-in. However, if you set it to "no", then the filenames
|
|
# within the TNEF attachment will not be checked against the filename rules.
|
|
Expand TNEF = yes
|
|
|
|
# Some versions of Microsoft Outlook generate unparsable Rich Text
|
|
# format attachments. Do we want to deliver these bad attachments anyway?
|
|
# Setting this to yes introduces the slight risk of a virus getting through,
|
|
# but if you have a lot of troubled Outlook users you might need to do this.
|
|
# We are working on a replacement for the TNEF decoder.
|
|
# This can also be the filename of a ruleset.
|
|
Deliver Unparsable TNEF = yes
|
|
|
|
# Where the MS-TNEF expander is installed.
|
|
# This is EITHER the full command (including maxsize option) that runs
|
|
# the external TNEF expander binary,
|
|
# OR the keyword "internal" which will make MailScanner use the Perl
|
|
# module that does the same job.
|
|
# They are both provided as I am unsure which one is faster and which
|
|
# one is capable of expanding more file formats (there are plenty!).
|
|
#
|
|
# The --maxsize option limits the maximum size that any expanded attachment
|
|
# may be. It helps protect against Denial Of Service attacks in TNEF files.
|
|
# This can also be the filename of a ruleset.
|
|
#TNEF Expander = internal
|
|
TNEF Expander = /usr/bin/tnef --maxsize=100000000
|
|
|
|
# The maximum length of time the TNEF Expander is allowed to run for 1 message.
|
|
# (in seconds)
|
|
TNEF Timeout = 120
|
|
|
|
# Where the "file" command is installed.
|
|
# This is used for checking the content type of files, regardless of their
|
|
# filename.
|
|
# To disable Filetype checking, set this value to blank.
|
|
File Command = #DISABLED /usr/bin/file
|
|
|
|
# The maximum length of time the "file" command is allowed to run for 1
|
|
# batch of messages (in seconds)
|
|
File Timeout = 20
|
|
|
|
# Where the "unrar" command is installed.
|
|
# If you haven't got this command, look at www.rarlab.com.
|
|
#
|
|
# This is used for unpacking rar archives so that the contents can be
|
|
# checked for banned filenames and filetypes, and also that the
|
|
# archive can be tested to see if it is password-protected.
|
|
# Virus scanning the contents of rar archives is still left to the virus
|
|
# scanner, with one exception:
|
|
# If using the clavavmodule virus scanner, this adds external RAR checking
|
|
# to that scanner which is needed for archives which are RAR version 3.
|
|
Unrar Command = /usr/bin/unrar
|
|
|
|
# The maximum length of time the "unrar" command is allowed to run for 1
|
|
# RAR archive (in seconds)
|
|
Unrar Timeout = 50
|
|
|
|
# The maximum size, in bytes, of any message including the headers.
|
|
# If this is set to zero, then no size checking is done.
|
|
# This can also be the filename of a ruleset, so you can have different
|
|
# settings for different users. You might want to set this quite small for
|
|
# dialup users so their email applications don't time out downloading huge
|
|
# messages.
|
|
Maximum Message Size = 0
|
|
|
|
# The maximum size, in bytes, of any attachment in a message.
|
|
# If this is set to zero, effectively no attachments are allowed.
|
|
# If this is set less than zero, then no size checking is done.
|
|
# This can also be the filename of a ruleset, so you can have different
|
|
# settings for different users. You might want to set this quite small for
|
|
# large mailing lists so they don't get deluged by large attachments.
|
|
Maximum Attachment Size = -1
|
|
|
|
# The minimum size, in bytes, of any attachment in a message.
|
|
# If this is set less than or equal to zero, then no size checking is done.
|
|
# It is very useful to set this to 1 as it removes any zero-length
|
|
# attachments which may be created by broken viruses.
|
|
# This can also be the filename of a ruleset.
|
|
Minimum Attachment Size = -1
|
|
|
|
# The maximum depth to which zip archives will be unpacked, to allow for
|
|
# checking filenames and filetypes within zip archives.
|
|
#
|
|
# Note: This setting does *not* affect virus scanning in archives at all.
|
|
#
|
|
# To disable this feature set this to 0.
|
|
# A common useful setting is this option = 0, and Allow Password-Protected
|
|
# Archives = no. That block password-protected archives but does not do
|
|
# any filename/filetype checks on the files within the archive.
|
|
# This can also be the filename of a ruleset.
|
|
Maximum Archive Depth = 2
|
|
|
|
# Find zip archives by filename or by file contents?
|
|
# Finding them by content is a far more reliable way of finding them, but
|
|
# it does mean that you cannot tell your users to avoid zip file checking
|
|
# by renaming the file from ".zip" to "_zip" and tricks like that.
|
|
# Only set this to no (i.e. check by filename only) if you don't want to
|
|
# reliably check the contents of zip files. Note this does not affect
|
|
# virus checking, but it will affect all the other checks done on the contents
|
|
# of the zip file.
|
|
# This can also be the filename of a ruleset.
|
|
Find Archives By Content = yes
|
|
|
|
#
|
|
# Virus Scanning and Vulnerability Testing
|
|
# ----------------------------------------
|
|
#
|
|
|
|
# Do you want to scan email for viruses?
|
|
# A few people don't have a virus scanner licence and so want to disable
|
|
# all the virus scanning.
|
|
# If you use a ruleset for this setting, then the mail will be scanned if
|
|
# *any* of the rules match (except the default). That way unscanned mail
|
|
# never reaches a user who is having their mail virus-scanned.
|
|
#
|
|
# If you want to be able to switch scanning on/off for different users or
|
|
# different domains, set this to the filename of a ruleset.
|
|
# This can also be the filename of a ruleset.
|
|
Virus Scanning = yes
|
|
|
|
# Which Virus Scanning package to use:
|
|
# sophos from www.sophos.com, or
|
|
# sophossavi (also from www.sophos.com, using the SAVI perl module), or
|
|
# mcafee from www.mcafee.com, or
|
|
# command from www.command.co.uk, or
|
|
# bitdefender from www.bitdefender.com, or
|
|
# drweb from www.dials.ru/english/dsav_toolkit/drwebunix.htm, or
|
|
# kaspersky-4.5 from www.kaspersky.com (Version 4.5 and newer), or
|
|
# kaspersky from www.kaspersky.com, or
|
|
# kavdaemonclient from www.kaspersky.com, or
|
|
# etrust from http://www3.ca.com/Solutions/Product.asp?ID=156, or
|
|
# inoculate from www.cai.com/products/inoculateit.htm, or
|
|
# inoculan from ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z, or
|
|
# nod32 for No32 before version 1.99 from www.nod32.com, or
|
|
# nod32-1.99 for Nod32 1.99 and later, from www.nod32.com, or
|
|
# f-secure from www.f-secure.com, or
|
|
# f-prot from www.f-prot.com, or
|
|
# panda from www.pandasoftware.com, or
|
|
# rav from www.ravantivirus.com, or
|
|
# antivir from www.antivir.de, or
|
|
# clamav from www.clamav.net, or
|
|
# clamavmodule (also from www.clamav.net using the ClamAV perl module), or
|
|
# trend from www.trendmicro.com, or
|
|
# norman from www.norman.de, or
|
|
# css from www.symantec.com, or
|
|
# avg from www.grisoft.com, or
|
|
# vexira from www.centralcommand.com, or
|
|
# symscanengine from www.symantec.com (Symantec Scan Engine, not CSS), or
|
|
# generic One you wrote: edit the generic-wrapper and generic-autoupdate
|
|
# to fit your own needs. The output spec is in generic-wrapper, or
|
|
# none No virus scanning at all.
|
|
#
|
|
# Note for McAfee users: do not use any symlinks with McAfee at all. It is
|
|
# very strange but may not detect all viruses when
|
|
# started from a symlink or scanning a directory path
|
|
# including symlinks.
|
|
#
|
|
# Note: If you want to use multiple virus scanners, then this should be a
|
|
# space-separated list of virus scanners. For example:
|
|
# Virus Scanners = sophos f-prot mcafee
|
|
#
|
|
# Note: Make sure that you check that the base installation directory in the
|
|
# 3rd column of virus.scanners.conf matches the location you have
|
|
# installed each of your virus scanners. The supplied
|
|
# virus.scanners.conf file assumes the default installation locations
|
|
# recommended by each of the virus scanner installation guides.
|
|
#
|
|
# This *cannot* be the filename of a ruleset.
|
|
Virus Scanners = clamav
|
|
|
|
# The maximum length of time the commercial virus scanner is allowed to run
|
|
# for 1 batch of messages (in seconds).
|
|
Virus Scanner Timeout = 300
|
|
|
|
# Should I attempt to disinfect infected attachments and then deliver
|
|
# the clean ones. "Disinfection" involves removing viruses from files
|
|
# (such as removing macro viruses from documents). "Cleaning" is the
|
|
# replacement of infected attachments with "VirusWarning.txt" text
|
|
# attachments.
|
|
# Less than 1% of viruses in the wild can be successfully disinfected,
|
|
# as macro viruses are now a rare occurrence. So the default has been
|
|
# changed to "no" as it gives a significant performance improvement.
|
|
#
|
|
# This can also be the filename of a ruleset.
|
|
Deliver Disinfected Files = no
|
|
|
|
# Strings listed here will be searched for in the output of the virus scanners.
|
|
# It is used to list which viruses should be handled differently from other
|
|
# viruses. If a virus name is given here, then
|
|
# 1) The sender will not be warned that he sent it
|
|
# 2) No attempt at true disinfection will take place
|
|
# (but it will still be "cleaned" by removing the nasty attachments
|
|
# from the message)
|
|
# 3) The recipient will not receive the message,
|
|
# unless the "Still Deliver Silent Viruses" option is set
|
|
# Other words that can be put in this list are the 5 special keywords
|
|
# HTML-IFrame : inserting this will stop senders being warned about
|
|
# HTML Iframe tags, when they are not allowed.
|
|
# HTML-Codebase : inserting this will stop senders being warned about
|
|
# HTML Object Codebase/Data tags, when they are not allowed.
|
|
# HTML-Script : inserting this will stop senders being warned about
|
|
# HTML Script tags, when they are not allowed.
|
|
# HTML-Form : inserting this will stop senders being warned about
|
|
# HTML Form tags, when they are not allowed.
|
|
# Zip-Password : inserting this will stop senders being warned about
|
|
# password-protected zip files, when they are not allowed.
|
|
# This keyword is not needed if you include All-Viruses.
|
|
# All-Viruses : inserting this will stop senders being warned about
|
|
# any virus, while still allowing you to warn senders
|
|
# about HTML-based attacks. This includes Zip-Password
|
|
# so you don't need to include both.
|
|
#
|
|
# The default of "All-Viruses" means that no senders of viruses will be
|
|
# notified (as the sender address is always forged these days anyway),
|
|
# but anyone who sends a message that is blocked for other reasons will
|
|
# still be notified.
|
|
#
|
|
# This can also be the filename of a ruleset.
|
|
Silent Viruses = HTML-IFrame All-Viruses
|
|
|
|
# Still deliver (after cleaning) messages that contained viruses listed
|
|
# in the above option ("Silent Viruses") to the recipient?
|
|
# Setting this to "yes" is good when you are testing everything, and
|
|
# because it shows management that MailScanner is protecting them,
|
|
# but it is bad because they have to filter/delete all the incoming virus
|
|
# warnings.
|
|
#
|
|
# Note: Once you have deployed this into "production" use, you should set
|
|
# Note: this option to "no" so you don't bombard thousands of people with
|
|
# Note: useless messages they don't want!
|
|
#
|
|
# This can also be the filename of a ruleset.
|
|
Still Deliver Silent Viruses = no
|
|
|
|
# Strings listed here will be searched for in the output of the virus scanners.
|
|
# It works to achieve the opposite effect of the "Silent Viruses" listed above.
|
|
# If a string here is found in the output of the virus scanners, then the
|
|
# message will be treated as if it were not infected with a "Silent Virus".
|
|
# If a message is detected as both a silent virus and a non-forging virus,
|
|
# then the ___non-forging status will override the silent status.___
|
|
# In simple terms, you should list virus names (or parts of them) that you
|
|
# know do *not* forge the From address.
|
|
# A good example of this is a document macro virus or a Joke program.
|
|
# Another word that can be put in this list is the special keyword
|
|
# Zip-Password : inserting this will cause senders to be warned about
|
|
# password-protected zip files, when they are not allowed.
|
|
# This will over-ride the All-Viruses setting in the list
|
|
# of "Silent Viruses" above.
|
|
#
|
|
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar
|
|
|
|
# Should encrypted messages be blocked?
|
|
# This is useful if you are wary about your users sending encrypted
|
|
# messages to your competition.
|
|
# This can be a ruleset so you can block encrypted message to certain domains.
|
|
Block Encrypted Messages = no
|
|
|
|
# Should unencrypted messages be blocked?
|
|
# This could be used to ensure all your users send messages outside your
|
|
# company encrypted to avoid snooping of mail to your business partners.
|
|
# This can be a ruleset so you can just check mail to certain users/domains.
|
|
Block Unencrypted Messages = no
|
|
|
|
# Should archives which contain any password-protected files be allowed?
|
|
# Leaving this set to "no" is a good way of protecting against all the
|
|
# protected zip files used by viruses at the moment.
|
|
# This can also be the filename of a ruleset.
|
|
Allow Password-Protected Archives = no
|
|
|
|
#
|
|
# Options specific to Sophos Anti-Virus
|
|
# -------------------------------------
|
|
#
|
|
|
|
# Anything on the next line that appears in brackets at the end of a line
|
|
# of output from Sophos will cause the error/infection to be ignored.
|
|
# Use of this option is dangerous, and should only be used if you are having
|
|
# trouble with lots of corrupt PDF files, for example.
|
|
# If you need to specify more than 1 string to find in the error message,
|
|
# then put each string in quotes and separate them with a comma.
|
|
# For example:
|
|
#Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted"
