1# Main configuration file for the MailScanner Email Processor
2#
3# READ THIS FIRST!
4# Instead of making changes directly to this file, you should put your
5# configuration options in your own file in /etc/MailScanner/conf.d/
6# Example file: /etc/MailScanner/conf.d/my_settings.conf
7# However, if you are changing some variable definition which is used
8# in other definitions in this file such as %org-name% in the first
9# example below, you must also either change it in this file or copy
10# all the definitions that use that variable into your own file.
11#
12# Examples:
13#
14#	%org-name% = foobar
15#	Max Children = 30
16#	Incoming Queue Dir = /var/spool/mqueue.in
17#
18# READ THIS TOO!
19# In addition to this file you must also set your preferences in:
20#
21# /etc/MailScanner/defaults
22#
23# It's good practice to check through configuration files to make sure
24# they fit with your system and your needs, whatever you expect them to
25# contain.
26#
27# Note: If your directories are symlinked (soft-linked) in any way,
28#       please put their *real* location in here, not a path that
29#       includes any links. You may get some very strange error
30#       messages from some of the virus scanners if you don't.
31#
32# Note for Version 4.00 and above:
33#       A lot of the settings can take a ruleset as well as just simple
34#       values. These rulesets are files containing rules which are applied
35#       to the current message to calculate the value of the configuration
36#       option. The rules are checked in the order they appear in the ruleset.
37#
38# Note for Version 4.03 and above:
39#       As well as rulesets, you can now include your own functions in
40#       here. Look at the directory containing Config.pm and you will find
41#       CustomConfig.pm. In here, you can add your own "value" function and
42#       an Initvalue function to set up any global state you need such as
43#       database connections. Then for a setting below, you can put:
44#               Configuration Option = &ValueFunction
45#       where "ValueFunction" is the name of the function you have
46#       written in CustomConfig.pm.
47#
48# Note for Version 4.54 and above:
49#       Numbers can be scaled by 1 thousand, 1 million or 1 billion by
50#       putting a "k", "m" or "g" immediately after the number. You must
51#       *not* put any spaces between the number and the k, m or g.
52#
53# Note for Version 4.77 and above:
54#	If you are going to use "host:" in rulesets, it is imperative that
55#	you have a local caching name-server (DNS server). Or else using
56#	"host:" in rulesets will really slow you down.
57#
58# Note for Version 4.78 and above:
59#       This file now supports nested "include" statements. The syntax is
60#       include filename-wildcard-here
61#       where filename-wildcard-here is replaced with the full path of one
62#       or more other MailScanner.conf files to be read. You can use the
63#       normal shell wildcard characters such as "*".
64#       For each setting, the last value read will be used by MailScanner.
65#       At the end of this file, there is an "include" that will pull in
66#       all the files in /etc/MailScanner/conf.d so you can just add
67#       your own local changes in there, and not need to modify this file.
68#
69
70#
71# Definition of variables which are substituted into definitions below.
72#
73# You can add any %variables% that you want to use in addition to the
74# ones provided.
75#
76# You can also use any shell environment variables here such as $HOSTNAME
77# or ${HOSTNAME} in configuration settings and rulesets. See the
78# definition of "Hostname" for an example.
79#
80
81# Enter a short identifying name for your organisation below, this is
82# used to make the X-MailScanner headers unique for your organisation.
83# Multiple servers within one site should use an identical value here
84# to avoid adding multiple redundant headers where mail has passed
85# through several servers within your organisation.
86#
87# Note: Some Symantec scanners complain (incorrectly) about "."
88# ***** characters appearing in the names of headers.
89#       Some other mail servers complain about "_" characters
90#       appearing in the names of headers as well.
91#       So don't put "." or "_" in this setting.
92#
93# **** RULE: It must not contain any spaces! ****
94%org-name% = yoursite
95
96# Enter the full name of your organisation below, this is used in the
97# signature placed at the bottom of report messages sent by MailScanner.
98# It can include pretty much any text you like. You can make the result
99# span several lines by including "\n" sequences in the text. These will
100# be replaced by line-breaks.
101%org-long-name% = Your Organisation Name Here
102
103# Enter the location of your organisation's web site below. This is used
104# in the signature placed at the bottom of report messages sent by
105# MailScanner. It should preferably be the location of a page that you
106# have written explaining why you might have rejected the mail and what
107# the recipient and/or sender should do about it.
108%web-site% = www.your-organisation.com
109
110# Configuration directory containing this file
111%etc-dir% = /etc/MailScanner
112
113# Set the directory containing all the reports in the required language
114%report-dir% = /usr/share/MailScanner/reports/en
115
116# Rulesets directory containing your ".rules" files
117%rules-dir% = /etc/MailScanner/rules
118
119# Configuration directory containing files related to MCP
120# (Message Content Protection)
121%mcp-dir% = /etc/MailScanner/mcp
122
123# One other that is set automatically for you is %version% which is,
124# unsurprisingly, the string of the MailScanner version. It does not
125# contain the build number (the "-1" on the end), but does include the rest.
126
127
128#
129# System settings
130# ---------------
131#
132
133# How many MailScanner processes do you want to run at a time?
134# There is no point increasing this figure if your MailScanner server
135# is happily keeping up with your mail traffic.
136# If you are running on a server with more than 1 CPU, or you have a
137# high mail load (and/or slow DNS lookups) then you should see better
138# performance if you increase this figure.
139# If you are running on a small system with limited RAM, you should
140# note that each child takes just over 20MB.
141#
142# As a rough guide, try 5 children per CPU. But read the notes above.
143Max Children = 5
144
145# The number of milter children to use when using the prefork dispatcher
146# This setting is ignored when using the postfork dispatcher
147Milter Max Children = 10
148
149# Dispatcher method for the milter.  Options are prefork and postfork.
150# prefork spawns a predefined maximum number of children, which is suitable
151# for non-bursty and steady traffic
152# A word of caution with prefork: bursts in traffic may exhaust all children
153# and result in connection failures to the milter.  Use more children or
154# consider using postfork
155# postfork spawns children as connections are made and is suitable for
156# bursty and intermittent traffic
157Milter Dispatcher = postfork
158
159# User to run as (not normally used for sendmail)
160# If you want to change the ownership or permissions of the quarantine or
161# temporary files created by MailScanner, please see the "Incoming Work"
162# settings later in this file.
163#Run As User = mail
164#Run As User = postfix
165Run As User =
166
167# Group to run as (not normally used for sendmail)
168#Run As Group = mail
169#Run As Group = postfix
170Run As Group =
171
172# How often (in seconds) should each process check the incoming mail
173# queue for new messages? If you have a quiet mail server, you might
174# want to increase this value so it causes less load on your server, at
175# the cost of slightly increasing the time taken for an average message
176# to be processed.
177Queue Scan Interval = 6
178
179# Set location of incoming mail queue
180#
181# This can be any one of
182# 1. A directory name
183#    Example: /var/spool/mqueue.in
184# 2. A wildcard giving directory names
185#    Example: /var/spool/mqueue.in/*
186# 3. The name of a file containing a list of directory names,
187#    which can in turn contain wildcards.
188#    Example: /etc/MailScanner/mqueue.in.list.conf
189#
190# If you are using sendmail and have your queues split into qf, df, xf
191# directories, then just specify the main directory, do not give me the
192# directory names of the qf,df,xf directories.
193# Example: if you have /var/spool/mqueue.in/qf
194#                      /var/spool/mqueue.in/df
195#                      /var/spool/mqueue.in/xf
196# then just tell me /var/spool/mqueue.in. I will find the subdirectories
197# automatically.
198#
199Incoming Queue Dir = /var/spool/mqueue.in
200
201# Set location of outgoing mail queue.
202# This can also be the filename of a ruleset.
203Outgoing Queue Dir = /var/spool/mqueue
204
205# Set where to unpack incoming messages before scanning them
206# This can completely safely use tmpfs or a ramdisk, which will
207# give you a significant performance improvement.
208# NOTE: The path given here must not include any links at all,
209# NOTE: but must be the absolute path to the directory.
210# NOTE: If you change this, you should change these too:
211# NOTE:        SpamAssassin Temporary Dir
212# NOTE:        SpamAssassin Cache Database File
213Incoming Work Dir = /var/spool/MailScanner/incoming
214
215# Set where to store infected and message attachments (if they are kept)
216# This can also be the filename of a ruleset.
217Quarantine Dir = /var/spool/MailScanner/quarantine
218
219# Set where to store the process id number so you can stop MailScanner
220# You should NOT put this in a subdirectory of /var/run else you will
221# run into problems.
222PID file = /var/run/MailScanner.pid
223
224# Set Milter PID File, if in use
225Milter PID File = /var/run/MSMilter.pid
226
227# To avoid resource leaks, re-start periodically. Forces a re-read of all
228# the configuration files too, so new updates to the bad phishing sites list
229# are read frequently.
230Restart Every = 7200
231
232# Set whether to use postfix, sendmail, exim, zmailer, or msmail (milter)
233# If you are using postfix, then see the "SpamAssassin User State Dir"
234# setting near the end of this file
235MTA = sendmail
236
237# If using msmail, define whether postfix is using long or short IDs
238MSMail Queue Type = short
239
240# MSMail delivery method
241# Scanned mail can be delivered using SMTP or QMQP
242MSMail Delivery Method = SMTP
243
244# MSMail Socket type when using QMQP
245# Can be set to unix or inet
246# This setting is ignored for SMTP delivery
247MSMail Socket Type = unix
248
249# MSMail Socket Directory when using a unix port
250# This setting is ignored for SMTP delivery
251MSMail Socket Dir = /var/spool/postfix/public/qmqp
252
253# Port msmail should deliver messages to relay
254# If using QMQP with an inet socket, this port is typically 628
255MSMail Relay Port = 25
256
257# IP Address msmail should use to deliver
258MSMail Relay Address = 127.0.0.1
259
260# Milter loopback behavior
261# When delivering scanned mail using SMTP, this prevents
262# an infinite mail loop and must be set to yes
263# When delivering scanned mail using QMQP, this can be
264# set to no to allow scanning of mail received on loopback
265# interfaces
266Milter Ignore Loopback = yes
267
268# If using the milter/msmail, this setting will activate
269# the milter scanner, which will reject mail that meets
270# certain criteria (i.e. blacklisted)
271Milter Scanner = yes
272
273# Port the milter should use
274Milter Port = 33333
275
276# IP the milter should bind
277Milter Bind = 127.0.0.1
278
279# Set how to invoke MTA when sending messages MailScanner has created
280# (e.g. to sender/recipient saying "found a virus in your message")
281# This can also be the filename of a ruleset.
282Sendmail = /usr/lib/sendmail
283
284# Sendmail2 is provided for Exim users.
285# It is the command used to attempt delivery of outgoing cleaned/disinfected
286# messages.
287# This is not usually required for sendmail.
288# This can also be the filename of a ruleset.
289#For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf
290#For sendmail users: Sendmail2 = /usr/lib/sendmail
291#Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf
292Sendmail2 = /usr/lib/sendmail
293
294#
295# Incoming Work Dir Settings
296# --------------------------
297#
298# You should not normally need to touch these settings at all,
299# unless you are using ClamAV and need to be able to use the
300# external archive unpackers instead of ClamAV's built-in ones.
301
302# If you want to create the temporary working files so they are owned
303# by a user other than the "Run As User" setting at the top of this file,
304# you can change that here.
305#
306# Note: If the "Run As User" is not "root" you cannot change the
307#       user but may still be able to change the group, if the
308#       "Run As User" is a member of both of the groups "Run As Group"
309#       and "Incoming Work Group"
310# Note: If the "Run As User" is "root" (or not set at all) and you are
311#       using the "clamd" virus scanner AND clamd is not running as root,
312#       then this must be set to the group clamd is using (from your
313#       clamd.conf), example:
314#       Incoming Work Group = mtagroup
315#       Incoming Work Permissions = 0660
316#
317#		The installer creates a group on your system called "mtagroup"
318#		and adds found users from mail, clamav, postfix, exim, etc
319#		to that group. This combined with Incoming Work Permissions
320#		of 0660 allows file access without errors such as the
321#		infamous ClamAV ./lstat() error.
322Incoming Work User =
323Incoming Work Group = mtagroup
324
325# If you want processes running under the same *group* as MailScanner to
326# be able to read the working files (and list what is in the
327# directories, of course), set to 0640. If you want *all* other users to
328# be able to read them, set to 0644. For a detailed description, if
329# you're not already familiar with it, refer to `man 2 chmod`.
330# Typical use: external helper programs of virus scanners (notably ClamAV),
331# like unpackers.
332# Use with care, you may well open security holes.
333#
334# Note: If the "Run As User" is "root" (or not set at all) and you are
335#       using the "clamd" virus scanner, add the clam daemon user to
336#		the group "mtagroup" and set:
337#       Incoming Work Group = mtagroup
338#       Incoming Work Permissions = 0660
339#
340#		0660 is useful for using a group to allow permissions across
341#		your MTA and virus scanners. the installer creates mtagroup
342#		and adds found users (clamav, postfix, mail, exim) to that
343#		group during the install process
344Incoming Work Permissions = 0660
345
346#
347# Quarantine and Archive Settings
348# -------------------------------
349#
350# If, for example, you are using a web interface so that users can manage
351# their quarantined files, you might want to change the ownership and
352# permissions of the quarantined so that they can be read and/or deleted
353# by the web server.
354# Don't touch this unless you know what you are doing!
355
356# If you want to create the quarantine/archive so the files are owned
357# by a user other than the "Run As User" setting at the top of this file,
358# you can change that here.
359# Note: If the "Run As User" is not "root" then you cannot change the
360#       user but may still be able to change the group, if the
361#       "Run As User" is a member of both of the groups "Run As Group"
362#       and "Quarantine Group".
363Quarantine User =
364Quarantine Group =
365
366# If you want processes running under the same *group* as MailScanner to
367# be able to read the quarantined files (and list what is in the
368# directories, of course), set to 0640. If you want *all* other users to
369# be able to read them, set to 0644. For a detailed description, if
370# you're not already familiar with it, refer to `man 2 chmod`.
371# Typical use: let the webserver have access to the files so users can
372# download them if they really want to.
373# Use with care, you may well open security holes.
374Quarantine Permissions = 0660
375
376#
377# Processing Incoming Mail
378# ------------------------
379#
380
381# In every batch of virus-scanning, limit the maximum
382# a) number of unscanned messages to deliver
383# b) number of potentially infected messages to unpack and scan
384# c) total size of unscanned messages to deliver
385# d) total size of potentially infected messages to unpack and scan
386
387Max Unscanned Bytes Per Scan = 100m
388Max Unsafe Bytes Per Scan = 50m
389Max Unscanned Messages Per Scan = 30
390Max Unsafe Messages Per Scan = 30
391
392# If more messages are found in the queue than this, then switch to an
393# "accelerated" mode of processing messages. This will cause it to stop
394# scanning messages in strict date order, but in the order it finds them
395# in the queue. If your queue is bigger than this size a lot of the time,
396# then some messages could be greatly delayed. So treat this option as
397# "in emergency only".
398Max Normal Queue Size = 800
399
400# If this is set to "yes", then email messages passing through MailScanner
401# will be processed and checked, and all the other options in this file
402# will be used to control what checks are made on the message.
403#
404# If this is set to "no", then email messages will NOT be processed or
405# checked *at all*, and so any viruses or other problems will be ignored.
406#
407# If this is set to "virus", then email messages will only be scanned for
408# viruses and *nothing* else.
409#
410# The purpose of this option is to set it to be a ruleset, so that you
411# can skip all scanning of mail destined for some of your users/customers
412# and still scan all the rest.
413# A sample ruleset would look like this:
414#   To:       bad.customer.com  no
415#   From:     ignore.domain.com no
416#   From:     my.domain.com     virus
417#   FromOrTo: default           yes
418# That will scan all mail except mail to bad.customer.com and mail from
419# ignore.domain.com. To set this up, put the 3 lines above into a file
420# called /etc/MailScanner/rules/scan.messages.rules and set the next line to
421# Scan Messages = %rules-dir%/scan.messages.rules
422# This can also be the filename of a ruleset (as illustrated above).
423Scan Messages = yes
424
425# You may not want to receive mail from certain addresses and/or to certain
426# addresses. If so, you can do this with your email transport (sendmail,
427# Postfix, etc) but that will just send a one-line message which is not
428# helpful to the user sending the message.
429# If this is set to yes, then the message set by the "Rejection Report"
430# will be sent instead, and the incoming message will be deleted.
431# If you want to store a copy of the original incoming message then use the
432# "Archive Mail" setting to archive a copy of it.
433# The purpose of this option is to set it to be a ruleset, so that you
434# can reject messages from a few offending addresses where you need to  send
435# a polite reply instead of just a brief 1-line rejection message.
436Reject Message = no
437
438# Limit the number of attempts made at processing any particular message.
439# If you get a message which repeatedly crashes MailScanner, it will
440# limit the impact by ignoring the message and refusing to process it,
441# after more than the given number of attempts have been made at it.
442# Note that enabling this feature causes a slight performance hit.
443# Set this to 0 to disable the limit and the entire Processing Attempts
444# Database and its requirement for SQLite.
445# This cannot be a ruleset, only a simple value.
446Maximum Processing Attempts = 6
447
448# This is the location of the database file used to track the number of
449# times any message has been attempted.
450# To clear out the database, just delete the file, MailScanner will re-
451# create it automatically when it starts.
452Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db
453
454# The maximum number of attachments allowed in a message before it is
455# considered to be an error. Some email systems, if bouncing a message
456# between 2 addresses repeatedly, add information about each bounce as
457# an attachment, creating a message with thousands of attachments in just
458# a few minutes. This can slow down or even stop MailScanner as it uses
459# all available memory to unpack these thousands of attachments.
460# This can also be the filename of a ruleset.
461Maximum Attachments Per Message = 200
462
463# Expand TNEF attachments using an external program (or a Perl module)?
464# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
465# the facility built-in. However, if you set it to "no", then the filenames
466# within the TNEF attachment will not be checked against the filename rules.
467Expand TNEF = yes
468
469# When the TNEF (winmail.dat) attachments are expanded, should the
470# attachments contained in there be added to the list of attachments in
471# the message?
472# If you set this to "add" or "replace" then recipients of messages sent
473# in "Outlook Rich Text Format" (TNEF) will be able to read the attachments
474# if they are not using Microsoft Outlook.
475#
476# no      => Leave winmail.dat TNEF attachments alone.
477# add     => Add the contents of winmail.dat as extra attachments, but also
478#            still include the winmail.dat file itself. This will result in
479#            TNEF messages being doubled in size.
480# replace => Replace the winmail.dat TNEF attachment with the files it
481#            contains, and delete the original winmail.dat file itself.
482#            This means the message stays the same size, but is usable by
483#            non-Outlook recipients.
484#
485# This can also be the filename of a ruleset.
486Use TNEF Contents = replace
487
488# Some versions of Microsoft Outlook generate unparsable Rich Text
489# format attachments. Do we want to deliver these bad attachments anyway?
490# Setting this to yes introduces the slight risk of a virus getting through,
491# but if you have a lot of troubled Outlook users you might need to do this.
492# We are working on a replacement for the TNEF decoder.
493# This can also be the filename of a ruleset.
494Deliver Unparsable TNEF = no
495
496# Where the MS-TNEF expander is installed.
497# This is EITHER the full command (including maxsize option) that runs
498# the external TNEF expander binary,
499# OR the keyword "internal" which will make MailScanner use the Perl
500# module that does the same job.
501# They are both provided as I am unsure which one is faster and which
502# one is capable of expanding more file formats (there are plenty!).
503#
504# The --maxsize option limits the maximum size that any expanded attachment
505# may be. It helps protect against Denial Of Service attacks in TNEF files.
506# This can also be the filename of a ruleset.
507#TNEF Expander  = internal
508TNEF Expander = /usr/bin/tnef --maxsize=100000000
509
510# The maximum length of time the TNEF Expander is allowed to run for 1 message.
511# (in seconds)
512TNEF Timeout = 120
513
514# Where the "file" command is installed.
515# This is used for checking the content type of files, regardless of their
516# filename.
517# To disable Filetype checking, set this value to blank.
518File Command = /usr/bin/file
519
520# The maximum length of time the "file" command is allowed to run for 1
521# batch of messages (in seconds).
522File Timeout = 20
523
524# Where the "gunzip" command is installed.
525# This is used for expanding .gz files.
526# To disable gzipped file checking, set this value to blank
527# and the timeout to 0.
528Gunzip Command = /bin/gunzip
529
530# The maximum length of time the "gunzip" command is allowed to run to expand
531# 1 attachment file (in seconds).
532Gunzip Timeout = 50
533
534# Where the "unrar" command is installed.
535# If you haven't got this command, look at www.rarlab.com.
536#
537# This is used for unpacking rar archives so that the contents can be
538# checked for banned filenames and filetypes, and also that the
539# archive can be tested to see if it is password-protected.
540# Virus scanning the contents of rar archives is still left to the virus
541# scanner, with one exception:
542# If using the clavavmodule virus scanner, this adds external RAR checking
543# to that scanner which is needed for archives which are RAR version 3.
544Unrar Command = /usr/bin/unrar
545
546# The maximum length of time the "unrar" command is allowed to run for 1
547# RAR archive (in seconds)
548Unrar Timeout = 50
549
550# Used as unpacking engine for multiple archive formats
551Un7zip Command = /usr/bin/7z
552
553# The maximum length of time the "7z" command is allowed to run for 1
554# 7zip or other 7zip compatible archive (in seconds)
555Un7zip Timeout = 50
556
557# A few viruses store their infected data in UU-encoded files, to try to
558# catch out virus scanners. This rarely succeeds at all.
559# Setting this option to yes means that you can apply filename and filetype
560# checks to the contents of UU-encoded files. This may occasionally be
561# useful, in which case you should set to yes.
562# This can also be the filename of a ruleset.
563Find UU-Encoded Files = no
564
565# The maximum size, in bytes, of any message including the headers.
566# If this is set to zero, then no size checking is done.
567# This can also be the filename of a ruleset, so you can have different
568# settings for different users. You might want to set this quite small for
569# dialup users so their email applications don't time out downloading huge
570# messages.
571Maximum Message Size = %rules-dir%/max.message.size.rules
572
573# The maximum size, in bytes, of any attachment in a message.
574# If this is set to zero, effectively no attachments are allowed.
575# If this is set less than zero, then no size checking is done.
576# This can also be the filename of a ruleset, so you can have different
577# settings for different users. You might want to set this quite small for
578# large mailing lists so they don't get deluged by large attachments.
579# This can also be the filename of a ruleset.
580Maximum Attachment Size = -1
581
582# The minimum size, in bytes, of any attachment in a message.
583# If this is set less than or equal to zero, then no size checking is done.
584# It is very useful to set this to 1 as it removes any zero-length
585# attachments which may be created by broken viruses.
586# This can also be the filename of a ruleset.
587Minimum Attachment Size = -1
588
589# The maximum depth to which zip archives, rar archives and Microsoft Office
590# documents will be unpacked, to allow for checking filenames and filetypes
591# within zip and rar archives and embedded within Office documents.
592#
593# Note: This setting does *not* affect virus scanning in archives at all.
594#
595# To disable this feature set this to 0.
596# A common useful setting is this option = 0, and Allow Password-Protected
597# Archives = no. That block password-protected archives but does not do
598# any filename/filetype checks on the files within the archive.
599# This can also be the filename of a ruleset.
600Maximum Archive Depth = 8
601
602# Find zip archives by filename or by file contents?
603# Finding them by content is a far more reliable way of finding them, but
604# it does mean that you cannot tell your users to avoid zip file checking
605# by renaming the file from ".zip" to "_zip" and tricks like that.
606# Only set this to no (i.e. check by filename only) if you don't want to
607# reliably check the contents of zip files. Note this does not affect
608# virus checking, but it will affect all the other checks done on the contents
609# of the zip file.
610# This can also be the filename of a ruleset.
611Find Archives By Content = yes
612
613# Do you want to unpack Microsoft "OLE" documents, such as *.doc, *.xls
614# and *.ppt documents? This will extract any files which have been hidden
615# by being embedded in these documents.
616# There are one or two minor bugs in the third-party code that does the
617# processing of these files, so it can cause MailScanner to hang in very
618# rare cases.
619# ClamAV has its own OLE unpacking code, so you can safely switch this off
620# if you just rely on ClamAV for your virus-scanning. Note that this will,
621# however, disabled all filename and filetype checking of embedded files.
622# This can also be the filename of a ruleset.
623Unpack Microsoft Documents = yes
624
625# Should the attachments be compressed and put into a single zip file?
626# This can also be the filename of a ruleset.
627Zip Attachments = no
628
629# If the attachments are to be compressed into a single zip file,
630# this is the filename of the zip file.
631# This can also be the filename of a ruleset.
632Attachments Zip Filename = MessageAttachments.zip
633
634# If the original total size of all the attachments to be compressed is
635# less than this number of bytes, they will not be zipped at all.
636# This can also be the filename of a ruleset.
637Attachments Min Total Size To Zip = 100k
638
639# Attachments whose filenames end in these strings will not be zipped.
640# This can also be the filename of a ruleset.
641Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml
642
643# Do you want to add the plain text contents of Microsoft Word documents?
644# This feature uses the 'antiword' program available from
645# http://www.winfield.demon.nl/
646# For those of you running on Linux, you can get RPMs and SRPMs from
647# http://www.volny.cz/zellerin/rpmmenu.html
648# It is switched off by default, as it causes a slight performance hit.
649# This can also be the filename of a ruleset.
650Add Text Of Doc = no
651
652# Location and full command of the "antiword" program
653# Using a ruleset here, you could have different output styles for
654# different people.
655# This can also be the filename of a ruleset.
656Antiword = /usr/bin/antiword -f
657
658# The maximum length of time the "antiword" command is allowed to run for 1
659# Word document (in seconds)
660Antiword Timeout = 50
661
662# MailScanner can automatically unpack small archives,
663# so you don't have to go through several extra clicks to extract small
664# files from automatically-generated emailed archives.
665#
666# This is the maximum number of files in each archive. If an archive contains
667# more files than this, we do not try to unpack it at all.
668# Set this value to 0 to disable this feature.
669# This can also be the filename of a ruleset.
670Unzip Maximum Files Per Archive = 0
671
672# The maximum unpacked size of each file in an archive. Bigger than this, and
673# the file will not be unpacked. Setting this value to 0 will disable this
674# feature completely.
675# This can also be the filename of a ruleset.
676Unzip Maximum File Size = 50k
677
678# The list of filename extensions that should be unpacked.
679# This can also be the filename of a ruleset.
680Unzip Filenames = *.txt *.ini *.log *.csv
681
682# The MIME type of the files unpacked from the archive.
683# If you are using it for mostly text files, then use "text/plain".
684# If you are using it for mostly binary files, then use
685# "application/octet-stream".
686# This can also be the filename of a ruleset.
687Unzip MimeType = text/plain
688
689
690#
691# Virus Scanning and Vulnerability Testing
692# ----------------------------------------
693#
694
695# Do you want to scan email for viruses?
696# A few people don't have a virus scanner licence and so want to disable
697# all the virus scanning.
698# If you use a ruleset for this setting, then the mail will be scanned if
699# *any* of the rules match (except the default). That way unscanned mail
700# never reaches a user who is having their mail virus-scanned.
701#
702# If you want to be able to switch scanning on/off for different users or
703# different domains, set this to the filename of a ruleset.
704# This can also be the filename of a ruleset.
705Virus Scanning = yes
706
707# Which Virus Scanning package(s) to use:
708# avast     from www.avast.com
709# avastd    the daemon version from www.avast.com
710# sophos    from www.sophos.com
711# sophossavi (also from www.sophos.com, using the SAVI perl module)
712# savid     (also from www.sophos.com, using the SAVID daemon)
713# bitdefender from www.bitdefender.com
714# esets     from www.eset.com
715# f-secure  from www.f-secure.com
716# f-secured the daemon version of f-secure from www.f-secure.com
717# f-protd-6 the daemon version of f-prot 6 from www.f-prot.com
718# clamav    Removed, use clamd
719# clamavmodule Removed, use clamd
720# clamd     (also from www.clamav.net using the clamd daemon)
721#           *Note: read the comments above the "Incoming Work Group" setting*,
722# avg       from www.grisoft.com
723# generic   Other virus scanner: edit the generic-wrapper and generic-autoupdate
724#           to fit your own needs. The output spec is in generic-wrapper, or
725# drweb     from www.drweb.com (note: this is a commercial scanner)
726# kse       Kaspersky Scan Engine from www.kaspersky.com
727#           (note: this is a commercial scanner)
728# none      No virus scanning at all.
729#
730#
731# Note: If you want to use multiple virus scanners, then this should be a
732#       space-separated list of virus scanners. For example:
733#       Virus Scanners = sophos f-prot mcafee
734#
735# Note: Make sure that you check that the base installation directory in the
736#       3rd column of virus.scanners.conf matches the location you have
737#       installed each of your virus scanners. The supplied
738#       virus.scanners.conf file assumes the default installation locations
739#       recommended by each of the virus scanner installation guides.
740#
741# Note: If you specify "auto" then MailScanner will search for all the
742#       scanners you have installed and will use all of them. If you really
743#       want none, then specify "none".
744#
745# This *cannot* be the filename of a ruleset.
746Virus Scanners = auto
747
748# The maximum length of time the virus scanner is allowed to run
749# for 1 batch of messages (in seconds).
750Virus Scanner Timeout = 300
751
752# Should I attempt to disinfect infected attachments and then deliver
753# the clean ones. "Disinfection" involves removing viruses from files
754# (such as removing macro viruses from documents). "Cleaning" is the
755# replacement of infected attachments with "VirusWarning.txt" text
756# attachments.
757# Less than 1% of viruses in the wild can be successfully disinfected,
758# as macro viruses are now a rare occurrence. So the default has been
759# changed to "no" as it gives a significant performance improvement.
760#
761# This can also be the filename of a ruleset.
762Deliver Disinfected Files = no
763
764# Strings listed here will be searched for in the output of the virus scanners.