|
|
Allowed Sophos Error Messages =
|
|
|
|
# The directory (or a link to it) containing all the Sophos *.ide files.
|
|
# This is only used by the "sophossavi" virus scanner, and is irrelevant
|
|
# for all other scanners.
|
|
Sophos IDE Dir = /usr/local/Sophos/ide
|
|
|
|
# The directory (or a link to it) containing all the Sophos *.so libraries.
|
|
# This is only used by the "sophossavi" virus scanner, and is irrelevant
|
|
# for all other scanners.
|
|
Sophos Lib Dir = /usr/local/Sophos/lib
|
|
|
|
# SophosSAVI only: monitor each of these files for changes in size to
|
|
# detect when a Sophos update has happened. The date of the Sophos Lib Dir
|
|
# is also monitored.
|
|
# This is only used by the "sophossavi" virus scanner, not the "sophos"
|
|
# scanner setting.
|
|
Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip
|
|
|
|
#
|
|
# Options specific to ClamAV Anti-Virus
|
|
# -------------------------------------
|
|
#
|
|
|
|
# ClamAVModule only: monitor each of these files for changes in size to
|
|
# detect when a ClamAV update has happened.
|
|
# This is only used by the "clamavmodule" virus scanner, not the "clamav"
|
|
# scanner setting.
|
|
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd
|
|
|
|
# ClamAVModule only: set limits when scanning for viruses.
|
|
#
|
|
# The maximum recursion level of archives,
|
|
# The maximum number of files per batch,
|
|
# The maximum file of each file,
|
|
# The maximum compression ratio of archive.
|
|
# These settings *cannot* be the filename of a ruleset, only a simple number.
|
|
ClamAVmodule Maximum Recursion Level = 5
|
|
ClamAVmodule Maximum Files = 1000
|
|
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
|
|
ClamAVmodule Maximum Compression Ratio = 250
|
|
|
|
#
|
|
# Removing/Logging dangerous or potentially offensive content
|
|
# -----------------------------------------------------------
|
|
#
|
|
|
|
# Do you want to scan the messages for potentially dangerous content?
|
|
# Setting this to "no" will disable all the content-based checks except
|
|
# Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
|
|
# This can also be the filename of a ruleset.
|
|
#Dangerous Content Scanning = yes
|
|
Dangerous Content Scanning = %rules-dir%/content.scanning.rules
|
|
|
|
# Do you want to allow partial messages, which only contain a fraction of
|
|
# the attachments, not the whole thing? There is absolutely no way to
|
|
# scan these "partial messages" properly for viruses, as MailScanner never
|
|
# sees all of the attachment at the same time. Enabling this option can
|
|
# allow viruses through. You have been warned.
|
|
# This can also be the filename of a ruleset so you can, for example, allow
|
|
# them in outgoing mail but not in incoming mail.
|
|
Allow Partial Messages = no
|
|
|
|
# Do you want to allow messages whose body is stored somewhere else on the
|
|
# internet, which is downloaded separately by the user's email package?
|
|
# There is no way to guarantee that the file fetched by the user's email
|
|
# package is free from viruses, as MailScanner never sees it.
|
|
# This feature is dangerous as it can allow viruses to be fetched from
|
|
# other Internet sites by a user's email package. The user would just
|
|
# think it was a normal email attachment and would have been scanned by
|
|
# MailScanner.
|
|
# It is only currently supported by Netscape 6 anyway, and the only people
|
|
# who it are the IETF. So I would strongly advise leaving this switched off.
|
|
# This can also be the filename of a ruleset.
|
|
Allow External Message Bodies = no
|
|
|
|
# Do you want to check for "Phishing" attacks?
|
|
# These are attacks that look like a genuine email message from your bank,
|
|
# which contain a link to click on to take you to the web site where you
|
|
# will be asked to type in personal information such as your account number
|
|
# or credit card details.
|
|
# Except it is not the real bank's web site at all, it is a very good copy
|
|
# of it run by thieves who want to steal your personal information or
|
|
# credit card details.
|
|
# These can be spotted because the real address of the link in the message
|
|
# is not the same as the text that appears to be the link.
|
|
# Note: This does cause extra load, particularly on systems receiving lots
|
|
# of spam such as secondary MX hosts.
|
|
# This can also be the filename of a ruleset.
|
|
Find Phishing Fraud = yes
|
|
|
|
# While detecting "Phishing" attacks, do you also want to point out links
|
|
# to numeric IP addresses. Genuine links to totally numeric IP addresses
|
|
# are very rare, so this option is set to "yes" by default. If a numeric
|
|
# IP address is found in a link, the same phishing warning message is used
|
|
# as in the Find Phishing Fraud option above.
|
|
# This can also be the filename of a ruleset.
|
|
Also Find Numeric Phishing = yes
|
|
|
|
# If a phishing fraud is detected, do you want to highlight the tag with
|
|
# a message stating that the link may be to a fraudulent web site.
|
|
# This can also be the filename of a ruleeset.
|
|
Highlight Phishing Fraud = yes
|
|
|
|
# There are some companies, such as banks, that insist on sending out
|
|
# email messages with links in them that are caught by the "Find Phishing
|
|
# Fraud" test described above.
|
|
# This is the name of a file which contains a list of link destinations
|
|
# which should be ignored in the test. This may, for example, contain
|
|
# the known websites of some banks.
|
|
# See the file itself for more information.
|
|
# This can only be the name of the file containing the list, it *cannot*
|
|
# be the filename of a ruleset.
|
|
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
|
|
|
|
# Do you want to allow <IFrame> tags in email messages? This is not a good
|
|
# idea as it allows various Microsoft Outlook security vulnerabilities to
|
|
# remain unprotected, but if you have a load of mailing lists sending them,
|
|
# then you will want to allow them to keep your users happy.
|
|
# Value: yes => Allow these tags to be in the message
|
|
# no => Ban messages containing these tags
|
|
# disarm => Allow these tags, but stop these tags from working
|
|
# This can also be the filename of a ruleset, so you can allow them from
|
|
# known mailing lists but ban them from everywhere else.
|
|
Allow IFrame Tags = disarm
|
|
|
|
# Do you want to allow <Form> tags in email messages? This is a bad idea
|
|
# as these are used as scams to pursuade people to part with credit card
|
|
# information and other personal data.
|
|
# Value: yes => Allow these tags to be in the message
|
|
# no => Ban messages containing these tags
|
|
# disarm => Allow these tags, but stop these tags from working
|
|
# Note: Disarming can be defeated, it is not 100% safe!
|
|
# This can also be the filename of a ruleset.
|
|
Allow Form Tags = disarm
|
|
|
|
# Do you want to allow <Script> tags in email messages? This is a bad idea
|
|
# as these are used to exploit vulnerabilities in email applications and
|
|
# web browsers.
|
|
# Value: yes => Allow these tags to be in the message
|
|
# no => Ban messages containing these tags
|
|
# disarm => Allow these tags, but stop these tags from working
|
|
# Note: Disarming can be defeated, it is not 100% safe!
|
|
# This can also be the filename of a ruleset.
|
|
Allow Script Tags = disarm
|
|
|
|
# Do you want to allow <Img> tags with very small images in email messages?
|
|
# This is a bad idea as these are used as 'web bugs' to find out if a message
|
|
# has been read. It is not dangerous, it is just used to make you give away
|
|
# information.
|
|
# Value: yes => Allow these tags to be in the message
|
|
# disarm => Allow these tags, but stop these tags from working
|
|
# Note: Disarming can be defeated, it is not 100% safe!
|
|
# Note: You cannot block messages containing web bugs as their detection
|
|
# is very vulnerable to false alarms.
|
|
# This can also be the filename of a ruleset.
|
|
Allow WebBugs = disarm
|
|
|
|
# Do you want to allow <Object Codebase=...> or <Object Data=...> tags
|
|
# in email messages?
|
|
# This is a bad idea as it leaves you unprotected against various
|
|
# Microsoft-specific security vulnerabilities. But if your users demand
|
|
# it, you can do it.
|
|
# Value: yes => Allow these tags to be in the message
|
|
# no => Ban messages containing these tags
|
|
# disarm => Allow these tags, but stop these tags from working
|
|
# This can also be the filename of a ruleset, so you can allow them just
|
|
# for specific users or domains.
|
|
Allow Object Codebase Tags = disarm
|
|
|
|
# This option interacts with the "Allow ... Tags" options above like this:
|
|
#
|
|
# Allow...Tags Convert Danger... Action Taken on HTML Message
|
|
# ============ ================= ============================
|
|
# no no Blocked
|
|
# no yes Blocked
|
|
# disarm no Specified HTML tags disarmed
|
|
# disarm yes Specified HTML tags disarmed
|
|
# yes no Nothing, allowed to pass
|
|
# yes yes All HTML tags stripped
|
|
#
|
|
# If an "Allow ... Tags = yes" is triggered by a message, and this
|
|
# "Convert Dangerous HTML To Text" is set to "yes", then the HTML
|
|