765# It is used to list which viruses should be handled differently from other
766# viruses. If a virus name is given here, then
767# 1) The sender will not be warned that he sent it
768# 2) No attempt at true disinfection will take place
769#    (but it will still be "cleaned" by removing the nasty attachments
770#     from the message)
771# 3) The recipient will not receive the message,
772#    unless the "Still Deliver Silent Viruses" option is set
773# Other words that can be put in this list are the 5 special keywords
774#    HTML-IFrame   : inserting this will stop senders being warned about
775#                    HTML Iframe tags, when they are not allowed.
776#    HTML-Codebase : inserting this will stop senders being warned about
777#                    HTML Object Codebase/Data tags, when they are not allowed.
778#    HTML-Script   : inserting this will stop senders being warned about
779#                    HTML Script tags, when they are not allowed.
780#    HTML-Form     : inserting this will stop senders being warned about
781#                    HTML Form tags, when they are not allowed.
782#    Zip-Password  : inserting this will stop senders being warned about
783#                    password-protected zip files, when they are not allowed.
784#                    This keyword is not needed if you include All-Viruses.
785#    All-Viruses   : inserting this will stop senders being warned about
786#                    any virus, while still allowing you to warn senders
787#                    about HTML-based attacks. This includes Zip-Password
788#                    so you don't need to include both.
789#
790# The default of "All-Viruses" means that no senders of viruses will be
791# notified (as the sender address is always forged these days anyway),
792# but anyone who sends a message that is blocked for other reasons will
793# still be notified.
794#
795# This can also be the filename of a ruleset.
796Silent Viruses = HTML-IFrame All-Viruses
797
798# Still deliver (after cleaning) messages that contained viruses listed
799# in the above option ("Silent Viruses") to the recipient?
800# Setting this to "yes" is good when you are testing everything, and
801# because it shows management that MailScanner is protecting them,
802# but it is bad because they have to filter/delete all the incoming virus
803# warnings.
804#
805# Note: Once you have deployed this into "production" use, you should set
806# Note: this option to "no" so you don't bombard thousands of people with
807# Note: useless messages they don't want!
808#
809# This can also be the filename of a ruleset.
810Still Deliver Silent Viruses = no
811
812# Do you want to still scan the message for spam?
813# Setting this to yes will allow a message with a
814# silent virus to proceed with spam checks and not be deleted immediately.
815# Silent viruses will be replaced with a warning message by default.
816#
817# This can be a filename of a ruleset.
818Still Scan Silent Viruses = no
819
820# If Still Deliver Silent Viruses is yes, do you want to deliver the
821# message unmodified?
822#
823# Warning: This is dangerous and should only be used if the
824# silent viruses you are targeting are safe.
825# Even so, a message could still have other viruses that could
826# come through with this setting enabled on the message payload.
827#
828# MailScanner versions <= to 5.1.3-2 actually did this by default
829# when Still Deliver Silent Viruses was set to yes. This setting exists
830# to remove this behavior by default in 5.1.4 onward.
831#
832# The subject line will still be modified if configured to do so for
833# virus infected messages, which is consistent with the old behavior.
834#
835# This can be a filename of a ruleset.
836Still Deliver Silent Viruses Unmodified = no
837
838# Strings listed here will be searched for in the output of the virus scanners.
839# It works to achieve the opposite effect of the "Silent Viruses" listed above.
840# If a string here is found in the output of the virus scanners, then the
841# message will be treated as if it were not infected with a "Silent Virus".
842# If a message is detected as both a silent virus and a non-forging virus,
843# then the ___non-forging status will override the silent status.___
844# In simple terms, you should list virus names (or parts of them) that you
845# know do *not* forge the From address.
846# A good example of this is a document macro virus or a Joke program.
847# Another word that can be put in this list is the special keyword
848#    Zip-Password  : inserting this will cause senders to be warned about
849#                    password-protected zip files, when they are not allowed.
850#                    This will over-ride the All-Viruses setting in the list
851#                    of "Silent Viruses" above.
852#
853Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar
854
855# Some virus scanners now use their signatures to detect spam as well as
856# viruses. These "viruses" are called "spam-viruses". When they are found
857# the following header will be added to your message before it is passed to
858# SpamAssassin, listing all the "spam-viruses" that were found as a comma-
859# separated list.
860# This can also be the filename of a ruleset.
861Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:
862
863# This defines which virus reports from your virus scanners are really the
864# names of "spam-viruses" as described in the "Spam-Virus Header" section
865# above. This is a space-separated list of strings which can contain "*"
866# wildcards to mean "any string of characters", and which will match the
867# whole name of the virus reported by your virus scanner. So for example
868# "HTML/*" will match all virus names which start with the string "HTML/".
869# The supplied example is suitable for F-Prot6 and the SaneSecurity
870# databases for ClamAV. The test is case-sensitive.
871# This cannot be a ruleset, it must be a simple value as described.
872Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
873
874# Should encrypted messages be blocked?
875# This is useful if you are wary about your users sending encrypted
876# messages to your competition.
877# This can be a ruleset so you can block encrypted message to certain domains.
878Block Encrypted Messages = no
879
880# Should unencrypted messages be blocked?
881# This could be used to ensure all your users send messages outside your
882# company encrypted to avoid snooping of mail to your business partners.
883# This can be a ruleset so you can just check mail to certain users/domains.
884Block Unencrypted Messages = no
885
886# Should archives which contain any password-protected files be allowed?
887# Leaving this set to "no" is a good way of protecting against all the
888# protected zip files used by viruses at the moment.
889# This can also be the filename of a ruleset.
890Allow Password-Protected Archives = no
891
892# Normally, you can still get the filenames out of a password-protected
893# archive, despite the encryption. So by default filename checks are still
894# done on these files. However, some people want to suppress this checking
895# as they allow a few people to receive password-protected archives that
896# contain things such as .exe's as part of their business needs. This option
897# can be used to suppress filename checks inside password-protected archives.
898# This can also be the filename of a ruleset.
899Check Filenames In Password-Protected Archives = yes
900
901#
902# Options specific to Sophos Anti-Virus
903# -------------------------------------
904#
905
906# Anything on the next line that appears in brackets at the end of a line
907# of output from Sophos will cause the error/infection to be ignored.
908# Use of this option is dangerous, and should only be used if you are having
909# trouble with lots of corrupt PDF files, for example.
910# If you need to specify more than 1 string to find in the error message,
911# then put each string in quotes and separate them with a comma.
912# For example:
913#Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date", "Password protected file"
914Allowed Sophos Error Messages =
915
916# The directory (or a link to it) containing all the Sophos *.ide files.
917# This is only used by the "sophossavi" virus scanner, and is irrelevant
918# for all other scanners.
919Sophos IDE Dir = /opt/sophos-av/lib/sav
920
921# The directory (or a link to it) containing all the Sophos *.so libraries.
922# This is only used by the "sophossavi" virus scanner, and is irrelevant
923# for all other scanners.
924Sophos Lib Dir = /opt/sophos-av/lib
925
926# SophosSAVI only: monitor each of these files for changes in size to
927# detect when a Sophos update has happened. The date of the Sophos Lib Dir
928# is also monitored.
929# This is only used by the "sophossavi" virus scanner, not the "sophos"
930# scanner setting.
931Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide
932
933# SophosSAVID only: location of the socket
934SAVID Socket = /var/lib/savdid/savdid.sock
935
936#
937# Options specific to ClamAV Anti-Virus
938# -------------------------------------
939#
940
941# Removed
942# ClamAVModule only: monitor each of these files for changes in size to
943# detect when a ClamAV update has happened.
944# This is only used by the "clamavmodule" virus scanner, not the "clamav"
945# scanner setting.
946# Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd /var/lib/clamav/*.inc/* /var/lib/clamav/*.?db /var/lib/clamav/*.cvd
947
948# ClamAVModule only: set limits when scanning for viruses.
949#
950# The maximum recursion level of archives,
951# The maximum number of files per batch,
952# The maximum file of each file,
953# The maximum compression ratio of archive.
954# These settings *cannot* be the filename of a ruleset, only a simple number.
955# ClamAVmodule Maximum Recursion Level = 8
956# ClamAVmodule Maximum Files = 1000
957# ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
958# ClamAVmodule Maximum Compression Ratio = 250
959
960# Clamd only: configuration options for using the clamd daemon.
961# 1. The port to use when communicating with clamd via TCP connection
962# 2. The Socket, or IP to use for communicating with the clamd Daemon.
963#    You enter either the full path to the UNIX socket file or the IP
964#    address the daemon is listening on.
965# 3. The ClamD Lock file should be created by clamd init script in most
966#    cases. If it is not then the entry should be blank.
967# 4. If MailScanner is running on a system with more then 1 CPU core (or
968#    more than 1 CPU) then you can set "Clamd Use Threads" to "yes" to
969#    speed up the scanning, otherwise there is no advantage and it should
970#    be set to "no".
971#
972# None of these options can be the filenames of rulesets, they must be just
973# simple values.
974Clamd Port = 3310
975Clamd Socket = /var/run/clamd.scan/clamd.sock
976Clamd Lock File = # /var/lock/subsys/clamd
977Clamd Use Threads = yes
978
979# There are now sets of signatures available from places such as
980# www.sanesecurity.co.uk which use ClamAV to detect spam. Some of these
981# signatures rely on being passed the whole message as one file. By setting
982# this option to "yes", each entire message is written out to the scanning
983# area, thus enabling these signatures to work reliably.
984# It has a slight speed impact but is worth it for the extra spam-spotting
985# ability.
986#
987# This option cannot be the filename of a ruleset, it must be "yes" or "no".
988ClamAV Full Message Scan = yes
989
990#
991# Options specific to F-Protd-6 Anti-Virus
992# ----------------------------------------
993#
994# This is the port number used by the local fpscand daemon. 10200 is the
995# default value used by the F-Prot 6 installation program, and so should
996# be correct.
997# This option cannot be the filename of a ruleset, it must be a number.
998Fpscand Port = 10200
999
1000#
1001# Options specific to Kaspersky Scan Engine (kse)
1002# -----------------------------------------------
1003# kse only: configuration options for using the kse daemon.
1004# 1. The port to use when communicating with kse via TCP connection
1005# 2. The Socket, or IP to use for communicating with the kse Daemon.
1006#    You enter either the full path to the UNIX socket file or the IP
1007#    address the daemon is listening on.
1008Kse Port = 9999
1009Kse Socket = /var/run/kse/kse.sock
1010
1011# Options specific to Avastd Anti-Virus
1012# -------------------------------------
1013# This is the unix socket used by the local Avastd daemon.
1014# /var/run/avast/scan.sock is the default location
1015# This option cannot be the filename of a ruleset, it must be a path.
1016Avastd Socket = /var/run/avast/scan.sock
1017
1018#
1019# Options specific to F-Secure Anti-Virus (f-secured)
1020# ---------------------------------------------------
1021# This is the unix socket used by the local F-Secure daemon.
1022# /tmp/.fsav-0 is the default location
1023# This option cannot be the filename of a ruleset, it must be a path.
1024Fsecure Socket = /tmp/.fsav-0
1025
1026#
1027# Removing/Logging dangerous or potentially offensive content
1028# -----------------------------------------------------------
1029#
1030
1031# Do you want to scan the messages for potentially dangerous content?
1032# Setting this to "no" will disable all the content-based checks except
1033# Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
1034# This can also be the filename of a ruleset.
1035Dangerous Content Scanning = yes
1036
1037# Do you want to allow partial messages, which only contain a fraction of
1038# the attachments, not the whole thing? There is absolutely no way to
1039# scan these "partial messages" properly for viruses, as MailScanner never
1040# sees all of the attachment at the same time. Enabling this option can
1041# allow viruses through. You have been warned.
1042# This can also be the filename of a ruleset so you can, for example, allow
1043# them in outgoing mail but not in incoming mail.
1044Allow Partial Messages = no
1045
1046# Do you want to allow messages whose body is stored somewhere else on the
1047# internet, which is downloaded separately by the user's email package?
1048# There is no way to guarantee that the file fetched by the user's email
1049# package is free from viruses, as MailScanner never sees it.
1050# This feature is dangerous as it can allow viruses to be fetched from
1051# other Internet sites by a user's email package. The user would just
1052# think it was a normal email attachment and would have been scanned by
1053# MailScanner.
1054# It is only currently supported by Netscape 6 anyway, and the only people
1055# who use it are the IETF. So I would strongly advise leaving this switched off.
1056# This can also be the filename of a ruleset.
1057Allow External Message Bodies = no
1058
1059# Do you want to check for "Phishing" attacks?
1060# These are attacks that look like a genuine email message from your bank,
1061# which contain a link to click on to take you to the web site where you
1062# will be asked to type in personal information such as your account number
1063# or credit card details.
1064# Except it is not the real bank's web site at all, it is a very good copy
1065# of it run by thieves who want to steal your personal information or
1066# credit card details.
1067# These can be spotted because the real address of the link in the message
1068# is not the same as the text that appears to be the link.
1069# Note: This does cause extra load, particularly on systems receiving lots
1070#       of spam such as secondary MX hosts.
1071# This can also be the filename of a ruleset.
1072Find Phishing Fraud = yes
1073
1074# While detecting "Phishing" attacks, do you also want to point out links
1075# to numeric IP addresses. Genuine links to totally numeric IP addresses
1076# are very rare, so this option is set to "yes" by default. If a numeric
1077# IP address is found in a link, the same phishing warning message is used
1078# as in the Find Phishing Fraud option above.
1079# This can also be the filename of a ruleset.
1080Also Find Numeric Phishing = yes
1081
1082# If this is set to yes, then most of the URL in a link must match the
1083# destination address it claims to take you to. This is the default as it is
1084# a much stronger test and is very hard to maliciously avoid.
1085# If this is set to no, then just the company name and country (and any
1086# names between the two, dependent on the specific country) must match.
1087# This is not as strict as it will not protect you against internal
1088# malicious sites based within the company being abused. For example, it would
1089# not find www.nasty.company-name.co.uk pretending to be
1090# www.nice.company-name.co.uk. But it will still detect most phishing attacks
1091# of the type www.nasty.co.jp versus www.nice.co.jp.
1092# Depending on the country code it knows how many levels of domain need to
1093# be checked.
1094# This can also be the filename of a ruleset.
1095Use Stricter Phishing Net = yes
1096
1097# If a phishing fraud is detected, do you want to highlight the tag with
1098# a message stating that the link may be to a fraudulent web site.
1099# This can also be the filename of a ruleeset.
1100Highlight Phishing Fraud = yes
1101
1102# Do you want to highlight links that do not show a URL to the user?
1103Highlight Hidden URLs = no
1104
1105# Do you want Highlight Phishing in mailto: links?
1106Highlight Mailto Phishing = yes
1107
1108# There are some companies, such as banks, that insist on sending out
1109# email messages with links in them that are caught by the "Find Phishing
1110# Fraud" test described above.
1111# This is a space-separated list of the names of files which contain a
1112# list of link destinations which should be ignored in the test. This may,
1113# for example, contain the known websites of some banks.
1114# See the file itself for more information.
1115# This can only be the names of the files containing the list, it *cannot*
1116# be the filename of a ruleset.
1117Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
1118
1119# As an opposite to the "safe" list above, there is also a live continuously-
1120# updated list of known bad sites, which will always trigger the "Find
1121# Phishing Fraud" test described above.
1122# This is a space-separated list of the names of files which contain
1123# a list of link destinations which should always trigger the test. This
1124# file should be updated hourly.
1125# This can only be the name of the file containing the list, it *cannot*
1126# be the filename of a ruleset.
1127Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
1128
1129# This file lists all the countries that use 2nd-level and 3rd-level
1130# domain names to classify distinct types of website within their country.
1131# This cannot be the name of a ruleset, it is just a simple setting.
1132Country Sub-Domains List = %etc-dir%/country.domains.conf
1133
1134# Do you want to allow <IFrame> tags in email messages? This is not a good
1135# idea as it allows various Microsoft Outlook security vulnerabilities to
1136# remain unprotected, but if you have a load of mailing lists sending them,
1137# then you will want to allow them to keep your users happy.
1138# Value: yes     => Allow these tags to be in the message
1139#        no      => Ban messages containing these tags
1140#        disarm  => Allow these tags, but stop these tags from working
1141# This can also be the filename of a ruleset, so you can allow them from
1142# known mailing lists but ban them from everywhere else.
1143Allow IFrame Tags = disarm
1144
1145# Do you want to allow <Form> tags in email messages? This is a bad idea
1146# as these are used as scams to pursuade people to part with credit card
1147# information and other personal data.
1148# Value: yes     => Allow these tags to be in the message
1149#        no      => Ban messages containing these tags
1150#        disarm  => Allow these tags, but stop these tags from working
1151#                   Note: Disarming can be defeated, it is not 100% safe!
1152# This can also be the filename of a ruleset.
1153Allow Form Tags = disarm
1154
1155# Do you want to allow <Script> tags in email messages? This is a bad idea
1156# as these are used to exploit vulnerabilities in email applications and
1157# web browsers.
1158# Value: yes     => Allow these tags to be in the message
1159#        no      => Ban messages containing these tags
1160#        disarm  => Allow these tags, but stop these tags from working
1161#                   Note: Disarming can be defeated, it is not 100% safe!
1162# This can also be the filename of a ruleset.
1163Allow Script Tags = disarm
1164
1165# Do you want to allow <Img> tags with very small images in email messages?
1166# This is a bad idea as these are used as 'web bugs' to find out if a message
1167# has been read. It is not dangerous, it is just used to make you give away
1168# information.
1169# Value: yes     => Allow these tags to be in the message
1170#        disarm  => Allow these tags, but stop these tags from working
1171#                   Note: Disarming can be defeated, it is not 100% safe!
1172# Note: You cannot block messages containing web bugs as their detection
1173#       is very vulnerable to false alarms.
1174# This can also be the filename of a ruleset.
1175Allow WebBugs = disarm
1176
1177# This is a list of filenames (or parts of filenames) that may appear in
1178# the filename of a web bug URL. They are only checked in the filename,
1179# not any directories or hostnames in the URL of the possible web bug.
1180#
1181# If it appears, then the web bug is assumed to be a harmless "spacer" for
1182# page layout purposes and not a real web bug at all.
1183# It should be a space- and/or comma-separated list of filename parts.
1184#
1185# Note: Use this with care, as spammers may use this to circumvent the
1186#       web bug trap. It is disabled by default because of this problem.
1187#
1188# This can also be the filename of a ruleset.
1189#Ignored Web Bug Filenames = spacer pixel.gif pixel.png
1190Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim
1191
1192# This is a list of server names (or parts of) which are known to host web
1193# bugs. All images from these hosts will be replaced by the "Web Bug
1194# Replacement" defined below.
1195# This can also be the filename of a ruleset.
1196Known Web Bug Servers = msgtag.com
1197
1198# When a web bug is found, what image do you want to replace it with?
1199# By replacing it with a real image, the page layout still works properly,
1200# so the formatting and layout of the message is correct.
1201# The following is a harmless untracked 1x1 pixel transparent image.
1202# If this is not specified, the the old value of "MailScannerWebBug" is used,
1203# which of course is not an image and may well upset layout of the email.
1204# This can also be the filename of a ruleset.
1205Web Bug Replacement = https://s3.amazonaws.com/msv5/images/spacer.gif
1206
1207# Do you want to allow <Object Codebase=...> or <Object Data=...> tags
1208# in email messages?
1209# This is a bad idea as it leaves you unprotected against various
1210# Microsoft-specific security vulnerabilities. But if your users demand
1211# it, you can do it.
1212# Value: yes     => Allow these tags to be in the message
1213#        no      => Ban messages containing these tags
1214#        disarm  => Allow these tags, but stop these tags from working
1215# This can also be the filename of a ruleset, so you can allow them just
1216# for specific users or domains.
1217Allow Object Codebase Tags = disarm
1218
1219# This option interacts with the "Allow ... Tags" options above like this:
1220#
1221# Allow...Tags    Convert Danger...    Action Taken on HTML Message
1222# ============    =================    ============================
1223#    no              no                Blocked
1224#    no              yes               Blocked
1225#    disarm          no                Specified HTML tags disarmed
1226#    disarm          yes               Specified HTML tags disarmed
1227#    yes             no                Nothing, allowed to pass
1228#    yes             yes               All HTML tags stripped
1229#
1230# If an "Allow ... Tags = yes" is triggered by a message, and this
1231# "Convert Dangerous HTML To Text" is set to "yes", then the HTML
1232# message will be converted to plain text.  This makes the HTML
1233# harmless, while still allowing your users to see the text content
1234# of the messages.  Note that all graphical content will be removed.
1235#
1236# This can also be the filename of a ruleset, so you can make this apply
1237# only to specific users or domains.
1238Convert Dangerous HTML To Text = no
1239
1240# Do you want to convert all HTML messages into plain text?
1241# This is very useful for users who are children or are easily offended
1242# by nasty things like pornographic spam.
1243# This can also be the filename of a ruleset, so you can switch this
1244# feature on and off for particular users or domains.
1245Convert HTML To Text = no
1246
1247#
1248# Attachment Filename Checking
1249# ----------------------------
1250#
1251
1252# There are now 2 sets of configurations for filename and filetype checking.
1253# One set applies to files found within attachments which are archives,
1254# their names start with "Archives:".
1255# The other set of configuration options applies to normal attachments,
1256# their names do *not* start with "Archives:".
1257
1258# What sort of attachments are considered to be archives?
1259# You may well consider, for example, zip and rar files to be archives, but
1260# maybe TNEF files to not be archives as they are really just another way
1261# of supplying attachments that is only used by Microsoft Exchange and Outlook.
1262# This is a space-separated list of the types which are treated as archives.
1263# Valid keywords within this are:
1264#       zip  -- Zip files and Microsoft Office 2007 documents
1265#       rar  -- Rar archives
1266#       uu   -- UU-encoded files
1267#       ole  -- Microsoft ".doc" and ".xls" and ".ppt" files
1268#       tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook
1269Archives Are = zip rar ole
1270
1271# To simplify web-based configuration systems, there are now two extra
1272# settings here. They are both intended for use with normal rulesets
1273# that you would expect to find in %rules-dir%. The first gives a list
1274# of patterns to match against the attachment filenames, and a filename
1275# is allowed if it matches any of these patterns. The second gives the
1276# the equivalent list for patterns that are used to deny filenames.
1277# If either of these match at all, then filename.rules.conf is ignored
1278# for that filename.
1279# So you can easily have a set like this:
1280# Allow Filenames = \.txt$ \.pdf$
1281# Deny  Filenames = \.com$ \.exe$ \.cpl$ \.pif$
1282# which is a lot simpler than having to handle filename.rules.conf!
1283# It is far simpler when you want to change the allowed+denied list for
1284# different domains/addresses, as you can use the filename of a simple
1285# ruleset here instead.
1286# NOTE: The filename and filetype rules are separate, so if you want to
1287#       allow executable *.exe files you will need at least
1288#           Allow Filenames = \.exe$
1289#           Allow Filetypes = executable
1290#       to make it pass both tests. If either test denies the attachment
1291#       then it will be blocked.
1292
1293# Allow any attachment filenames matching any of the patterns listed here.
1294# If this setting is empty, it is ignored and no matches are made.
1295# This can also be the filename of a ruleset.
1296Allow Filenames =
1297
1298# Deny any attachment filenames matching any of the patterns listed here.
1299# If this setting is empty, it is ignored and no matches are made.
1300# This can also be the filename of a ruleset.
1301Deny Filenames =
1302
1303#
1304# Set where to find the attachment filename ruleset.
1305# The structure of this file is explained elsewhere, but it is used to
1306# accept or reject file attachments based on their name, regardless of
1307# whether they are infected or not.
1308#
1309# This can also point to a ruleset, but the ruleset filename must end in
1310# ".rules" so that MailScanner can determine if the filename given is
1311# a ruleset or not!
1312Filename Rules = %etc-dir%/filename.rules.conf
1313
1314# To simplify web-based configuration systems, there are now two extra
1315# settings here. They are both intended for use with normal rulesets
1316# that you would expect to find in %rules-dir%. The first gives a list
1317# of patterns to match against the attachment filetypes, and a filetype
1318# is allowed if it matches any of these patterns. The second gives the
1319# the equivalent list for patterns that are used to deny filetypes.
1320# If either of these match at all, then filetype.rules.conf is ignored
1321# for that filetype.
1322# So you can easily have a set like this:
1323# Allow Filetypes = script postscript
1324# Deny  Filetypes = executable MPEG
1325# Allow MIME Filetypes = text/plain text/html
1326# Deny  MIME Filetypes = dosexec
1327# which is a lot simpler than having to handle filetype.rules.conf!
1328# It is far simpler when you want to change the allowed+denied list for
1329# different domains/addresses, as you can use the filetype of a simple
1330# ruleset here instead.
1331
1332# Allow any attachment filetypes matching any of the patterns listed here.
1333# If this setting is empty, it is ignored and no matches are made.
1334# This can also be the filename of a ruleset.
1335Allow Filetypes =
1336
1337# Allow any attachment MIME types matching any of the patterns listed here.
1338# If this setting is empty, it is ignored and no matches are made.
1339# This can also be the filename of a ruleset.
1340Allow File MIME Types =
1341
1342# Deny any attachment filetypes matching any of the patterns listed here.
1343# If this setting is empty, it is ignored and no matches are made.
1344# This can also be the filename of a ruleset.
1345Deny Filetypes =
1346
1347# Deny any attachment MIME types matching any of the patterns listed here.
1348# If this setting is empty, it is ignored and no matches are made.
1349# This can also be the filename of a ruleset.
1350Deny File MIME Types =
1351
1352# Set where to find the attachment filetype ruleset.
1353# The structure of this file is explained elsewhere, but it is used to
1354# accept or reject file attachments based on their content as determined
1355# by the "file" command, regardless of whether they are infected or not.
1356#
1357# This can also point to a ruleset, but the ruleset filename must end in
1358# ".rules" so that MailScanner can determine if the filename given is
1359# a ruleset or not!
1360#
1361# To disable this feature, set this to just "Filetype Rules =" or set
1362# the location of the file command to a blank string.
1363Filetype Rules = %etc-dir%/filetype.rules.conf
1364
1365# These are the equivalent of the settings above, except they apply to
1366# files which are contained within "archives", as defined by the
1367# "Archives Are" setting at the top of this section.
1368# They can all be rulesets.
1369Archives: Allow Filenames =
1370Archives: Deny Filenames =
1371Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
1372Archives: Allow Filetypes =
1373Archives: Allow File MIME Types =
1374Archives: Deny Filetypes =
1375Archives: Deny File MIME Types =
1376Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf
1377
1378# In the "Filename Rules" and "Filetype Rules" rule files, you can
1379# say that you want particular attachment names or types to be "disarmed"
1380# by being renamed. See the sample files for examples of this.
1381#
1382# The "rename" rules in filetype.rules.conf rename attachments that match
1383# the rule according to this setting, where the string "__FILENAME__" will
1384# be replaced with the attachment's original filename.
1385#
1386# In filename.rules.conf, it is a little more complex. They can work just
1387# like the filetype rules.conf version explained in the previous paragraph,
1388# or else the "rename" instruction can also supply the replacement text.
1389# For example, a rule starting
1390# rename to .txt	\.reg$	.....
1391# will match all attachment filenames ending in ".reg" and replace the
1392# ".reg" with ".txt".
1393#
1394# The "rename" rules change the filename of the attachment as described
1395# above, so that either
1396# (a) the user cannot simply double-click on the attachment, but must save
1397#     it then rename it back to its original name; only then can they
1398#     double-click on the file.
1399# OR
1400# (b) the action taken when the user double-clicks on the file will be
1401#     changed. In the "reg"/"txt" example above, the file will be opened
1402#     for editing rather than immediately merged into the user's Windows
1403#     Registry, which could have had disastrous consequences.
1404#
1405# This provides a simple safeguard so that users have to consciously
1406# think about what they are doing, and do not accidentally take actions
1407# they would probably regret. In some situations this is better than
1408# just denying the file completely, as the user can still see the attachment
1409# they were sent.
1410#
1411# This can also be the filename of a ruleset.
1412Default Rename Pattern = __FILENAME__.disarmed
1413
1414#
1415# Reports and Responses
1416# ---------------------
1417#
1418
1419# Do you want to store copies of the infected attachments and messages?
1420# This can also be the filename of a ruleset.
1421Quarantine Infections = yes
1422
1423# There is no point quarantining most viruses these days as the infected
1424# messages contain no useful content, so if you set this to "no" then no
1425# infections listed in your "Silent Viruses" setting will be quarantined,
1426# even if you have chosen to quarantine infections in general. This is
1427# currently set to "yes" so the behaviour is the same as it was in
1428# previous versions.
1429# This can also be the filename of a ruleset.
1430Quarantine Silent Viruses = no
1431
1432# Do you want to store copies of messages which have been disarmed by
1433# Denial of Service protection?
1434# This can also be the filename of a ruleset.
1435Quarantine Denial Of Service = yes
1436
1437# Do you want to ignore denial of service messages during disarming?
1438# WARNING: This does not solve pipe failures during disarming
1439# and should be used only when absolutely necessary.
1440# This can also be the filename of a ruleset.
1441Ignore Denial Of Service = no
1442
1443# Do you want to ignore QP DOS denial of service failures during disarming?
1444# WARNING: This does not solve failures during disarming
1445# and should be used only when absolutely necessary.
1446# This can also be the filename of a ruleset.
1447Ignore QP Denial Of Service Failure = no
1448
1449# Do you want to store copies of messages which have been disarmed by
1450# having their HTML modified at all?
1451# This can also be the filename of a ruleset.
1452Quarantine Modified Body = no
1453
1454# Do you want to quarantine the original *entire* message as well as
1455# just the infected attachments?
1456# This can also be the filename of a ruleset.
1457Quarantine Whole Message = no
1458
1459# When you quarantine an entire message, do you want to store it as
1460# raw mail queue files (so you can easily send them onto users) or
1461# as human-readable files (header then body in 1 file)?
1462Quarantine Whole Messages As Queue Files = no
1463
1464# Do you want to stop any virus-infected spam getting into the spam or MCP
1465# archives? If you have a system where users can release messages from the
1466# spam or MCP archives, then you probably want to stop them being able to
1467# release any infected messages, so set this to yes.