# message will be converted to plain text. This makes the HTML
|
|
# harmless, while still allowing your users to see the text content
|
|
# of the messages. Note that all graphical content will be removed.
|
|
#
|
|
# This can also be the filename of a ruleset, so you can make this apply
|
|
# only to specific users or domains.
|
|
Convert Dangerous HTML To Text = no
|
|
|
|
# Do you want to convert all HTML messages into plain text?
|
|
# This is very useful for users who are children or are easily offended
|
|
# by nasty things like pornographic spam.
|
|
# This can also be the filename of a ruleset, so you can switch this
|
|
# feature on and off for particular users or domains.
|
|
Convert HTML To Text = no
|
|
|
|
#
|
|
# Attachment Filename Checking
|
|
# ----------------------------
|
|
#
|
|
|
|
# Set where to find the attachment filename ruleset.
|
|
# The structure of this file is explained elsewhere, but it is used to
|
|
# accept or reject file attachments based on their name, regardless of
|
|
# whether they are infected or not.
|
|
#
|
|
# This can also point to a ruleset, but the ruleset filename must end in
|
|
# ".rules" so that MailScanner can determine if the filename given is
|
|
# a ruleset or not!
|
|
#Filename Rules = %etc-dir%/filename.rules.conf
|
|
Filename Rules = %etc-dir%/filename.rules
|
|
|
|
# Set where to find the attachment filetype ruleset.
|
|
# The structure of this file is explained elsewhere, but it is used to
|
|
# accept or reject file attachments based on their content as determined
|
|
# by the "file" command, regardless of whether they are infected or not.
|
|
#
|
|
# This can also point to a ruleset, but the ruleset filename must end in
|
|
# ".rules" so that MailScanner can determine if the filename given is
|
|
# a ruleset or not!
|
|
#
|
|
# To disable this feature, set this to just "Filetype Rules =" or set
|
|
# the location of the file command to a blank string.
|
|
#Filetype Rules = %etc-dir%/filetype.rules.conf
|
|
Filetype Rules = %etc-dir%/filetype.rules
|
|
|
|
#
|
|
# Reports and Responses
|
|
# ---------------------
|
|
#
|
|
|
|
# Do you want to store copies of the infected attachments and messages?
|
|
# This can also be the filename of a ruleset.
|
|
Quarantine Infections = yes
|
|
|
|
# There is no point quarantining most viruses these days as the infected
|
|
# messages contain no useful content, so if you set this to "no" then no
|
|
# infections listed in your "Silent Viruses" setting will be quarantined,
|
|
# even if you have chosen to quarantine infections in general. This is
|
|
# currently set to "yes" so the behaviour is the same as it was in
|
|
# previous versions.
|
|
# This can also be the filename of a ruleset.
|
|
Quarantine Silent Viruses = no
|
|
|
|
# Do you want to store copies of messages which have been disarmed by
|
|
# having their HTML modified at all?
|
|
# This can also be the filename of a ruleset.
|
|
Quarantine Modified Body = no
|
|
|
|
# Do you want to quarantine the original *entire* message as well as
|
|
# just the infected attachments?
|
|
# This can also be the filename of a ruleset.
|
|
Quarantine Whole Message = yes
|
|
|
|
# When you quarantine an entire message, do you want to store it as
|
|
# raw mail queue files (so you can easily send them onto users) or
|
|
# as human-readable files (header then body in 1 file)?
|
|
Quarantine Whole Messages As Queue Files = no
|
|
|
|
# Do you want to stop any virus-infected spam getting into the spam or MCP
|
|
# archives? If you have a system where users can release messages from the
|
|
# spam or MCP archives, then you probably want to stop them being able to
|
|
# release any infected messages, so set this to yes.
|
|
# It is set to no by default as it causes a small hit in performance, and
|
|
# many people don't allow users to access the spam quarantine, so don't
|
|
# need it.
|
|
# This can also be the filename of a ruleset.
|
|
Keep Spam And MCP Archive Clean = no
|
|
|
|
# Set where to find all the strings used so they can be translated into
|
|
# your local language.
|
|
# This can also be the filename of a ruleset so you can produce different
|
|
# languages for different messages.
|
|
Language Strings = %report-dir%/languages.conf
|
|
|
|
# Set where to find the message text sent to users when one of their
|
|
# attachments has been deleted from a message.
|
|
# These can also be the filenames of rulesets.
|
|
Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt
|
|
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
|
|
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
|
|
|
|
# Set where to find the message text sent to users when one of their
|
|
# attachments has been deleted from a message and stored in the quarantine.
|
|
# These can also be the filenames of rulesets.
|
|
Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
|
|
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
|
|
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
|
|
|
|
# Set where to find the message text sent to users explaining about the
|
|
# attached disinfected documents.
|
|
# This can also be the filename of a ruleset.
|
|
Disinfected Report = %report-dir%/disinfected.report.txt
|
|
|
|
# Set where to find the HTML and text versions that will be added to the
|
|
# end of all clean messages, if "Sign Clean Messages" is set.
|
|
# These can also be the filenames of rulesets.
|
|
Inline HTML Signature = %report-dir%/inline.sig.html
|
|
Inline Text Signature = %report-dir%/inline.sig.txt
|
|
|
|
# Set where to find the HTML and text versions that will be inserted at
|
|
# the top of messages that have had viruses removed from them.
|
|
# These can also be the filenames of rulesets.
|
|
Inline HTML Warning = %report-dir%/inline.warning.html
|
|
Inline Text Warning = %report-dir%/inline.warning.txt
|
|
|
|
# Set where to find the messages that are delivered to the sender, when they
|
|
# sent an email containing either an error, banned content, a banned filename
|
|
# or a virus infection.
|
|
# These can also be the filenames of rulesets.
|
|
Sender Content Report = %report-dir%/sender.content.report.txt
|
|
Sender Error Report = %report-dir%/sender.error.report.txt
|
|
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
|
|
Sender Virus Report = %report-dir%/sender.virus.report.txt
|
|
|
|
# Hide the directory path from all virus scanner reports sent to users.
|
|
# The extra directory paths give away information about your setup, and
|
|
# tend to just confuse users.
|
|
# This can also be the filename of a ruleset.
|
|
Hide Incoming Work Dir = yes
|
|
|
|
# Include the name of the virus scanner in each of the scanner reports.
|
|
# This also includes the translation of "MailScanner" in each of the report
|
|
# lines resulting from one of MailScanner's own checks such as filename,
|
|
# filetype or dangerous HTML content. To change the name "MailScanner", look
|
|
# in reports/...../languages.conf.
|
|
#
|
|
# Very useful if you use several virus scanners, but a bad idea if you
|
|
# don't want to let your customers know which scanners you use.
|
|
Include Scanner Name In Reports = yes
|
|
|
|
#
|
|
# Changes to Message Headers
|
|
# --------------------------
|
|
#
|
|
|
|
# Add this extra header to all mail as it is processed.
|
|
# This *must* include the colon ":" at the end.
|
|
# This can also be the filename of a ruleset.
|
|
Mail Header = X-%org-name%-MailScanner:
|
|
|
|
# Add this extra header to all messages found to be spam.
|
|
# This can also be the filename of a ruleset.
|
|
Spam Header = X-%org-name%-MailScanner-SpamCheck:
|
|
|
|
# Add this extra header if "Spam Score" = yes. The header will
|
|
# contain 1 character for every point of the SpamAssassin score.
|
|
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
|
|
|
|
# Add this extra header to all mail as it is processed.
|
|
# The contents is set by "Information Header Value" and is intended for
|
|
# you to be able to insert a help URL for your users.
|
|
# If you don't want an information header at all, just comment out this
|
|
# setting or set it to be blank.
|
|
# This can also be the filename of a ruleset.
|
|
#Information Header = X-%org-name%-MailScanner-Information:
|
|
|
|
# Do you want to add the Envelope-From: header?
|
|
# This is very useful for tracking where spam came from as it
|
|
# contains the envelope sender address.
|
|
# This can also be the filename of a ruleset.
|
|
Add Envelope From Header = yes
|
|
|
|
# Do you want to add the Envelope-To: header?
|
|
# This can be useful for tracking spam destinations, but should be
|
|
# used with care due to possible privacy concerns with the use of
|
|
# Bcc: headers by users.
|
|
# This can also be the filename of a ruleset.
|
|
Add Envelope To Header = no
|
|
|
|
# This is the name of the Envelope From header
|
|
# controlled by the option above.
|
|
# This can also be the filename of a ruleset.
|
|
Envelope From Header = X-%org-name%-MailScanner-From:
|
|
|
|
# This is the name of the Envelope To header
|
|
# controlled by the option above.
|
|
# This can also be the filename of a ruleset.
|
|
Envelope To Header = X-%org-name%-MailScanner-To:
|
|
|
|
# The character to use in the "Spam Score Header".
|
|
# Don't use: x as a score of 3 is "xxx" which the users will think is porn,
|
|
# # as it will cause confusion with comments in procmail as well
|
|
# as MailScanner itself,
|
|
# * as it will cause confusion with pattern matches in procmail,
|
|
# . as it will cause confusion with pattern matches in procmail,
|
|
# ? as it will cause the users to think something went wrong.
|
|
# "s" is nice and safe and stands for "spam".
|
|
Spam Score Character = s
|
|
|
|
# If this option is set to yes, you will get a spam-score header saying just
|
|
# the value of the spam score, instead of the row of characters representing
|
|
# the score.
|
|
# This can also be the filename of a ruleset.
|
|
SpamScore Number Instead Of Stars = no
|
|
|
|
# This sets the minimum number of "Spam Score Characters" which will appear
|
|
# if a message triggered the "Spam List" setting but received a very low
|
|
# SpamAssassin score. This means that people who only filter on the "Spam
|
|
# Stars" will still be able to catch messages which receive a very low
|
|
# SpamAssassin score. Set this value to 0 to disable it.
|
|
# This can also be the filename of a ruleset.
|
|
Minimum Stars If On Spam List = 0
|
|
|
|
# Set the "Mail Header" to these values for clean/infected/disinfected messages.
|
|
# This can also be the filename of a ruleset.
|
|
Clean Header Value = Found to be clean
|
|
Infected Header Value = Found to be infected
|
|
Disinfected Header Value = Disinfected
|
|
|
|
# Set the "Information Header" to this value.
|
|
# This can also be the filename of a ruleset.
|
|
Information Header Value = Please contact the ISP for more information
|
|
|
|
# Do you want the full spam report, or just a simple "spam / not spam" report?
|
|
Detailed Spam Report = yes
|
|
|
|
# Do you want to include the numerical scores in the detailed SpamAssassin
|
|
# report, or just list the names of the scores
|
|
Include Scores In SpamAssassin Report = yes
|
|
|
|
# Do you want to always include the Spam Report in the SpamCheck
|
|
# header, even if the message wasn't spam?
|
|
# This can also be the filename of a ruleset.
|
|
Always Include SpamAssassin Report = no
|
|
|
|
# What to do when you get several MailScanner headers in one message,
|
|
# from multiple MailScanner servers. Values are
|
|
# "append" : Append the new data to the existing header
|
|
# "add" : Add a new header
|
|
# "replace" : Replace the old data with the new data
|
|
# Default is "append"
|
|
# This can also be the filename of a ruleset.
|
|
Multiple Headers = append
|
|
|
|
# Name of this host, or a name like "the MailScanner" if you want to hide
|
|
# the real hostname. It is used in the Help Desk note contained in the
|
|
# virus warnings sent to users.
|
|
# Remember you can use $HOSTNAME in here, so you might want to set it to
|
|
# Hostname = the %org-name% ($HOSTNAME) MailScanner
|
|
# This can also be the filename of a ruleset.
|
|
Hostname = the %org-name% ($HOSTNAME) MailScanner
|
|
|
|
# If this is "no", then (as far as possible) messages which have already
|
|
# been processed by another MailScanner server will not have the clean
|
|
# signature added to the message. This prevents messages getting many
|
|
# copies of the signature as they flow through your site.
|
|
# This can also be the filename of a ruleset.
|
|
Sign Messages Already Processed = no
|
|
|
|
# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
|
|
# of uninfected messages?
|
|
# This can also be the filename of a ruleset.
|
|
Sign Clean Messages = yes
|
|
|
|
# Add the "Inline HTML Warning" or "Inline Text Warning" to the top of
|
|
# messages that have had attachments removed from them?
|
|
# This can also be the filename of a ruleset.
|
|
Mark Infected Messages = yes
|
|
|
|
# When a message is to not be virus-scanned (which may happen depending
|
|
# upon the setting of "Virus Scanning", especially if it is a ruleset),
|
|
# do you want to add the header advising the users to get their email
|
|
# virus-scanned by you?
|
|
# Very good for advertising your MailScanning service and encouraging
|
|
# users to give you some more money and sign up to virus scanning.
|
|
# This can also be the filename of a ruleset.
|
|
Mark Unscanned Messages = yes
|
|
|
|
# This is the text used by the "Mark Unscanned Messages" option above.
|
|
# This can also be the filename of a ruleset.
|
|
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details
|
|
|
|
# If any of these headers are included in a a message, they will be deleted.
|
|
# This is very useful for removing return-receipt requests and any headers
|
|
# which mean special things to your email client application.
|
|
# X-Mozilla-Status is bad as it allows spammers to make a message appear to
|
|
# have already been read, which is believed to bypass some naive spam
|
|
# filtering systems.
|
|
# Receipt requests are bad as they give any attacker confirmation that an
|
|
# account is active and being read. You don't want this sort of information
|
|
# to leak outside your corporation. So you might want to remove
|
|
# Disposition-Notification-To and Return-Receipt-To.
|
|
# If you are having problems with duplicate message-id headers when you
|
|
# release spam from the quarantine and send it to an Exchange server, then add
|
|
# Message-Id.
|
|
# Each header should end in a ":", but MailScanner will add it if you forget.
|
|
# Headers should be separated by commas or spaces.
|
|
# This can also be the filename of a ruleset.
|
|
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
|
|
|
|
# Do you want to deliver messages once they have been cleaned of any
|
|
# viruses?
|
|
# By making this a ruleset, you can re-create the "Deliver From Local"
|
|
# facility of previous versions.
|
|
Deliver Cleaned Messages = yes
|
|
|
|
#
|
|
# Notifications back to the senders of blocked messages
|
|
# -----------------------------------------------------
|
|
#
|
|
|
|
# Do you want to notify the people who sent you messages containing
|
|
# viruses or badly-named filenames?
|
|
# This can also be the filename of a ruleset.
|
|
Notify Senders = no
|
|
|
|
# *If* "Notify Senders" is set to yes, do you want to notify people
|
|
# who sent you messages containing viruses?
|
|
# The default value has been changed to "no" as most viruses now fake
|
|
# sender addresses and therefore should be on the "Silent Viruses" list.
|
|
# This can also be the filename of a ruleset.
|
|
Notify Senders Of Viruses = no
|
|
|
|
# *If* "Notify Senders" is set to yes, do you want to notify people
|
|
# who sent you messages containing attachments that are blocked due to
|
|
# their filename or file contents?
|
|
# This can also be the filename of a ruleset.
|
|
Notify Senders Of Blocked Filenames Or Filetypes = yes
|
|
|
|
# *If* "Notify Senders" is set to yes, do you want to notify people
|
|
# who sent you messages containing other blocked content, such as
|
|
# partial messages or messages with external bodies?
|
|
# This can also be the filename of a ruleset.
|
|
Notify Senders Of Other Blocked Content = yes
|
|
|
|
# If you supply a space-separated list of message "precedence" settings,
|
|
# then senders of those messages will not be warned about anything you
|
|
# rejected. This is particularly suitable for mailing lists, so that any
|
|
# MailScanner responses do not get sent to the entire list.
|
|
Never Notify Senders Of Precedence = list bulk
|
|
|
|
#
|
|
# Changes to the Subject: line
|
|
# ----------------------------
|
|
#
|
|
|
|
# When the message has been scanned but no other subject line changes
|
|
# have happened, do you want modify the subject line?
|
|
# This can be 1 of 3 values:
|
|
# no = Do not modify the subject line, or
|
|
# start = Add text to the start of the subject line, or
|
|
# end = Add text to the end of the subject line.
|
|
# This makes very good advertising of your MailScanning service.
|
|
# This can also be the filename of a ruleset.
|
|
Scanned Modify Subject = no # end
|
|
|
|
# This is the text to add to the start/end of the subject line if the
|
|
# "Scanned Modify Subject" option is set.
|
|
# This can also be the filename of a ruleset.
|
|
Scanned Subject Text = {Scanned}
|
|
|
|
# If the message contained a virus, do you want to modify the subject line?
|
|
# This makes filtering in Outlook very easy.
|
|
# This can also be the filename of a ruleset.
|
|
Virus Modify Subject = yes
|
|
|
|
# This is the text to add to the start of the subject if the
|
|
# "Virus Modify Subject" option is set.
|
|
# This can also be the filename of a ruleset.
|
|
Virus Subject Text = {Virus?}
|
|
|
|
# If an attachment triggered a filename check, but there was nothing
|
|
# else wrong with the message, do you want to modify the subject line?
|
|
# This makes filtering in Outlook very easy.
|
|
# This can also be the filename of a ruleset.
|
|
Filename Modify Subject = yes
|
|
|
|
# This is the text to add to the start of the subject if the
|
|
# "Filename Modify Subject" option is set.
|
|
# You might want to change this so your users can see at a glance
|
|
# whether it just was just the filename that MailScanner rejected.
|
|
# This can also be the filename of a ruleset.
|
|
Filename Subject Text = {Filename?}
|
|
|
|
# If an attachment triggered a content check, but there was nothing
|
|
# else wrong with the message, do you want to modify the subject line?
|
|
# This makes filtering in Outlook very easy.
|
|
# This can also be the filename of a ruleset.
|
|
Content Modify Subject = yes
|
|
|
|
# This is the text to add to the start of the subject if the
|
|
# "Content Modify Subject" option is set.
|
|
# You might want to change this so your users can see at a glance
|
|
# whether it just was just the content that MailScanner rejected.
|
|
# This can also be the filename of a ruleset.
|
|
Content Subject Text = {Dangerous Content?}
|
|
|
|
# If HTML tags in the message were "disarmed" by using the HTML "Allow"
|
|
# options above with the "disarm" settings, do you want to modify the
|
|
# subject line?
|
|
# This can also be the filename of a ruleset.
|
|
Disarmed Modify Subject = yes
|
|
|
|
# This is the text to add to the start of the subject if the
|
|
# "Disarmed Modify Subject" option is set.
|
|
# This can also be the filename of a ruleset.
|
|
Disarmed Subject Text = {Disarmed}
|
|
|
|
# If a potential phishing attack is found in the message, do you want to
|
|
# modify the subject line?
|
|
# This can also be the filename of a ruleset.
|
|
Phishing Modify Subject = no
|
|
|
|
# This is the text to add to the start of the subject if the "Phishing
|
|
# Modify Subhect" option is set.
|
|
# This can also be the filename of a ruleset.
|
|
Phishing Subject Text = {Fraud?}
|
|
|
|
# If the message is spam, do you want to modify the subject line?
|
|
# This makes filtering in Outlook very easy.
|
|
# This can also be the filename of a ruleset.
|
|
Spam Modify Subject = yes
|
|
|
|
# This is the text to add to the start of the subject if the
|
|
# "Spam Modify Subject" option is set.
|
|
# The exact string "_SCORE_" will be replaced by the numeric
|
|
# SpamAssassin score.
|
|
# The exact string "_STARS_" will be replaced by a row of stars
|
|
# whose length is the SpamAssassin score.
|
|
# This can also be the filename of a ruleset.
|
|
Spam Subject Text = [Spam]
|
|
|
|
# This is just like the "Spam Modify Subject" option above, except that
|
|
# it applies then the score from SpamAssassin is higher than the
|
|
# "High SpamAssassin Score" value.
|
|
# This can also be the filename of a ruleset.
|
|
High Scoring Spam Modify Subject = yes
|
|
|
|
# This is just like the "Spam Subject Text" option above, except that
|
|
# it applies then the score from SpamAssassin is higher than the
|
|
# "High SpamAssassin Score" value.
|
|
# The exact string "_SCORE_" will be replaced by the numeric
|
|
# SpamAssassin score.
|
|
# The exact string "_STARS_" will be replaced by a row of stars
|
|
# whose length is the SpamAssassin score.
|
|
# This can also be the filename of a ruleset.
|
|
High Scoring Spam Subject Text = [Spam]