1468# It is set to no by default as it causes a small hit in performance, and
1469# many people don't allow users to access the spam quarantine, so don't
1470# need it.
1471# This can also be the filename of a ruleset.
1472Keep Spam And MCP Archive Clean = no
1473
1474# Set where to find all the strings used so they can be translated into
1475# your local language.
1476# This can also be the filename of a ruleset so you can produce different
1477# languages for different messages.
1478Language Strings = %report-dir%/languages.conf
1479
1480# Set where to find the message text sent to users who triggered the ruleset
1481# you are using with the "Reject Message" option.
1482Rejection Report = %report-dir%/rejection.report.txt
1483
1484# Set where to find the message text sent to users when one of their
1485# attachments has been deleted from a message.
1486# These can also be the filenames of rulesets.
1487Deleted Bad Content Message Report  = %report-dir%/deleted.content.message.txt
1488Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
1489Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt
1490Deleted Size Message Report         = %report-dir%/deleted.size.message.txt
1491
1492# Set where to find the message text sent to users when one of their
1493# attachments has been deleted from a message and stored in the quarantine.
1494# These can also be the filenames of rulesets.
1495Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
1496Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
1497Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
1498Stored Size Message Report         = %report-dir%/stored.size.message.txt
1499
1500# Set where to find the message text sent to users explaining about the
1501# attached disinfected documents.
1502# This can also be the filename of a ruleset.
1503Disinfected Report = %report-dir%/disinfected.report.txt
1504
1505# Set where to find the HTML and text versions that will be added to the
1506# end of all clean messages, if "Sign Clean Messages" is set.
1507# These can also be the filenames of rulesets.
1508Inline HTML Signature = %report-dir%/inline.sig.html
1509Inline Text Signature = %report-dir%/inline.sig.txt
1510
1511# When using an image in the signature, there are 2 filenames which need
1512# to be set. The first is the location in this server's filesystem of the
1513# image file itself. The second is the name of the image as it is stored in
1514# the attachment. The HTML version of the signature will refer to this
1515# second name in the HTML <img> tag.
1516# Note: the filename extension will be used as the MIME subtype, so a GIF
1517# image must end in ".gif" for example. (.jpg ==> "jpeg" as a special case)
1518# See "Attach Image To Signature" for notes on how to use this.
1519Signature Image Filename = %report-dir%/sig.jpg
1520Signature Image <img> Filename = signature.jpg
1521
1522# Set where to find the HTML and text versions that will be inserted at
1523# the top of messages that have had viruses removed from them.
1524# These can also be the filenames of rulesets.
1525Inline HTML Warning = %report-dir%/inline.warning.html
1526Inline Text Warning = %report-dir%/inline.warning.txt
1527
1528# Set where to find the messages that are delivered to the sender, when they
1529# sent an email containing either an error, banned content, a banned filename
1530# or a virus infection.
1531# These can also be the filenames of rulesets.
1532Sender Content Report      = %report-dir%/sender.content.report.txt
1533Sender Error Report        = %report-dir%/sender.error.report.txt
1534Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
1535Sender Virus Report        = %report-dir%/sender.virus.report.txt
1536Sender Size Report         = %report-dir%/sender.size.report.txt
1537
1538# Hide the directory path from all virus scanner reports sent to users.
1539# The extra directory paths give away information about your setup, and
1540# tend to just confuse users.
1541# This can also be the filename of a ruleset.
1542Hide Incoming Work Dir = yes
1543
1544# Include the name of the virus scanner in each of the scanner reports.
1545# This also includes the translation of "MailScanner" in each of the report
1546# lines resulting from one of MailScanner's own checks such as filename,
1547# filetype or dangerous HTML content. To change the name "MailScanner", look
1548# in reports/...../languages.conf.
1549#
1550# Very useful if you use several virus scanners, but a bad idea if you
1551# don't want to let your customers know which scanners you use.
1552Include Scanner Name In Reports = yes
1553
1554# External Message Warning
1555# Place an inline message and the top of body when a message is from an
1556# external source. This should be a ruleset that specifies local domains
1557# that should not receive the external message signature
1558External Message Warning = %rules-dir%/external.message.rules
1559
1560# Inline external message warning
1561# Set inline external message warning
1562# This can be filenames of rulesets
1563Inline HTML External Warning = %report-dir%/inline.external.warning.html
1564Inline Text External Warning = %report-dir%/inline.external.warning.txt
1565
1566#
1567# Changes to Message Headers
1568# --------------------------
1569#
1570
1571# Add this extra header to all mail as it is processed.
1572# This *must* include the colon ":" at the end.
1573# This can also be the filename of a ruleset.
1574Mail Header = X-%org-name%-MailScanner:
1575
1576# Add this extra header to all messages found to be spam.
1577# This can also be the filename of a ruleset.
1578Spam Header = X-%org-name%-MailScanner-SpamCheck:
1579
1580# Add this extra header if "Spam Score" = yes. The header will
1581# contain 1 character for every point of the SpamAssassin score.
1582Spam Score Header = X-%org-name%-MailScanner-SpamScore:
1583
1584# Add this extra header to all mail as it is processed.
1585# The contents is set by "Information Header Value" and is intended for
1586# you to be able to insert a help URL for your users.
1587# If you don't want an information header at all, just comment out this
1588# setting or set it to be blank.
1589# This can also be the filename of a ruleset.
1590Information Header = X-%org-name%-MailScanner-Information:
1591
1592# Do you want to add the Envelope-From: header?
1593# This is very useful for tracking where spam came from as it
1594# contains the envelope sender address.
1595# This can also be the filename of a ruleset.
1596Add Envelope From Header = yes
1597
1598# Do you want to add the Envelope-To: header?
1599# This can be useful for tracking spam destinations, but should be
1600# used with care due to possible privacy concerns with the use of
1601# Bcc: headers by users.
1602# Note also that this information can be added conditionally by using
1603# the "_TO_" word in a "header" action for Spam Actions, High Scoring
1604# Spam Actions, Non-Spam Actions and SpamAssassin Rule Actions.
1605# This can also be the filename of a ruleset.
1606Add Envelope To Header = no
1607
1608# This is the name of the Envelope From header
1609# controlled by the option above.
1610# This can also be the filename of a ruleset.
1611Envelope From Header = X-%org-name%-MailScanner-From:
1612
1613# This is the name of the Envelope To header
1614# controlled by the option above.
1615# This can also be the filename of a ruleset.
1616Envelope To Header = X-%org-name%-MailScanner-To:
1617
1618# Setting this adds the MailScanner message id number to a header
1619# in the message. If you do not want this header, just set this to be
1620# an empty string (put nothing after the '=').
1621# This can also be the filename of a ruleset.
1622ID Header = X-%org-name%-MailScanner-ID:
1623
1624# Was this message transmitted using IPv6 or IPv4 in its last hop?
1625# To stop this header appearing, set it to be blank.
1626# This can also be the filename of a ruleset.
1627IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol:
1628
1629# The character to use in the "Spam Score Header".
1630# Don't use: x as a score of 3 is "xxx" which the users will think is porn,
1631#            # as it will cause confusion with comments in procmail as well
1632#              as MailScanner itself,
1633#            * as it will cause confusion with pattern matches in procmail,
1634#            . as it will cause confusion with pattern matches in procmail,
1635#            ? as it will cause the users to think something went wrong.
1636# "s" is nice and safe and stands for "spam".
1637Spam Score Character = s
1638
1639# If this option is set to yes, you will get a spam-score header saying just
1640# the value of the spam score, instead of the row of characters representing
1641# the score.
1642# This can also be the filename of a ruleset.
1643SpamScore Number Instead Of Stars = no
1644
1645# This sets the minimum number of "Spam Score Characters" which will appear
1646# if a message triggered the "Spam List" setting but received a very low
1647# SpamAssassin score. This means that people who only filter on the "Spam
1648# Stars" will still be able to catch messages which receive a very low
1649# SpamAssassin score. Set this value to 0 to disable it.
1650# This can also be the filename of a ruleset.
1651Minimum Stars If On Spam List = 0
1652
1653# Set the "Mail Header" to these values for clean/infected/disinfected messages.
1654# This can also be the filename of a ruleset.
1655Clean Header Value       = Found to be clean
1656Infected Header Value    = Found to be infected
1657Disinfected Header Value = Disinfected
1658
1659# Set the "Information Header" to this value.
1660# This can also be the filename of a ruleset.
1661Information Header Value = Please contact the ISP for more information
1662
1663# Do you want the full spam report, or just a simple "spam / not spam" report?
1664Detailed Spam Report = yes
1665
1666# Do you want to include the numerical scores in the detailed SpamAssassin
1667# report, or just list the names of the scores
1668Include Scores In SpamAssassin Report = yes
1669
1670# Do you want to always include the Spam Report in the SpamCheck
1671# header, even if the message wasn't spam?
1672# This can also be the filename of a ruleset.
1673Always Include SpamAssassin Report = no
1674
1675# What to do when you get several MailScanner headers in one message,
1676# from multiple MailScanner servers. Values are
1677#      "append"  : Append the new data to the existing header
1678#      "add"     : Add a new header
1679#      "replace" : Replace the old data with the new data
1680# Default is "append"
1681# This can also be the filename of a ruleset.
1682Multiple Headers = append
1683
1684# Some people prefer that message headers are added in strict order with
1685# the newest headers at the top and the oldest headers at the bottom.
1686# This is also required if you receive a message which is authenticated by
1687# DKIM, and you are forwarding that message onto somewhere else, and want
1688# not to break the DKIM signature.
1689# **Note**: To avoid breaking DKIM signatures, you *must* also set
1690#   Multiple Headers = add
1691# So if some of your users forward mail from PayPal, Ebay or Yahoo! to
1692# accounts stored on Gmail or Googlemail, then you need to set this to "yes"
1693# and "Multiple Headers = add" to avoid breaking the DKIM signature.
1694# It may be worth using a ruleset to just apply this to messages sent by
1695# the companies mentioned above.
1696# This can also be the filename of a ruleset.
1697Place New Headers At Top Of Message = no
1698
1699# Name of this host, or a name like "The MailScanner" if you want to hide
1700# the real hostname. It is used in the Help Desk note contained in the
1701# virus warnings sent to users.
1702# Remember you can use $HOSTNAME in here, so you might want to set it to
1703# Hostname = The %org-name% ($HOSTNAME) MailScanner
1704# This can also be the filename of a ruleset.
1705Hostname = The %org-name% ($HOSTNAME) MailScanner
1706
1707# If this is "no", then (as far as possible) messages which have already
1708# been processed by another MailScanner server will not have the clean
1709# signature added to the message. This prevents messages getting many
1710# copies of the signature as they flow through your site.
1711# This can also be the filename of a ruleset.
1712Sign Messages Already Processed = no
1713
1714# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
1715# of uninfected messages?
1716# If you add your own signature in your email application, and include the
1717# magic token "_SIGNATURE_" in your email message, the signature will be
1718# inserted just there, rather than at the end of the message.
1719# This can also be the filename of a ruleset.
1720Sign Clean Messages = yes
1721
1722# If you are using HTML signatures, you can embed an image in the signature.
1723# For the filename(s) of the image, see the settings "Signature Image
1724# Filename" and "Signature Image <img> Filename".
1725# In your HTML, you must refer to the image with an HTML tag that looks like:
1726#     <img alt="MailScanner Signature" src="cid:signature.jpg">
1727# where "signature.jpg" is the name of the image set in the
1728# "Signature Image <img> Filename" setting above. If used correctly, Mail-
1729# Scanner will notice if the image is already present and not add it again.
1730#
1731# This can also be the filename of a ruleset.
1732Attach Image To Signature = no
1733
1734# Normally, you would only want to attach the image to messages with an
1735# HTML part, as plain text messages clearly cannot display an image.
1736# However, if you find some other use for this feature, you may want to
1737# attach an image to a message which is just text.
1738# See "Attach Image To Signature" for notes on how to use this.
1739# This can also be the filename of a ruleset.
1740Attach Image To HTML Message Only = yes
1741
1742# This option can be used to stop any duplication of en email signature
1743# appearing in the HTML of an email message. It looks for the "alt"
1744# attribute in the <img> tag specifying the image to be inserted in the
1745# HTML signature. If you want to use this option without inserting an image
1746# into the signature, simply specify an <img> tag without a "src" attribute.
1747#
1748# If the "alt" tag appears, and contains the word "MailScanner" and the
1749# word "Signature" and the %org-name% you specified at the top of this file,
1750# then the message is considered to already be signed. If this option is
1751# also set to "no", then it will not be signed again. Multiple image
1752# signatures at the bottom of a message can make the message very large and
1753# ugly once it has been replied to a couple of times.
1754# This can also be the filename of a ruleset.
1755Allow Multiple HTML Signatures = no
1756
1757# If any of these headers exist, then the message is actually a reply and
1758# so we may not want to sign it with an HTML signature. Plain text sig-
1759# natures will still apply, but HTML signatures, which may include an image,
1760# will not.
1761# By default, this feature is disabled by specifying no header names.
1762# This should be a space or comma-separated list of header names.
1763# This can also be the filename of a ruleset.
1764Dont Sign HTML If Headers Exist = # In-Reply-To: References:
1765
1766# Add the "Inline HTML Warning" or "Inline Text Warning" to the top of
1767# messages that have had attachments removed from them?
1768# This can also be the filename of a ruleset.
1769Mark Infected Messages = yes
1770
1771# When a message is to not be virus-scanned (which may happen depending
1772# upon the setting of "Virus Scanning", especially if it is a ruleset),
1773# do you want to add the header advising the users to get their email
1774# virus-scanned by you?
1775# Very good for advertising your MailScanning service and encouraging
1776# users to give you some more money and sign up to virus scanning.
1777# This can also be the filename of a ruleset.
1778Mark Unscanned Messages = yes
1779
1780# This is the text used by the "Mark Unscanned Messages" option above.
1781# This can also be the filename of a ruleset.
1782Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details
1783
1784# If any of these headers are included in a a message, they will be deleted.
1785# This is a space-separated list of a mixture of any combination of
1786# 1. Names of headers, optionally ending with a ':'
1787#    (the ':' will be added if not supplied)
1788# 2. Regular expressions starting and ending with a '/'.
1789#    These regular expressions are matched against the entire header line,
1790#    not just the name of the header.
1791#    **NOTE** The regular expressions must *not* contain spaces,
1792#             so use '\s' instead of ' '.
1793# This is very useful for removing return-receipt requests and any headers
1794# which mean special things to your email client application.
1795# X-Mozilla-Status is bad as it allows spammers to make a message appear to
1796# have already been read, which is believed to bypass some naive spam
1797# filtering systems.
1798# Receipt requests are bad as they give any attacker confirmation that an
1799# account is active and being read. You don't want this sort of information
1800# to leak outside your corporation. So you might want to remove
1801#     Disposition-Notification-To
1802#     Return-Receipt-To
1803#     X-Confirm-Reading-To
1804#     Disposition-Notification-To
1805#     Receipt-Requested-To
1806#     Confirm-Reading-To
1807#     MDRcpt-To
1808#     MDSend-Notifications-To
1809#     Smtp-Rcpt-To
1810#     Return-Receipt-To
1811#     Read-Receipt-To
1812#     X-Confirm-Reading-To
1813#     X-Acknowledge-To
1814#     Delivery-Receipt-To
1815#     X-PMrqc
1816#     Errors-To
1817#     X-IMAPBase
1818#     X-IMAP
1819#     X-UID
1820#     Status
1821#     X-Status
1822#     X-UIDL
1823#     X-Keywords
1824#     X-Mozilla-Status
1825#     X-Mozilla-Status2
1826# If you are having problems with duplicate message-id headers when you
1827# release spam from the quarantine and send it to an Exchange server, then add
1828#     Message-Id.
1829# Each header should end in a ":", but MailScanner will add it if you forget.
1830# Headers should be separated by commas or spaces.
1831# This can also be the filename of a ruleset.
1832Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
1833
1834# Do you want to deliver messages once they have been cleaned of any
1835# viruses?
1836# By making this a ruleset, you can re-create the "Deliver From Local"
1837# facility of previous versions.
1838Deliver Cleaned Messages = yes
1839
1840#
1841# Notifications back to the senders of blocked messages
1842# -----------------------------------------------------
1843#
1844
1845# Do you want to notify the people who sent you messages containing
1846# viruses or badly-named filenames?
1847# This can also be the filename of a ruleset.
1848Notify Senders = yes
1849
1850# *If* "Notify Senders" is set to yes, do you want to notify people
1851# who sent you messages containing viruses?
1852# The default value has been changed to "no" as most viruses now fake
1853# sender addresses and therefore should be on the "Silent Viruses" list.
1854# This can also be the filename of a ruleset.
1855Notify Senders Of Viruses = no
1856
1857# *If* "Notify Senders" is set to yes, do you want to notify people
1858# who sent you messages containing attachments that are blocked due to
1859# their filename or file contents?
1860# This can also be the filename of a ruleset.
1861Notify Senders Of Blocked Filenames Or Filetypes = yes
1862
1863# *If* "Notify Senders" is set to yes, do you want to notify people
1864# who sent you messages containing attachments that are blocked due to
1865# being too small or too large?
1866# This can also be the filename of a ruleset.
1867Notify Senders Of Blocked Size Attachments = no
1868
1869# *If* "Notify Senders" is set to yes, do you want to notify people
1870# who sent you messages containing other blocked content, such as
1871# partial messages or messages with external bodies?
1872# This can also be the filename of a ruleset.
1873Notify Senders Of Other Blocked Content = yes
1874
1875# If you supply a space-separated list of message "precedence" settings,
1876# then senders of those messages will not be warned about anything you
1877# rejected. This is particularly suitable for mailing lists, so that any
1878# MailScanner responses do not get sent to the entire list.
1879Never Notify Senders Of Precedence = list bulk
1880
1881#
1882# Changes to the Subject: line
1883# ----------------------------
1884#
1885
1886# When the message has been scanned but no other subject line changes
1887# have happened, do you want modify the subject line?
1888# This can be 1 of 4 values:
1889#      no    = Do not modify the subject line, or
1890#      start = Add text to the start of the subject line, or
1891#      end   = Add text to the end of the subject line, or
1892#      yes   = Add text to the end of the subject line.
1893# This makes very good advertising of your MailScanning service.
1894# This can also be the filename of a ruleset.
1895Scanned Modify Subject = no # end
1896
1897# This is the text to add to the start/end of the subject line if the
1898# "Scanned Modify Subject" option is set.
1899# This can also be the filename of a ruleset.
1900Scanned Subject Text = {Scanned}
1901
1902# If the message contained a virus, do you want to modify the subject line?
1903# This can be 1 of 4 values:
1904#      no    = Do not modify the subject line, or
1905#      start = Add text to the start of the subject line, or
1906#      yes   = Add text to the start of the subject line, or
1907#      end   = Add text to the end of the subject line.
1908# This makes filtering in Outlook very easy.
1909# This can also be the filename of a ruleset.
1910Virus Modify Subject = start
1911
1912# This is the text to add to the start of the subject if the
1913# "Virus Modify Subject" option is set.
1914# This can also be the filename of a ruleset.
1915Virus Subject Text = {Virus?}
1916
1917# If an attachment triggered a filename check, but there was nothing
1918# else wrong with the message, do you want to modify the subject line?
1919# This can be 1 of 4 values:
1920#      no    = Do not modify the subject line, or
1921#      start = Add text to the start of the subject line, or
1922#      yes   = Add text to the start of the subject line, or
1923#      end   = Add text to the end of the subject line.
1924# This makes filtering in Outlook very easy.
1925# This can also be the filename of a ruleset.
1926Filename Modify Subject = start
1927
1928# This is the text to add to the start of the subject if the
1929# "Filename Modify Subject" option is set.
1930# You might want to change this so your users can see at a glance
1931# whether it just was just the filename that MailScanner rejected.
1932# This can also be the filename of a ruleset.
1933Filename Subject Text = {Filename?}
1934
1935# If an attachment triggered a content check, but there was nothing
1936# else wrong with the message, do you want to modify the subject line?
1937# This can be 1 of 4 values:
1938#      no    = Do not modify the subject line, or
1939#      start = Add text to the start of the subject line, or
1940#      yes   = Add text to the start of the subject line, or
1941#      end   = Add text to the end of the subject line.
1942# This makes filtering in Outlook very easy.
1943# This can also be the filename of a ruleset.
1944Content Modify Subject = start
1945
1946# This is the text to add to the start of the subject if the
1947# "Content Modify Subject" option is set.
1948# You might want to change this so your users can see at a glance
1949# whether it just was just the content that MailScanner rejected.
1950# This can also be the filename of a ruleset.
1951Content Subject Text = {Dangerous Content?}
1952
1953# If an attachment or the entire message triggered a size check, but
1954# there was nothing else wrong with the message, do you want to modify
1955# the subject line?
1956# This can be 1 of 4 values:
1957#      no    = Do not modify the subject line, or
1958#      start = Add text to the start of the subject line, or
1959#      yes   = Add text to the start of the subject line, or
1960#      end   = Add text to the end of the subject line.
1961# This makes filtering in Outlook very easy.
1962# This can also be the filename of a ruleset.
1963Size Modify Subject = start
1964
1965# This is the text to add to the start of the subject if the
1966# "Size Modify Subject" option is set.
1967# You might want to change this so your users can see at a glance
1968# whether it just was just the message or attachment size that
1969# MailScanner rejected.
1970# This can also be the filename of a ruleset.
1971Size Subject Text = {Size}
1972
1973# If HTML tags in the message were "disarmed" by using the HTML "Allow"
1974# options above with the "disarm" settings, do you want to modify the
1975# subject line?
1976# This can be 1 of 4 values:
1977#      no    = Do not modify the subject line, or
1978#      start = Add text to the start of the subject line, or
1979#      yes   = Add text to the start of the subject line, or
1980#      end   = Add text to the end of the subject line.
1981# This can also be the filename of a ruleset.
1982Disarmed Modify Subject = start
1983
1984# This is the text to add to the start of the subject if the
1985# "Disarmed Modify Subject" option is set.
1986# This can also be the filename of a ruleset.
1987Disarmed Subject Text = {Disarmed}
1988
1989# If a potential phishing attack is found in the message, do you want to
1990# modify the subject line?
1991# This can be 1 of 4 values:
1992#      no    = Do not modify the subject line, or
1993#      start = Add text to the start of the subject line, or
1994#      yes   = Add text to the start of the subject line, or
1995#      end   = Add text to the end of the subject line.
1996# This can also be the filename of a ruleset.
1997Phishing Modify Subject = no
1998
1999# This is the text to add to the start of the subject if the "Phishing
2000# Modify Subhect" option is set.
2001# This can also be the filename of a ruleset.
2002Phishing Subject Text = {Fraud?}
2003
2004# If the message is spam, do you want to modify the subject line?
2005# This can be 1 of 4 values:
2006#      no    = Do not modify the subject line, or
2007#      start = Add text to the start of the subject line, or
2008#      yes   = Add text to the start of the subject line, or
2009#      end   = Add text to the end of the subject line.
2010# This makes filtering in Outlook very easy.
2011# This can also be the filename of a ruleset.
2012Spam Modify Subject = start
2013
2014# This is the text to add to the start of the subject if the
2015# "Spam Modify Subject" option is set.
2016# The exact string "_SCORE_" will be replaced by the numeric
2017# SpamAssassin score.
2018# The exact string "_STARS_" will be replaced by a row of stars
2019# whose length is the SpamAssassin score.
2020# This can also be the filename of a ruleset.
2021Spam Subject Text = {Spam?}
2022
2023# This is just like the "Spam Modify Subject" option above, except that
2024# it applies when the score from SpamAssassin is higher than the
2025# "High SpamAssassin Score" value.
2026# This can be 1 of 4 values:
2027#      no    = Do not modify the subject line, or
2028#      start = Add text to the start of the subject line, or
2029#      yes   = Add text to the start of the subject line, or
2030#      end   = Add text to the end of the subject line.
2031# This can also be the filename of a ruleset.
2032High Scoring Spam Modify Subject = start
2033
2034# This is just like the "Spam Subject Text" option above, except that
2035# it applies when the score from SpamAssassin is higher than the
2036# "High SpamAssassin Score" value.
2037# The exact string "_SCORE_" will be replaced by the numeric
2038# SpamAssassin score.
2039# The exact string "_STARS_" will be replaced by a row of stars
2040# whose length is the SpamAssassin score.
2041# This can also be the filename of a ruleset.
2042High Scoring Spam Subject Text = {Spam?}
2043
2044#
2045# Changes to the Message Body
2046# ---------------------------
2047#
2048
2049# When a virus or attachment is replaced by a plain-text warning,
2050# should the warning be in an attachment? If "no" then it will be
2051# placed in-line. This can also be the filename of a ruleset.
2052Warning Is Attachment = yes
2053
2054# When a virus or attachment is replaced by a plain-text warning,
2055# and that warning is an attachment, this is the filename of the
2056# new attachment.
2057# This can also be the filename of a ruleset.
2058Attachment Warning Filename = %org-name%-Attachment-Warning.txt
2059
2060# What character set do you want to use for the attachment that
2061# replaces viruses (VirusWarning.txt)?
2062# The default is ISO-8859-1 as even Americans have to talk to the
2063# rest of the world occasionally :-)
2064# This can also be the filename of a ruleset.
2065Attachment Encoding Charset = ISO-8859-1
2066
2067#
2068# Mail Archiving and Monitoring
2069# -----------------------------
2070#
2071
2072# Space-separated list of any combination of
2073# 1. email addresses to which mail should be forwarded,
2074# 2. directory names where you want mail to be stored,
2075# 3. file names (they must already exist unless "Missing Mail Archive Is =
2076#    directory" is set below) which mail will be appended
2077#    in "mbox" format suitable for importing into most mail systems.
2078#
2079# Any of the items above can contain 3 magic strings, which are subsituted
2080# as follows:
2081# _DATE_       will be replaced with the current date in yyyymmdd format.
2082#              This will make archive-rolling and maintenance much easier,
2083#              as you can guarantee that yesterday's mail archive will not
2084#              be in active use today.
2085# _HOUR_       will be replaced with the number of the current hour, with
2086#              a leading zero if necessary to make it 2 digits.
2087# _TOUSER_     will be replaced with the left-hand side of the email
2088#              address of each of the recipients in turn.
2089# _TODOMAIN_   will be replaced with the right-hand side of the email
2090#              address of each of the recipients in turn.
2091# _FROMUSER_   will be replaced with the left-hand side of the email
2092#              address of the sender.
2093# _FROMDOMAIN_ will be replaced with the right-hand side of the email
2094#              address of the sender.
2095#
2096# If you give this option a ruleset, you can control exactly whose mail
2097# is archived or forwarded. If you do this, beware of the legal implications
2098# as this could be deemed to be illegal interception unless the police have
2099# asked you to do this.
2100#
2101# Note: This setting still works even if "Scan Messages" is no.
2102#
2103#Archive Mail = /var/spool/MailScanner/archive
2104Archive Mail =
2105
2106# If a location specified in "Archive Mail" is not found, should it assume
2107# that the location is a file or a directory name?
2108# Before this option was added, it was always assumed to be a directory.
2109# However, if the _FROMUSER_, _FROMDOMAIN_, _TOUSER_, _TODOMAIN_, _DATE_
2110# or _HOUR_ tokens are used in the name of the location, it might be
2111# useful to store the messages in an mbox file containing the address of
2112# the recipient.
2113#
2114# This can also be the filename of a ruleset.
2115Missing Mail Archive Is = directory
2116
2117#
2118# Notices to System Administrators
2119# --------------------------------
2120#
2121
2122# Notify the local system administrators ("Notices To") when any infections
2123# are found?
2124# This can also be the filename of a ruleset.
2125Send Notices = yes
2126
2127# Include the full headers of each message in the notices sent to the local
2128# system administrators?
2129# This can also be the filename of a ruleset.
2130Notices Include Full Headers = yes
2131
2132# Hide the directory path from all the system administrator notices.
2133# The extra directory paths give away information about your setup, and
2134# tend to just confuse users but are still useful for local sys admins.
2135# This can also be the filename of a ruleset.
2136Hide Incoming Work Dir in Notices = no
2137
2138# What signature to add to the bottom of the notices.
2139# To insert a line-break in there, use the sequence "\n".
2140Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
2141
2142# The visible part of the email address used in the "From:" line of the
2143# notices. The <user@domain> part of the email address is set to the
2144# "Local Postmaster" setting.
2145Notices From = MailScanner
2146
2147# Where to send the notices.
2148# This can also be the filename of a ruleset.
2149Notices To = postmaster
2150
2151# Address of the local Postmaster, which is used as the "From" address in
2152# virus warnings sent to users.
2153# This can also be the filename of a ruleset.
2154Local Postmaster = postmaster
2155
2156#
2157# Spam Detection and Virus Scanner Definitions
2158# --------------------------------------------
2159#
2160
2161# This is the name of the file that translates the names of the "Spam List"
2162# values to the real DNS names of the spam blacklists.
2163Spam List Definitions = %etc-dir%/spam.lists.conf
2164
2165# This is the name of the file that translates the names of the virus
2166# scanners into the commands that have to be run to do the actual scanning.
2167Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
2168
2169#
2170# Spam Detection and Spam Lists (DNS blocklists)
2171# ----------------------------------------------
2172#
2173
2174# Do you want to check messages to see if they are spam?
2175# Note: If you switch this off then *no* spam checks will be done at all.
2176#       This includes both MailScanner's own checks and SpamAssassin.
2177#       If you want to just disable the "Spam List" feature then set
2178#       "Spam List =" (i.e. an empty list) in the setting below.
2179# This can also be the filename of a ruleset.
2180Spam Checks = yes
2181
2182# This is the list of spam blacklists (RBLs) which you are using.
2183# See the "Spam List Definitions" file for more information about what
2184# you can put here.  For example:
2185# Spam List = BARRACUDA SORBS SPAMHAUS SPAMCOP
2186# but read the comments in the "Spam List Definitions" file.
2187# This can also be the filename of a ruleset.
2188Spam List =
2189
2190# This is the list of spam domain blacklists which you are using
2191# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
2192# file for more information about what you can put here.
2193# This can also be the filename of a ruleset.