|
|
|
|
#
|
|
# Changes to the Message Body
|
|
# ---------------------------
|
|
#
|
|
|
|
# When a virus or attachment is replaced by a plain-text warning,
|
|
# should the warning be in an attachment? If "no" then it will be
|
|
# placed in-line. This can also be the filename of a ruleset.
|
|
Warning Is Attachment = yes
|
|
|
|
# When a virus or attachment is replaced by a plain-text warning,
|
|
# and that warning is an attachment, this is the filename of the
|
|
# new attachment.
|
|
# This can also be the filename of a ruleset.
|
|
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
|
|
|
|
# What character set do you want to use for the attachment that
|
|
# replaces viruses (VirusWarning.txt)?
|
|
# The default is ISO-8859-1 as even Americans have to talk to the
|
|
# rest of the world occasionally :-)
|
|
# This can also be the filename of a ruleset.
|
|
Attachment Encoding Charset = ISO-8859-1
|
|
|
|
#
|
|
# Mail Archiving and Monitoring
|
|
# -----------------------------
|
|
#
|
|
|
|
# Space-separated list of any combination of
|
|
# 1. email addresses to which mail should be forwarded,
|
|
# 2. directory names where you want mail to be stored,
|
|
# 3. file names (they must already exist!) to which mail will be appended
|
|
# in "mbox" format suitable for most Unix mail systems.
|
|
#
|
|
# Any of the items above can contain the magic string _DATE_ in them
|
|
# which will be replaced with the current date in yyyymmdd format.
|
|
# This will make archive-rolling and maintenance much easier, as you can
|
|
# guarantee that yesterday's mail archive will not be in active use today.
|
|
#
|
|
# If you give this option a ruleset, you can control exactly whose mail
|
|
# is archived or forwarded. If you do this, beware of the legal implications
|
|
# as this could be deemed to be illegal interception unless the police have
|
|
# asked you to do this.
|
|
#
|
|
# Note: This setting still works even if "Scan Messages" is no.
|
|
#
|
|
#Archive Mail = /var/spool/MailScanner/archive
|
|
Archive Mail =
|
|
|
|
#
|
|
# Notices to System Administrators
|
|
# --------------------------------
|
|
#
|
|
|
|
# Notify the local system administrators ("Notices To") when any infections
|
|
# are found?
|
|
# This can also be the filename of a ruleset.
|
|
Send Notices = yes
|
|
|
|
# Include the full headers of each message in the notices sent to the local
|
|
# system administrators?
|
|
# This can also be the filename of a ruleset.
|
|
Notices Include Full Headers = yes
|
|
|
|
# Hide the directory path from all the system administrator notices.
|
|
# The extra directory paths give away information about your setup, and
|
|
# tend to just confuse users but are still useful for local sys admins.
|
|
# This can also be the filename of a ruleset.
|
|
Hide Incoming Work Dir in Notices = no
|
|
|
|
# What signature to add to the bottom of the notices.
|
|
# To insert a line-break in there, use the sequence "\n".
|
|
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
|
|
|
|
# The visible part of the email address used in the "From:" line of the
|
|
# notices. The <user@domain> part of the email address is set to the
|
|
# "Local Postmaster" setting.
|
|
Notices From = MailScanner
|
|
|
|
# Where to send the notices.
|
|
# This can also be the filename of a ruleset.
|
|
Notices To = postmaster
|
|
|
|
# Address of the local Postmaster, which is used as the "From" address in
|
|
# virus warnings sent to users.
|
|
# This can also be the filename of a ruleset.
|
|
Local Postmaster = postmaster
|
|
|
|
#
|
|
# Spam Detection and Virus Scanner Definitions
|
|
# --------------------------------------------
|
|
#
|
|
|
|
# This is the name of the file that translates the names of the "Spam List"
|
|
# values to the real DNS names of the spam blacklists.
|
|
Spam List Definitions = %etc-dir%/spam.lists.conf
|
|
|
|
# This is the name of the file that translates the names of the virus
|
|
# scanners into the commands that have to be run to do the actual scanning.
|
|
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
|
|
|
|
#
|
|
# Spam Detection and Spam Lists (DNS blocklists)
|
|
# ----------------------------------------------
|
|
#
|
|
|
|
# Do you want to check messages to see if they are spam?
|
|
# Note: If you switch this off then *no* spam checks will be done at all.
|
|
# This includes both MailScanner's own checks and SpamAssassin.
|
|
# If you want to just disable the "Spam List" feature then set
|
|
# "Spam List =" (i.e. an empty list) in the setting below.
|
|
# This can also be the filename of a ruleset.
|
|
Spam Checks = yes
|
|
|
|
# This is the list of spam blacklists (RBLs) which you are using.
|
|
# See the "Spam List Definitions" file for more information about what
|
|
# you can put here.
|
|
# This can also be the filename of a ruleset.
|
|
Spam List = # # ORDB-RBL SBL+XBL # You can un-comment this to enable them
|
|
|
|
# This is the list of spam domain blacklists which you are using
|
|
# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
|
|
# file for more information about what you can put here.
|
|
# This can also be the filename of a ruleset.
|
|
Spam Domain List =
|
|
|
|
# If a message appears in at least this number of "Spam Lists" (as defined
|
|
# above), then the message will be treated as spam and so the "Spam
|
|
# Actions" will happen, unless the message reaches the levels for "High
|
|
# Scoring Spam". By default this is set to 1 to mimic the previous
|
|
# behaviour, which means that appearing in any "Spam Lists" will cause
|
|
# the message to be treated as spam.
|
|
# This can also be the filename of a ruleset.
|
|
Spam Lists To Be Spam = 1
|
|
|
|
# If a message appears in at least this number of "Spam Lists" (as defined
|
|
# above), then the message will be treated as "High Scoring Spam" and so
|
|
# the "High Scoring Spam Actions" will happen. You probably want to set
|
|
# this to 2 if you are actually using this feature. 5 is high enough that
|
|
# it will never happen unless you use lots of "Spam Lists".
|
|
# This can also be the filename of a ruleset.
|
|
Spam Lists To Reach High Score = 2
|
|
|
|
# If an individual "Spam List" or "Spam Domain List" check takes longer
|
|
# that this (in seconds), the check is abandoned and the timeout noted.
|
|
Spam List Timeout = 10
|
|
|
|
# The maximum number of timeouts caused by any individual "Spam List" or
|
|
# "Spam Domain List" before it is marked as "unavailable". Once marked,
|
|
# the list will be ignored until the next automatic re-start (see
|
|
# "Restart Every" for the longest time it will wait).
|
|
# This can also be the filename of a ruleset.
|
|
Max Spam List Timeouts = 7
|
|
|
|
# The total number of Spam List attempts during which "Max Spam List Timeouts"
|
|
# will cause the spam list fo be marked as "unavailable". See the previous
|
|
# comment for more information.
|
|
# The default values of 5 and 10 mean that 5 timeouts in any sequence of 10
|
|
# attempts will cause the list to be marked as "unavailable" until the next
|
|
# periodic restart (see "Restart Every").
|
|
Spam List Timeouts History = 10
|
|
|
|
# Spam Whitelist:
|
|
# Make this point to a ruleset, and anything in that ruleset whose value
|
|
# is "yes" will *never* be marked as spam.
|
|
# The whitelist check is done before the blacklist check. If anyone whitelists
|
|
# a message, then all recipients get the message. If no-one has whitelisted it,
|
|
# then the blacklist is checked.
|
|
# This setting over-rides the "Is Definitely Spam" setting.
|
|
# This can also be the filename of a ruleset.
|
|
#Is Definitely Not Spam = no
|
|
#Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
|
|
#Is Definitely Not Spam = &SQLWhitelist
|
|
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
|
|
|
|
# Spam Blacklist:
|
|
# Make this point to a ruleset, and anything in that ruleset whose value
|
|
# is "yes" will *always* be marked as spam.
|
|
# This value can be over-ridden by the "Is Definitely Not Spam" setting.
|
|
# This can also be the filename of a ruleset.
|
|
#Is Definitely Spam = no
|
|
Is Definitely Spam = &SQLBlacklist
|
|
|
|
# Setting this to yes means that spam found in the blacklist is treated
|
|
# as "High Scoring Spam" in the "Spam Actions" section below. Setting it
|
|
# to no means that it will be treated as "normal" spam.
|
|
# This can also be the filename of a ruleset.
|
|
Definite Spam Is High Scoring = no
|
|
|
|
# Spammers have learnt that they can get their message through by sending
|
|
# a message with lots of recipients, one of which chooses to whitelist
|
|
# everything coming to them, including the spammer.
|
|
# So if a message arrives with more than this number of recipients, ignore
|
|
# the "Is Definitely Not Spam" whitelist.
|
|
Ignore Spam Whitelist If Recipients Exceed = 20
|
|
|
|
#
|
|
# SpamAssassin
|
|
# ------------
|
|
#
|
|
|
|
# Do you want to find spam using the "SpamAssassin" package?
|
|
# This can also be the filename of a ruleset.
|
|
Use SpamAssassin = yes
|
|
|
|
# SpamAssassin is not very fast when scanning huge messages, so messages
|
|
# bigger than this value will be truncated to this length for SpamAssassin
|
|
# testing. The original message will not be affected by this. This value
|
|
# is a good compromise as very few spam messages are bigger than this.
|
|
Max SpamAssassin Size = 30000
|
|
|
|
# This replaces the SpamAssassin configuration value 'required_hits'.
|
|
# If a message achieves a SpamAssassin score higher than this value,
|
|
# it is spam. See also the High SpamAssassin Score configuration option.
|
|
# This can also be the filename of a ruleset, so the SpamAssassin
|
|
# required_hits value can be set to different values for different messages.
|
|
Required SpamAssassin Score = 5
|
|
|
|
# If a message achieves a SpamAssassin score higher than this value,
|
|
# then the "High Scoring Spam Actions" are used. You may want to use
|
|
# this to deliver moderate scores, while deleting very high scoring messsages.
|
|
# This can also be the filename of a ruleset.
|
|
High SpamAssassin Score = 6
|
|
|
|
# Set this option to "yes" to enable the automatic whitelisting functions
|
|
# available within SpamAssassin. This will cause addresses from which you
|
|
# get real mail, to be marked so that it will never incorrectly spam-tag
|
|
# messages from those addresses.
|
|
# To disable whitelisting, you must set "use_auto_whitelist 0" in your
|
|
# spam.assassin.prefs.conf file as well as set this to no.
|
|
SpamAssassin Auto Whitelist = no
|
|
|
|
# Set the location of the SpamAssassin user_prefs file. If you want to
|
|
# stop SpamAssassin doing all the RBL checks again, then you can add
|
|
# "skip_rbl_checks = 1" to this prefs file.
|
|
SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
|
|
|
|
# If SpamAssassin takes longer than this (in seconds), the check is
|
|
# abandoned and the timeout noted.
|
|
SpamAssassin Timeout = 75
|
|
|
|
# If SpamAssassin times out more times in a row than this, then it will be
|
|
# marked as "unavailable" until MailScanner next re-starts itself.
|
|
# This means that remote network failures causing SpamAssassin trouble will
|
|
# not mean your mail stops flowing.
|
|
Max SpamAssassin Timeouts = 10
|
|
|
|
# The total number of SpamAssassin attempts during which "Max SpamAssassin
|
|
# Timeouts" will cause SpamAssassin to be marked as "unavailable".
|
|
# See the previous comment for more information.
|
|
# The default values of 10 and 20 mean that 10 timeouts in any sequence of
|
|
# 20 attempts will trigger the behaviour described above, until the next
|
|
# periodic restart (see "Restart Every").
|
|
SpamAssassin Timeouts History = 30
|
|
|
|
# If the message sender is on any of the Spam Lists, do you still want
|
|
# to do the SpamAssassin checks? Setting this to "no" will reduce the load
|
|
# on your server, but will stop the High Scoring Spam Actions from ever
|
|
# happening.
|
|
# This can also be the filename of a ruleset.
|
|
Check SpamAssassin If On Spam List = yes
|
|
|
|
# Do you want to include the "Spam Score" header. This shows 1 character
|
|
# (Spam Score Character) for every point of the SpamAssassin score. This
|
|
# makes it very easy for users to be able to filter their mail using
|
|
# whatever SpamAssassin threshold they want. For example, they just look
|
|
# for "sssss" for every message whose score is > 5, for example.
|
|
# This can also be the filename of a ruleset.
|
|
Spam Score = yes
|
|
|
|
# If you are using the Bayesian statistics engine on a busy server,
|
|
# you may well need to force a Bayesian database rebuild and expiry
|
|
# at regular intervals. This is measures in seconds.
|
|
# 1 day = 86400 seconds.
|
|
# To disable this feature set this to 0.
|
|
Rebuild Bayes Every = 0
|
|
|
|
# The Bayesian database rebuild and expiry may take a 2 or 3 minutes
|
|
# to complete. During this time you can either wait, or simply
|
|
# disable SpamAssassin checks until it has completed.
|
|
Wait During Bayes Rebuild = no
|
|
|
|
#
|
|
# Custom Spam Scanner Plugin
|
|
# --------------------------
|
|
#
|
|
|
|
# Use the Custom Spam Scanner. This is code you will have to write yourself,
|
|
# a function called "GenericSpamScanner" stored in the file
|
|
# MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm
|
|
# It will be passed
|
|
# $IP - the numeric IP address of the system on the remote end
|
|
# of the SMTP connections
|
|
# $From - the address of the envelope sender of the message
|
|
# $To - a perl reference to the envelope recipients of the message
|
|
# $Message - a perl reference to the list of line of the message
|
|
# A sample function is given in the correct file in the distribution.
|
|
# This sample function also includes code to show you how to make it run
|
|
# an external program to produce a spam score.
|
|
# This can also be the filename of a ruleset.
|
|
Use Custom Spam Scanner = no
|
|
|
|
# How much of the message should be passed tot he Custom Spam Scanner.
|
|
# Most spam tools only need the first 20kbytes of the message to determine
|
|
# if it is spam or not. Passing more than is necessary only slows things
|
|
# down.
|
|
# This can also be the filename of a ruleset.
|
|
Max Custom Spam Scanner Size = 20000
|
|
|
|
# How long should the custom spam scanner take to run? If it takes more
|
|
# seconds than this, then it should be considered to have crashed and
|
|
# should be killed. This stops denial-of-service attacks.
|
|
Custom Spam Scanner Timeout = 20
|
|
|
|
# If the Custom Spam Scanner times out more times in a row than this,
|
|
# then it will be marked as "unavailable" until MailScanner next re-
|
|
# starts itself.
|
|
Max Custom Spam Scanner Timeouts = 10
|
|
|
|
# The total number of Custom Spam Scanner attempts during which "Max
|
|
# Custom Spam Scanner Timeouts" will cause the Custom Spam Scanner to
|
|
# be marked as "unavailable". See the previous comment for more information.
|
|
# The default values of 10 and 20 mean that 10 timeouts in any sequence of
|
|
# 20 attempts will trigger the behaviour described above, until the next
|
|
# periodic restart (see "Restart Every").
|
|
Custom Spam Scanner Timeout History = 20
|
|
|
|
#
|
|
# What to do with spam
|
|
# --------------------
|
|
#
|
|
|
|
# This is a list of actions to take when a message is spam.
|
|
# It can be any combination of the following:
|
|
# deliver - deliver the message as normal
|
|
# delete - delete the message
|
|
# store - store the message in the quarantine
|
|
# bounce - send a rejection message back to the sender
|
|
# forward user@domain.com - forward a copy of the message to user@domain.com
|
|
# striphtml - convert all in-line HTML content to plain text.
|
|
# You need to specify "deliver" as well for the
|
|
# message to reach the original recipient.
|
|
# attachment - Convert the original message into an attachment
|
|
# of the message. This means the user has to take
|
|
# an extra step to open the spam, and stops "web
|
|
# bugs" very effectively.
|
|
# notify - Send the recipients a short notification that
|
|
# spam addressed to them was not delivered. They
|
|
# can then take action to request retrieval of
|
|
# the original message if they think it was not
|
|
# spam.
|
|
# header "name: value" - Add the header
|
|
# name: value
|
|
# to the message. name must not contain any spaces.
|
|
#
|
|
# This can also be the filename of a ruleset, in which case the filename
|
|
# must end in ".rule" or ".rules".
|
|
#Spam Actions = store forward anonymous@ecs.soton.ac.uk
|
|
Spam Actions = deliver store
|
|
|
|
# This is just like the "Spam Actions" option above, except that it applies
|
|
# then the score from SpamAssassin is higher than the "High SpamAssassin Score"
|
|
# value.
|
|
# deliver - deliver the message as normal
|
|
# delete - delete the message
|
|