2194Spam Domain List =
2195
2196# If a message appears in at least this number of "Spam Lists" (as defined
2197# above), then the message will be treated as spam and so the "Spam
2198# Actions" will happen, unless the message reaches the levels for "High
2199# Scoring Spam". By default this is set to 1 to mimic the previous
2200# behaviour, which means that appearing in any "Spam Lists" will cause
2201# the message to be treated as spam.
2202# This can also be the filename of a ruleset.
2203Spam Lists To Be Spam = 1
2204
2205# If a message appears in at least this number of "Spam Lists" (as defined
2206# above), then the message will be treated as "High Scoring Spam" and so
2207# the "High Scoring Spam Actions" will happen. You probably want to set
2208# this to 2 if you are actually using this feature. 5 is high enough that
2209# it will never happen unless you use lots of "Spam Lists".
2210# This can also be the filename of a ruleset.
2211Spam Lists To Reach High Score = 3
2212
2213# If an individual "Spam List" or "Spam Domain List" check takes longer
2214# that this (in seconds), the check is abandoned and the timeout noted.
2215Spam List Timeout = 10
2216
2217# Postfix/Exim only: (yes/no)
2218# If an user sends a mails after authenticating to the local mta
2219# this option disables the rbl checks if set to "yes". If set to "no" or not
2220# defined the rbl check will be executed even when the user is authenticated.
2221Spam List Skip If Authenticated = no
2222
2223# The maximum number of timeouts caused by any individual "Spam List" or
2224# "Spam Domain List" before it is marked as "unavailable". Once marked,
2225# the list will be ignored until the next automatic re-start (see
2226# "Restart Every" for the longest time it will wait).
2227# This can also be the filename of a ruleset.
2228Max Spam List Timeouts = 7
2229
2230# The total number of Spam List attempts during which "Max Spam List Timeouts"
2231# will cause the spam list fo be marked as "unavailable". See the previous
2232# comment for more information.
2233# The default values of 5 and 10 mean that 5 timeouts in any sequence of 10
2234# attempts will cause the list to be marked as "unavailable" until the next
2235# periodic restart (see "Restart Every").
2236Spam List Timeouts History = 10
2237
2238# Spam Whitelist:
2239# Make this point to a ruleset, and anything in that ruleset whose value
2240# is "yes" will *never* be marked as spam.
2241# The whitelist check is done before the blacklist check. If anyone whitelists
2242# a message, then all recipients get the message. If no-one has whitelisted it,
2243# then the blacklist is checked.
2244# This setting over-rides the "Is Definitely Spam" setting.
2245# This can also be the filename of a ruleset.
2246#Is Definitely Not Spam = no
2247Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
2248
2249# Spam Blacklist:
2250# Make this point to a ruleset, and anything in that ruleset whose value
2251# is "yes" will *always* be marked as spam.
2252# This value can be over-ridden by the "Is Definitely Not Spam" setting.
2253# This can also be the filename of a ruleset.
2254Is Definitely Spam = no
2255
2256# Setting this to yes means that spam found in the blacklist is treated
2257# as "High Scoring Spam" in the "Spam Actions" section below. Setting it
2258# to no means that it will be treated as "normal" spam.
2259# This can also be the filename of a ruleset.
2260Definite Spam Is High Scoring = no
2261
2262# Spammers have learnt that they can get their message through by sending
2263# a message with lots of recipients, one of which chooses to whitelist
2264# everything coming to them, including the spammer.
2265# So if a message arrives with more than this number of recipients, ignore
2266# the "Is Definitely Not Spam" whitelist.
2267Ignore Spam Whitelist If Recipients Exceed = 20
2268
2269# Spammers do not have the power to send out huge messages to everyone as
2270# it costs them too much (more smaller messages makes more profit than less
2271# very large messages). So if a message is bigger than a certain size, it
2272# is highly unlikely to be spam. Limiting this saves a lot of time checking
2273# huge messages.
2274# Disable this option by setting it to a huge value.
2275# This is measured in bytes.
2276# This can also be the filename of a ruleset.
2277Max Spam Check Size = 200k
2278
2279
2280#
2281# Watermarking
2282# ------------
2283#
2284
2285# Do you want to use the watermarking features at all?
2286# Setting this to "no" will disable the whole of this section.
2287Use Watermarking = no
2288
2289# Do you want to add a watermark to each email message?
2290# Setting this enables delivery error messages to be identified as yours
2291# so you want to see them. Delivery error messages without valid watermarks
2292# are treated as spam (or whatever you set below), as you probably don't
2293# want to see them. Spammers can send vast quantities of spam claiming to
2294# come from you so that you get all the delivery errors (known as a "joe-job"
2295# attack).
2296# This can also be the filename of a ruleset.
2297Add Watermark = yes
2298
2299# Do you want to check watermarks?
2300# This can also be the filename of a ruleset.
2301Check Watermarks With No Sender = yes
2302
2303# If the message has an invalid watermark and no sender address, then it
2304# is a delivery error (DSN) for a message which didn't come from us.
2305# Delivery errors have no sender address.
2306# So we probably want to treat it as spam, or high-scoring spam.
2307# This option can take one of 5 values:
2308#         "delete",
2309#         "spam",
2310#         "high-scoring spam",
2311#         "nothing" or
2312#         a number greater than 0.
2313# If it is set to "delete", then the message is deleted and no further action
2314# is taken.
2315# If it is set to a number, then that is added to the message's spam score
2316# and it's spam status is updated accordingly.
2317# If you set it to "nothing" then there probably isn't much
2318# point in checking watermarks at all. But it could still be useful in
2319# rulesets and Custom Functions.
2320# This can also be the filename of a ruleset.
2321Treat Invalid Watermarks With No Sender as Spam = nothing
2322
2323# Enable this feature if you have more then one Mailscanner installation
2324# (or you have a trust relationship with another Mailscanner user). An
2325# example would be a secondary MX with MailScanner installed which relays
2326# to the primary MX for delivery. For this to work you need to use the
2327# same value for "Watermark Header", and have the same "Watermark Secret".
2328#
2329# This could be achieved by using a ruleset.
2330#
2331# This feature skips Spam Checks if the Watermark is trusted. The trust
2332# only works between servers so will not apply to replies to emails.
2333#
2334# If the Watermark has expired or is invalid then the message is processed
2335# as normal.
2336# This can also be the filename of a ruleset.
2337Check Watermarks To Skip Spam Checks = yes
2338
2339# This is the secret key used in the watermark calculations to ensure
2340# that the watermark can't be spoofed. It should be set to the same value
2341# on all the MailScanners in your organisation.
2342#
2343# Note: YOU SHOULD CHANGE THIS TO SOMETHING SECRET!
2344#
2345# This can also be the filename of a ruleset.
2346Watermark Secret = %org-name%-Secret
2347
2348# This sets the lifetime of a watermark. Set it to the maximum length of
2349# time that you want to allow for delivery errors to be delivered.
2350# Most sites set their delivery timeouts to less than 7 days, so that is
2351# a reasonable value to use.
2352# This time is measured in seconds. 7 days = 604800 seconds.
2353# This can also be the filename of a ruleset.
2354Watermark Lifetime = 604800
2355
2356# This sets the name of the Watermark header. Good to make sure this is
2357# customised for your site, as you don't want to be reading other people's
2358# watermarks.
2359# This can also be the filename of a ruleset.
2360Watermark Header = X-%org-name%-MailScanner-Watermark:
2361
2362
2363#
2364# SpamAssassin
2365# ------------
2366#
2367
2368# Do you want to find spam using the "SpamAssassin" package?
2369# This can also be the filename of a ruleset.
2370Use SpamAssassin = yes
2371
2372# SpamAssassin is not very fast when scanning huge messages, so messages
2373# bigger than this value will be truncated to this length for SpamAssassin
2374# testing. The original message will not be affected by this. This value
2375# is a good compromise as very few spam messages are bigger than this.
2376#
2377# Now for the options:
2378# 1) <length of data in bytes>
2379# 2) <length of data in bytes> trackback
2380# 3) <length of data in bytes> continue <max extra bytes allowed>
2381#
2382# 1) Put in a simple number.
2383#    This will be the simple cut-off point for messages that are larger than
2384#    this number.
2385# 2) Put in a number followed by 'trackback'.
2386#    Once the size limit is reached, MailScanner reverses towards the start
2387#    of the message, until it hits a line that is blank. The message passed
2388#    to SpamAssassin is truncated there. This stops any part-images being
2389#    passed to SpamAssassin, and so avoids rules which trigger on this.
2390# 3) Put in a number followed by 'continue' followed by another number.
2391#    Once the size limit is reached, MailScanner continues adding to the data
2392#    passed to SpamAssassin, until at most the 2nd number of bytes have been
2393#    added looking for a blank line. This tries to complete the image data
2394#    that has been started when the 1st number of bytes has been reached,
2395#    while imposing a limit on the amount that can be added (to avoid attacks).
2396#
2397# If all this confuses you, just leave it alone at "40k" as that is good.
2398Max SpamAssassin Size = 200k
2399
2400# This replaces the SpamAssassin configuration value 'required_hits'.
2401# If a message achieves a SpamAssassin score higher than this value,
2402# it is spam. See also the High SpamAssassin Score configuration option.
2403# This can also be the filename of a ruleset, so the SpamAssassin
2404# required_hits value can be set to different values for different messages.
2405Required SpamAssassin Score = 6
2406
2407# If a message achieves a SpamAssassin score higher than this value,
2408# then the "High Scoring Spam Actions" are used. You may want to use
2409# this to deliver moderate scores, while deleting very high scoring messsages.
2410# This can also be the filename of a ruleset.
2411High SpamAssassin Score = 10
2412
2413# Set this option to "yes" to enable the automatic whitelisting functions
2414# available within SpamAssassin. This will cause addresses from which you
2415# get real mail, to be marked so that it will never incorrectly spam-tag
2416# messages from those addresses.
2417# To disable whitelisting, you must set "use_auto_whitelist 0" in your
2418# spamassassin.conf file as well as set this to no.
2419SpamAssassin Auto Whitelist = yes
2420
2421# If SpamAssassin takes longer than this (in seconds), the check is
2422# abandoned and the timeout noted.
2423SpamAssassin Timeout = 75
2424
2425# If SpamAssassin times out more times in a row than this, then it will be
2426# marked as "unavailable" until MailScanner next re-starts itself.
2427# This means that remote network failures causing SpamAssassin trouble will
2428# not mean your mail stops flowing.
2429Max SpamAssassin Timeouts = 10
2430
2431# The total number of SpamAssassin attempts during which "Max SpamAssassin
2432# Timeouts" will cause SpamAssassin to stop doing all network-based tests.
2433# If double the timeout value is reached (i.e. it continues to timeout at
2434# the same frequency as before) then it is marked as "unavailable".
2435# See the previous comment for more information.
2436# The default values of 10 and 20 mean that 10 timeouts in any sequence of
2437# 20 attempts will trigger the behaviour described above, until the next
2438# periodic restart (see "Restart Every").
2439SpamAssassin Timeouts History = 30
2440
2441# If the message sender is on any of the Spam Lists, do you still want
2442# to do the SpamAssassin checks? Setting this to "no" will reduce the load
2443# on your server, but will stop the High Scoring Spam Actions from ever
2444# happening.
2445# This can also be the filename of a ruleset.
2446Check SpamAssassin If On Spam List = yes
2447
2448# Normally, SpamAssassin skips over all non-text attachments and does not
2449# scan them for indications that the message is spam.
2450# This setting over-rides that behaviour, telling SpamAssassin to scan all
2451# attachments regardless of type. This can be very useful for spotting rude
2452# and derogatory content in Microsoft Word documents, for example.
2453# However, it does slightly slow SpamAssassin and so is disabled by default.
2454# Setting this to "yes" will have no effect without a small patch to the
2455# SpamAssassin code.
2456# This can also be the filename of a ruleset.
2457Include Binary Attachments In SpamAssassin = no
2458
2459# Do you want to include the "Spam Score" header. This shows 1 character
2460# (Spam Score Character) for every point of the SpamAssassin score. This
2461# makes it very easy for users to be able to filter their mail using
2462# whatever SpamAssassin threshold they want. For example, they just look
2463# for "sssss" for every message whose score is > 5, for example.
2464# This can also be the filename of a ruleset.
2465Spam Score = yes
2466
2467# Many naive spammers send out the same message to lots of people.
2468# These messages are very likely to have roughly the same SpamAssassin score.
2469# For extra speed, cache the SpamAssassin results for the messages
2470# being processed so that you only call SpamAssassin once for all of the
2471# messages.
2472# If you set this to "no" then the entire SpamAssassin Cache Database File
2473# is not used, along with its requirement for SQLite.
2474# This can also be the filename of a ruleset.
2475Cache SpamAssassin Results = yes
2476
2477# The SpamAssassin cache uses a database file which needs to be writable
2478# by the MailScanner "Run As User". This file will be created and setup for
2479# you automatically when MailScanner is started.
2480# Note: If you move the "Incoming Work Dir" then you should move this too.
2481# Note: you will also need to update /usr/sbin/ms-sa-cache
2482SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
2483
2484# If you are using the Bayesian statistics engine on a busy server,
2485# you may well need to force a Bayesian database rebuild and expiry
2486# at regular intervals. This is measures in seconds.
2487# 1 day = 86400 seconds.
2488# To disable this feature set this to 0.
2489# Note: If you enable this feature, set "bayes_auto_expire 0" in
2490#       spam.assasssin.prefs.conf which you will find in the same
2491#       directory as this file.
2492Rebuild Bayes Every = 0
2493
2494# The Bayesian database rebuild and expiry may take a 2 or 3 minutes
2495# to complete. During this time you can either wait, or simply
2496# disable SpamAssassin checks until it has completed.
2497Wait During Bayes Rebuild = no
2498
2499#
2500# Custom Spam Scanner Plugin
2501# --------------------------
2502#
2503
2504# Use the Custom Spam Scanner. This is code you will have to write yourself,
2505# a function called "GenericSpamScanner" stored in the file
2506# MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm
2507# It will be passed
2508#  $IP      - the numeric IP address of the system on the remote end
2509#             of the SMTP connections
2510#  $From    - the address of the envelope sender of the message
2511#  $To      - a perl reference to the envelope recipients of the message
2512#  $Message - a perl reference to the list of line of the message
2513# A sample function is given in the correct file in the distribution.
2514# This sample function also includes code to show you how to make it run
2515# an external program to produce a spam score.
2516# This can also be the filename of a ruleset.
2517Use Custom Spam Scanner = no
2518
2519# How much of the message should be passed to the Custom Spam Scanner.
2520# Most spam tools only need the first 20kbytes of the message to determine
2521# if it is spam or not. Passing more than is necessary only slows things
2522# down.
2523# This can also be the filename of a ruleset.
2524Max Custom Spam Scanner Size = 20k
2525
2526# How long should the custom spam scanner take to run? If it takes more
2527# seconds than this, then it should be considered to have crashed and
2528# should be killed. This stops denial-of-service attacks.
2529Custom Spam Scanner Timeout = 20
2530
2531# If the Custom Spam Scanner times out more times in a row than this,
2532# then it will be marked as "unavailable" until MailScanner next re-
2533# starts itself.