# store - store the message in the quarantine
|
|
# forward user@domain.com - forward a copy of the message to user@domain.com
|
|
# striphtml - convert all in-line HTML content to plain text.
|
|
# You need to specify "deliver" as well for the
|
|
# message to reach the original recipient.
|
|
# attachment - Convert the original message into an attachment
|
|
# of the message. This means the user has to take
|
|
# an extra step to open the spam, and stops "web
|
|
# bugs" very effectively.
|
|
# notify - Send the recipients a short notification that
|
|
# spam addressed to them was not delivered. They
|
|
# can then take action to request retrieval of
|
|
# the original message if they think it was not
|
|
# spam.
|
|
# header "name: value" - Add the header
|
|
# name: value
|
|
# to the message. name must not contain any spaces.
|
|
#
|
|
# This can also be the filename of a ruleset, in which case the filename
|
|
# must end in ".rule" or ".rules".
|
|
#High Scoring Spam Actions = deliver
|
|
High Scoring Spam Actions = store
|
|
|
|
# This is just like the "Spam Actions" option above, except that it applies
|
|
# to messages that are *NOT* spam.
|
|
# deliver - deliver the message as normal
|
|
# delete - delete the message
|
|
# store - store the message in the quarantine
|
|
# forward user@domain.com - forward a copy of the message to user@domain.com
|
|
# striphtml - convert all in-line HTML content to plain text
|
|
# header "name: value" - Add the header
|
|
# name: value
|
|
# to the message. name must not contain any spaces.
|
|
#
|
|
# This can also be the filename of a ruleset, in which case the filename
|
|
# must end in ".rule" or ".rules".
|
|
Non Spam Actions = deliver
|
|
|
|
# There are 3 reports:
|
|
# Sender Spam Report - sent when a message triggers both a Spam
|
|
# List and SpamAssassin,
|
|
# Sender Spam List Report - sent when a message triggers a Spam List,
|
|
# Sender SpamAssassin Report - sent when a message triggers SpamAssassin.
|
|
#
|
|
# These can also be the filenames of rulesets.
|
|
Sender Spam Report = %report-dir%/sender.spam.report.txt
|
|
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
|
|
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
|
|
|
|
# If you use the 'attachment' Spam Action or High Scoring Spam Action
|
|
# then this is the location of inline spam report that is inserted at
|
|
# the top of the message.
|
|
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
|
|
|
|
# If you use the 'notify' Spam Action or High Scoring Spam Action then
|
|
# this is the location of the notification message that is sent to the
|
|
# original recipients of the message.
|
|
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
|
|
|
|
# You can use this ruleset to enable the "bounce" Spam Action.
|
|
# You must *only* enable this for mail from sites with which you have
|
|
# agreed to bounce possible spam. Use it on low-scoring spam only (<10)
|
|
# and only to your regular customers for use in the rare case that a
|
|
# message is mis-tagged as spam when it shouldn't have been.
|
|
# Beware that many sites will automatically delete the bounce messages
|
|
# created by using this option unless you have agreed this with them in
|
|
# advance.
|
|
# If you enable this, be prepared to handle the irate responses from
|
|
# people to whom you are essentially sending more spam!
|
|
Enable Spam Bounce = %rules-dir%/bounce.rules
|
|
|
|
# When you bounce a spam message back to the sender, do you want to
|
|
# encapsulate it in another message, rather like the "attachment" option
|
|
# when delivering spam to the original recipient?
|
|
# NOTE: If you enable this option, be sure to whitelist your local server
|
|
# ie. 127.0.0.1 as otherwise the spam bounce message will be detected
|
|
# as spam again, which will cause another spam bounce and so on
|
|
# until your mail queues fill up and your server crashes!
|
|
# This can also be the filename of a ruleset.
|
|
Bounce Spam As Attachment = no
|
|
|
|
#
|
|
# Logging
|
|
# -------
|
|
#
|
|
|
|
# This is the syslog "facility" name that MailScanner uses. If you don't
|
|
# know what a syslog facility name is, then either don't change this value
|
|
# or else go and read "man syslog.conf". The default value of "mail" will
|
|
# cause the MailScanner logs to go into the same place as all your other
|
|
# mail logs.
|
|
Syslog Facility = mail
|
|
|
|
# Do you want to log the processing speed for each section of the code
|
|
# for a batch? This can be very useful for diagnosing speed problems,
|
|
# particularly in spam checking.
|
|
Log Speed = no
|
|
|
|
# Do you want all spam to be logged? Useful if you want to gather
|
|
# spam statistics from your logs, but can increase the system load quite
|
|
# a bit if you get a lot of spam.
|
|
Log Spam = no
|
|
|
|
# Do you want all non-spam to be logged? Useful if you want to see
|
|
# all the SpamAssassin reports of mail that was marked as non-spam.
|
|
# Note: It will generate a lot of log traffic.
|
|
Log Non Spam = no
|
|
|
|
# Log all the filenames that are allowed by the Filename Rules, or just
|
|
# the filenames that are denied?
|
|
# This can also be the filename of a ruleset.
|
|
Log Permitted Filenames = no
|
|
|
|
# Log all the filenames that are allowed by the Filetype Rules, or just
|
|
# the filetypes that are denied?
|
|
# This can also be the filename of a ruleset.
|
|
Log Permitted Filetypes = no
|
|
|
|
# Log all occurrences of "Silent Viruses" as defined above?
|
|
# This can only be a simple yes/no value, not a ruleset.
|
|
Log Silent Viruses = no
|
|
|
|
# Log all occurrences of HTML tags found in messages, that can be blocked.
|
|
# This will help you build up your whitelist of message sources for which
|
|
# particular HTML tags should be allowed, such as mail from newsletters
|
|
# and daily cartoon strips.
|
|
# This can also be the filename of a ruleset.
|
|
Log Dangerous HTML Tags = no
|
|
|
|
#
|
|
# Advanced SpamAssassin Settings
|
|
# ------------------------------
|
|
#
|
|
# If you are using Postfix you may well need to use some of the settings
|
|
# below, as the home directory for the "postfix" user cannot be written
|
|
# to by the "postfix" user.
|
|
# You may also need to use these if you have installed SpamAssassin
|
|
# somewhere other than the default location.
|
|
#
|
|
|
|
# The per-user files (bayes, auto-whitelist, user_prefs) are looked
|
|
# for here and in ~/.spamassassin/. Note the files are mutable.
|
|
# If this is unset then no extra places are searched for.
|
|
# If using Postfix, you probably want to set this as shown in the example
|
|
# line at the end of this comment, and do
|
|
# mkdir /var/spool/MailScanner/spamassassin
|
|
# chown postfix.postfix /var/spool/MailScanner/spamassassin
|
|
# NOTE: SpamAssassin is always called from MailScanner as the same user,
|
|
# and that is the "Run As" user specified above. So you can only
|
|
# have 1 set of "per-user" files, it's just that you might possibly
|
|
# need to modify this location.
|
|
# You should not normally need to set this at all.
|
|
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
|
|
#SpamAssassin User State Dir = /var/lib/MailScanner
|
|
|
|
|
|
# This setting is useful if SpamAssassin is installed in an unusual place,
|
|
# e.g. /opt/MailScanner. The install prefix is used to find some fallback
|
|
# directories if neither of the following two settings work.
|
|
# If this is set then it adds to the list of places that are searched;
|
|
# otherwise it has no effect.
|
|
#SpamAssassin Install Prefix = /opt/MailScanner
|
|
SpamAssassin Install Prefix =
|
|
|
|
# The site rules are searched for here.
|
|
# Normal location on most systems is /etc/mail/spamassassin.
|
|
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
|
|
|
|
# The site-local rules are searched for here, and in prefix/etc/spamassassin,
|
|
# prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin,
|
|
# /etc/mail/spamassassin, and maybe others.
|
|
# If this is set then it adds to the list of places that are searched;
|
|
# otherwise it has no effect.
|
|
#SpamAssassin Local Rules Dir = /etc/MailScanner/mail/spamassassin
|
|
SpamAssassin Local Rules Dir =
|
|
|
|
# The default rules are searched for here, and in prefix/share/spamassassin,
|
|
# /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others.
|
|
# If this is set then it adds to the list of places that are searched;
|
|
# otherwise it has no effect.
|
|
#SpamAssassin Default Rules Dir = /usr/share/spamassassin
|
|
SpamAssassin Default Rules Dir =
|
|
|
|
#
|
|
# MCP (Message Content Protection)
|
|
# -----------------------------
|
|
#
|
|
# This scans text and HTML messages segments for any banned text, using
|
|
# a 2nd copy of SpamAssassin to provide the searching abilities.
|
|
# This 2nd copy has its own entire set of rules, preferences and settings.
|
|
# When used together with the patches for SpamAssassin, it can also check
|
|
# the content of attachments such as office documents.
|
|
#
|
|
# See http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/ for more info.
|
|
#
|
|
|
|
MCP Checks = no
|
|
|
|
# Do the spam checks first, or the MCP checks first?
|
|
# This cannot be the filename of a ruleset, only a fixed value.
|
|
First Check = mcp
|
|
|
|
# The rest of these options are clones of the equivalent spam options
|
|
MCP Required SpamAssassin Score = 1
|
|
MCP High SpamAssassin Score = 10
|
|
MCP Error Score = 1
|
|
|
|
MCP Header = X-%org-name%-MailScanner-MCPCheck:
|
|
Non MCP Actions = deliver
|
|
MCP Actions = deliver
|
|
High Scoring MCP Actions = deliver
|
|
Bounce MCP As Attachment = no
|
|
|
|
MCP Modify Subject = yes
|
|
MCP Subject Text = {MCP?}
|
|
High Scoring MCP Modify Subject = yes
|
|
High Scoring MCP Subject Text = {MCP?}
|
|
|
|
Is Definitely MCP = no
|
|
Is Definitely Not MCP = no
|
|
Definite MCP Is High Scoring = no
|
|
Always Include MCP Report = no
|
|
Detailed MCP Report = yes
|
|
Include Scores In MCP Report = no
|
|
Log MCP = no
|
|
|
|
MCP Max SpamAssassin Timeouts = 20
|
|
MCP Max SpamAssassin Size = 100000
|
|
MCP SpamAssassin Timeout = 10
|
|
|
|
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
|
|
MCP SpamAssassin User State Dir =
|
|
MCP SpamAssassin Local Rules Dir = %mcp-dir%
|
|
MCP SpamAssassin Default Rules Dir = %mcp-dir%
|
|
MCP SpamAssassin Install Prefix = %mcp-dir%
|
|
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
|
|
Sender MCP Report = %report-dir%/sender.mcp.report.txt
|
|
|
|
#
|
|
# Advanced Settings
|
|
# -----------------
|
|
#
|
|
# Don't bother changing anything below this unless you really know
|
|
# what you are doing, or else if MailScanner has complained about
|
|
# your "Minimum Code Status" setting.
|
|
#
|
|
|
|
# When trying to work out the value of configuration parameters which are
|
|
# using a ruleset, this controls the behaviour when a rule is checking the
|
|
# "To:" addresses.
|
|
# If this option is set to "yes", then the following happens when checking
|
|
# the ruleset:
|
|
# a) 1 recipient. Same behaviour as normal.
|
|
# b) Several recipients, but all in the same domain (domain.com for example).
|
|
# The rules are checked for one that matches the string "*@domain.com".
|
|
# c) Several recipients, not all in the same domain.
|
|
# The rules are checked for one that matches the string "*@*".
|
|
#
|
|
# If this option is set to "no", then some rules will use the result they
|
|
# get from the first matching rule for any of the recipients of a message,
|
|
# so the exact value cannot be predicted for messages with more than 1
|
|
# recipient.
|
|
#
|
|
# This value *cannot* be the filename of a ruleset.
|
|
Use Default Rules With Multiple Recipients = no
|
|
|
|
# When putting the value of the spam score of a message into the headers,
|
|
# how do you want to format it. If you don't know how to use sprintf() or
|
|
# printf() in C, please *do not modify* this value. A few examples for you:
|
|
# %d ==> 12
|
|
# %5.2f ==> 12.34
|
|
# %05.1f ==> 012.3
|
|
# This can also be the filename of a ruleset.
|
|
Spam Score Number Format = %d
|
|
|
|
# This is the version number of the MailScanner distribution that created
|
|
# this configuration file. Please do not change this value.
|
|
MailScanner Version Number = 4.46.2
|
|
|
|
# Set Debug to "yes" to stop it running as a daemon and just process
|
|
# one batch of messages and then exit.
|
|
Debug = no
|
|
|
|
# Do you want to debug SpamAssassin from within MailScanner?
|
|
Debug SpamAssassin = no
|
|
|
|
# Set Run In Foreground to "yes" if you want MailScanner to operate
|
|
# normally in foreground (and not as a background daemon).
|
|
# Use this if you are controlling the execution of MailScanner
|
|
# with a tool like DJB's 'supervise' (see http://cr.yp.to/daemontools.html).
|
|
Run In Foreground = no
|
|
|
|
# If you are using an LDAP server to read the configuration, these
|
|
# are the details required for the LDAP connection. The connection
|
|
# is anonymous.
|
|
#LDAP Server = localhost
|
|
#LDAP Base = o=fsl
|
|
#LDAP Site = default
|
|
|
|
# This option is intended for people who want to log more information
|
|
# about messages than what is put in syslog. It is intended to be used
|
|
# with a Custom Function which has the side-effect of logging information,
|
|
# perhaps to an SQL database, or any other processing you want to do
|
|
# after each message is processed.
|
|
# Its value is completely ignored, it is purely there to have side
|
|
# effects.
|
|
# If you want to use it, read CustomConfig.pm.
|
|
Always Looked Up Last = &MailWatchLogging
|
|
|
|
# When attempting delivery of outgoing messages, should we do it in the
|
|
# background or wait for it to complete? The danger of doing it in the
|
|
# background is that the machine load goes ever upwards while all the
|
|
# slow sendmail processes run to completion. However, running it in the
|
|
# foreground may cause the mail server to run too slowly.
|
|
Deliver In Background = yes
|
|
|
|
# Attempt immediate delivery of messages, or just place them in the outgoing
|
|
# queue for the MTA to deliver when it wants to?
|
|
# batch -- attempt delivery of messages, in batches of up to 20 at once.
|
|
# queue -- just place them in the queue and let the MTA find them.
|
|
# This can also be the filename of a ruleset. For example, you could use a
|
|
# ruleset here so that messages coming to you are immediately delivered,
|
|
# while messages going to any other site are just placed in the queue in
|
|
# case the remote delivery is very slow.
|
|
Delivery Method = batch
|
|
|
|
# Are you using Exim with split spool directories? If you don't understand
|
|
# this, the answer is probably "no". Refer to the Exim documentation for
|
|
# more information about split spool directories.
|
|
Split Exim Spool = no
|
|
|
|
# Where to put the virus scanning engine lock files.
|
|
# These lock files are used between MailScanner and the virus signature
|
|
# "autoupdate" scripts, to ensure that they aren't both working at the
|
|
# same time (which could cause MailScanner to let a virus through).
|
|
Lockfile Dir = /var/lock/subsys/MailScanner
|
|
|
|
# Where to put the code for your "Custom Functions". No code in this
|
|
# directory should be over-written by the installation or upgrade process.
|
|
# All files starting with "." or ending with ".rpmnew" will be ignored,
|
|
# all other files will be compiled and may be used with Custom Functions.
|
|
Custom Functions Dir = /etc/MailScanner/CustomFunctions
|
|
|
|
# How to lock spool files.
|
|
# Don't set this unless you *know* you need to.
|
|
# For sendmail, it defaults to "flock".
|
|
# For sendmail 8.13 onwards, you will probably need to change it to posix.
|
|
# For Exim, it defaults to "posix".
|
|
# No other type is implemented.
|
|
Lock Type =
|
|
|
|
# Minimum acceptable code stability status -- if we come across code
|
|
# that's not at least as stable as this, we barf.
|
|
# This is currently only used to check that you don't end up using untested
|
|
# virus scanner support code without realising it.
|
|
# Levels used are:
|
|
# none - there may not even be any code.
|
|
# unsupported - code may be completely untested, a contributed dirty hack,
|
|
# anything, really.
|
|
# alpha - code is pretty well untested. Don't assume it will work.
|
|
# beta - code is tested a bit. It should work.
|
|
# supported - code *should* be reliable.
|
|
#
|
|
# Don't even *think* about setting this to anything other than "beta" or
|
|
# "supported" on a system that receives real mail until you have tested it
|
|
# yourself and are happy that it is all working as you expect it to.
|
|
# Don't set it to anything other than "supported" on a system that could
|
|
# ever receive important mail.
|
|
#
|
|
# READ and UNDERSTAND the above text BEFORE changing this.
|
|
#
|
|
Minimum Code Status = supported
|
|
|