2534Max Custom Spam Scanner Timeouts = 10
2535
2536# The total number of Custom Spam Scanner attempts during which "Max
2537# Custom Spam Scanner Timeouts" will cause the Custom Spam Scanner to
2538# be marked as "unavailable". See the previous comment for more information.
2539# The default values of 10 and 20 mean that 10 timeouts in any sequence of
2540# 20 attempts will trigger the behaviour described above, until the next
2541# periodic restart (see "Restart Every").
2542Custom Spam Scanner Timeout History = 20
2543
2544#
2545# What to do with spam
2546# --------------------
2547#
2548
2549# This is a list of actions to take when a message is spam.
2550# It can be any combination of the following:
2551#    deliver                 - deliver the message as normal
2552#    delete                  - delete the message
2553#    store                   - store the message in the (spam) quarantine
2554#    store-nonmcp            - store the message in the non-MCP quarantine
2555#    store-mcp               - store the message in the MCP quarantine
2556#    store-nonspam           - store the message in the non-spam quarantine
2557#    store-spam              - store the message in the spam quarantine
2558#    store-<directory-path>  - store the message in the <directory-path>
2559#    bounce                  - send a rejection message back to the sender
2560#    forward user@domain.com - forward a copy of the message to user@domain.com
2561#                              See the note below about the keywords that
2562#                              can be used.
2563#    striphtml               - convert all in-line HTML content to plain text.
2564#                              You need to specify "deliver" as well for the
2565#                              message to reach the original recipient.
2566#    attachment              - Convert the original message into an attachment
2567#                              of the message. This means the user has to take
2568#                              an extra step to open the spam, and stops "web
2569#                              bugs" very effectively.
2570#    notify                  - Send the recipients a short notification that
2571#                              spam addressed to them was not delivered. They
2572#                              can then take action to request retrieval of
2573#                              the original message if they think it was not
2574#                              spam.
2575#    header "name: value"    - Add the header
2576#                                name: value
2577#                              to the message. name must not contain any spaces.
2578#                              The "value" may contain the magic keyword "_TO_"
2579#                              anywhere in it. _TO_ will be replaced by a
2580#                              comma-separated list of the original recipients
2581#                              of the message. This is very useful if you just
2582#                              forward the message to a new address and don't
2583#                              use the "deliver" action, as otherwise the list
2584#                              of the original recipients may be lost.
2585#    custom(parameter)       - Call the CustomAction function in /usr/lib/Mail-
2586#                              Scanner/MailScanner/CustomFunctions/CustomAction
2587#                              .pm with the 'parameter' passed in. This can be
2588#                              used to implement any custom action you require.
2589#
2590# "forward" keywords
2591# ==================
2592# In an email address specified in the "forward" action, several keywords can
2593# be used which will be substituted with various properties of the message:
2594# _FROMUSER_   The left-hand side of the address of the sender.
2595# _FROMDOMAIN_ The right-hand side of the address of the sender.
2596# _TOUSER_     The left-hand side of each of the recipients in turn.
2597# _TODOMAIN_   The right-hand side of each of the recipients in turn.
2598# _DATE_       The date the message was received by MailScanner.
2599# _HOUR_       The hour the message was received by MailScanner.
2600# This means that you can forward messages to email addresses which show the
2601# original recipients of the message, which could be very useful when
2602# delivering into spam archive management systems.
2603#
2604# The default value I have set here enables Thunderbird to automatically
2605# handle spam when set to trust the "SpamAssassin" headers.
2606#
2607# This can also be the filename of a ruleset, in which case the filename
2608# must end in ".rule" or ".rules".
2609#Spam Actions = store forward anonymous@ecs.soton.ac.uk
2610Spam Actions = deliver header "X-Spam-Status: Yes"
2611
2612# This is just like the "Spam Actions" option above, except that it applies
2613# when the score from SpamAssassin is higher than the "High SpamAssassin Score"
2614# value.
2615#    deliver                 - deliver the message as normal
2616#    delete                  - delete the message
2617#    store                   - store the message in the (spam) quarantine
2618#    store-nonmcp            - store the message in the non-MCP quarantine
2619#    store-mcp               - store the message in the MCP quarantine
2620#    store-nonspam           - store the message in the non-spam quarantine
2621#    store-spam              - store the message in the spam quarantine
2622#    store-<directory-path>  - store the message in the <directory-path>
2623#    forward user@domain.com - forward a copy of the message to user@domain.com
2624#                              See the note below about the keywords that
2625#                              can be used.
2626#    striphtml               - convert all in-line HTML content to plain text.
2627#                              You need to specify "deliver" as well for the
2628#                              message to reach the original recipient.
2629#    attachment              - Convert the original message into an attachment
2630#                              of the message. This means the user has to take
2631#                              an extra step to open the spam, and stops "web
2632#                              bugs" very effectively.
2633#    notify                  - Send the recipients a short notification that
2634#                              spam addressed to them was not delivered. They
2635#                              can then take action to request retrieval of
2636#                              the original message if they think it was not
2637#                              spam.
2638#    header "name: value"    - Add the header
2639#                                name: value
2640#                              to the message. name must not contain any spaces.
2641#                              The "value" may contain the magic keyword "_TO_"
2642#                              anywhere in it. _TO_ will be replaced by a
2643#                              comma-separated list of the original recipients
2644#                              of the message. This is very useful if you just
2645#                              forward the message to a new address and don't
2646#                              use the "deliver" action, as otherwise the list
2647#                              of the original recipients may be lost.
2648#    custom(parameter)       - Call the CustomAction function in /usr/lib/Mail-
2649#                              Scanner/MailScanner/CustomFunctions/CustomAction
2650#                              .pm with the 'parameter' passed in. This can be
2651#                              used to implement any custom action you require.
2652#
2653# "forward" keywords
2654# ==================
2655# In an email address specified in the "forward" action, several keywords can
2656# be used which will be substituted with various properties of the message:
2657# _FROMUSER_   The left-hand side of the address of the sender.
2658# _FROMDOMAIN_ The right-hand side of the address of the sender.
2659# _TOUSER_     The left-hand side of each of the recipients in turn.
2660# _TODOMAIN_   The right-hand side of each of the recipients in turn.
2661# _DATE_       The date the message was received by MailScanner.
2662# _HOUR_       The hour the message was received by MailScanner.
2663# This means that you can forward messages to email addresses which show the
2664# original recipients of the message, which could be very useful when
2665# delivering into spam archive management systems.
2666#
2667# The default value I have set here enables Thunderbird to automatically
2668# handle spam when set to trust the "SpamAssassin" headers.
2669#
2670# This can also be the filename of a ruleset, in which case the filename
2671# must end in ".rule" or ".rules".
2672High Scoring Spam Actions = store
2673
2674# This is just like the "Spam Actions" option above, except that it applies
2675# to messages that are *NOT* spam.
2676#    deliver                 - deliver the message as normal
2677#    delete                  - delete the message
2678#    store                   - store the message in the (non-spam) quarantine
2679#    store-nonmcp            - store the message in the non-MCP quarantine
2680#    store-mcp               - store the message in the MCP quarantine
2681#    store-nonspam           - store the message in the non-spam quarantine
2682#    store-spam              - store the message in the spam quarantine
2683#    store-<directory-path>  - store the message in the <directory-path>
2684#    forward user@domain.com - forward a copy of the message to user@domain.com
2685#                              See the note below about the keywords that
2686#                              can be used.
2687#    striphtml               - convert all in-line HTML content to plain text
2688#    header "name: value"    - Add the header
2689#                                name: value
2690#                              to the message. name must not contain any spaces.
2691#                              The "value" may contain the magic keyword "_TO_"
2692#                              anywhere in it. _TO_ will be replaced by a
2693#                              comma-separated list of the original recipients
2694#                              of the message. This is very useful if you just
2695#                              forward the message to a new address and don't
2696#                              use the "deliver" action, as otherwise the list
2697#                              of the original recipients may be lost.
2698#    custom(parameter)       - Call the CustomAction function in /usr/lib/Mail-
2699#                              Scanner/MailScanner/CustomFunctions/CustomAction
2700#                              .pm with the 'parameter' passed in. This can be
2701#                              used to implement any custom action you require.
2702#
2703# "forward" keywords
2704# ==================
2705# In an email address specified in the "forward" action, several keywords can
2706# be used which will be substituted with various properties of the message:
2707# _FROMUSER_   The left-hand side of the address of the sender.
2708# _FROMDOMAIN_ The right-hand side of the address of the sender.
2709# _TOUSER_     The left-hand side of each of the recipients in turn.
2710# _TODOMAIN_   The right-hand side of each of the recipients in turn.
2711# _DATE_       The date the message was received by MailScanner.
2712# _HOUR_       The hour the message was received by MailScanner.
2713# This means that you can forward messages to email addresses which show the
2714# original recipients of the message, which could be very useful when
2715# delivering into spam archive management systems.
2716#
2717# The default value I have set here enables Thunderbird to automatically
2718# handle spam when set to trust the "SpamAssassin" headers.
2719#
2720# This can also be the filename of a ruleset, in which case the filename
2721# must end in ".rule" or ".rules".
2722Non Spam Actions = deliver header "X-Spam-Status: No"
2723
2724# This next setting is very powerful. It allows you to adjust the list of
2725# actions taken on a message by adding or removing any action or actions,
2726# depending on what SpamAssassin rules it matched.
2727# It can be used to replace the functionality of MCP, but without the large
2728# processing overhead that involves.
2729#
2730# The setting consists of a comma-separated list of
2731# SA_RULENAME=>action,action,...
2732# pairs, where 'SA_RULENAME' is the name of any SpamAssassin rule (or
2733# meta-rule), and 'action' is the name of any of the actions listed above
2734# the 'Spam Actions' configuration setting or the word "not-" preceding any
2735# of the action names.
2736# Preceding the action name with "not-" as in "not-deliver" or "not-forward
2737# user@domain.com" will cause the action to be removed from the list of
2738# actions that would normally be taken on this message.
2739#
2740# All of the keywords available in the "forward" action also work here.
2741#
2742# You can specify a comma-separated list of actions if you need more than 1
2743# action per rule.
2744#
2745# Example: Setting this to
2746# SpamAssassin Rule Actions = FROM_BOSS_WIFE=>not-forward secretary@domain.com
2747# would result in mail from the boss's wife not being forwarded to the boss's
2748# secretary, which would be useful if the non-spam actions for the message
2749# included forwarding to the boss's secretary.
2750#
2751# You can also trigger actions on the spam score of the message. You can
2752# compare the spam score with a number and cause this to trigger an action.
2753# For example, instead of a SA_RULENAME you can specify
2754# SpamScore>number or SpamScore>=number or SpamScore==number or
2755# SpamScore<number or SpamScore<=number
2756# where "number" is the threshold value you are comparing it against.
2757# So you could have a rule/action pair that looks like
2758#                  SpamScore>25=>delete
2759# This would cause all messages with a total spam score of more than 25 to be
2760# deleted. You can use this to implement multiple levels of spam actions in
2761# addition to the normal spam actions and the high-scoring spam actions.
2762#
2763# Combining this with a ruleset makes it even more powerful, as different
2764# recipients and/or senders can have different sets of rules applied to them.
2765#
2766# This can also be the filename of a ruleset, in which case the filename
2767# must end in ".rule" or ".rules".
2768SpamAssassin Rule Actions =
2769
2770# There are 3 reports:
2771#   Sender Spam Report         -  sent when a message triggers both a Spam
2772#                                 List and SpamAssassin,
2773#   Sender Spam List Report    -  sent when a message triggers a Spam List,
2774#   Sender SpamAssassin Report -  sent when a message triggers SpamAssassin.
2775#
2776# These can also be the filenames of rulesets.
2777Sender Spam Report         = %report-dir%/sender.spam.report.txt
2778Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
2779Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
2780
2781# If you use the 'attachment' Spam Action or High Scoring Spam Action
2782# then this is the location of inline spam report that is inserted at
2783# the top of the message.
2784Inline Spam Warning = %report-dir%/inline.spam.warning.txt
2785
2786# If you use the 'notify' Spam Action or High Scoring Spam Action then
2787# this is the location of the notification message that is sent to the
2788# original recipients of the message.
2789Recipient Spam Report = %report-dir%/recipient.spam.report.txt
2790
2791# You can use this ruleset to enable the "bounce" Spam Action.
2792# You must *only* enable this for mail from sites with which you have
2793# agreed to bounce possible spam. Use it on low-scoring spam only (<10)
2794# and only to your regular customers for use in the rare case that a
2795# message is mis-tagged as spam when it shouldn't have been.
2796# Beware that many sites will automatically delete the bounce messages
2797# created by using this option unless you have agreed this with them in
2798# advance.
2799# If you enable this, be prepared to handle the irate responses from
2800# people to whom you are essentially sending more spam!
2801Enable Spam Bounce = %rules-dir%/bounce.rules
2802
2803# When you bounce a spam message back to the sender, do you want to
2804# encapsulate it in another message, rather like the "attachment" option
2805# when delivering spam to the original recipient?
2806# NOTE: If you enable this option, be sure to whitelist your local server
2807#       ie. 127.0.0.1 as otherwise the spam bounce message will be detected
2808#       as spam again, which will cause another spam bounce and so on
2809#       until your mail queues fill up and your server crashes!
2810# This can also be the filename of a ruleset.
2811Bounce Spam As Attachment = no
2812
2813#
2814# Logging
2815# -------
2816#
2817
2818# This is the syslog "facility" name that MailScanner uses. If you don't
2819# know what a syslog facility name is, then either don't change this value
2820# or else go and read "man syslog.conf". The default value of "mail" will
2821# cause the MailScanner logs to go into the same place as all your other
2822# mail logs.
2823Syslog Facility = mail
2824
2825# Do you want to log the processing speed for each section of the code
2826# for a batch? This can be very useful for diagnosing speed problems,
2827# particularly in spam checking.
2828Log Speed = no
2829
2830# Do you want all spam to be logged? Useful if you want to gather
2831# spam statistics from your logs, but can increase the system load quite
2832# a bit if you get a lot of spam.
2833Log Spam = no
2834
2835# Do you want all non-spam to be logged? Useful if you want to see
2836# all the SpamAssassin reports of mail that was marked as non-spam.
2837# Note: It will generate a lot of log traffic.
2838Log Non Spam = no
2839
2840# Do you want to log all messages that are delivered and not delivered
2841# to the original recipients. Note that this log output will include
2842# the Subject: of the original email, so is switched off by default.
2843# In some countries, particularly the EU, it may well be illegal to log
2844# the Subject: of email messages.
2845Log Delivery And Non-Delivery = no
2846
2847# Log all the filenames that are allowed by the Filename Rules, or just
2848# the filenames that are denied?
2849# This can also be the filename of a ruleset.
2850Log Permitted Filenames = no
2851
2852# Log all the filenames that are allowed by the Filetype Rules, or just
2853# the filetypes that are denied?
2854# This can also be the filename of a ruleset.
2855Log Permitted Filetypes = no
2856
2857# Log all the filenames that are allowed by the MIME types set in Filetype
2858# Rules, or just the MIME tyes that are denied?
2859# This can also be the filename of a ruleset.
2860Log Permitted File MIME Types = no
2861
2862# Log all occurrences of "Silent Viruses" as defined above?
2863# This can only be a simple yes/no value, not a ruleset.
2864Log Silent Viruses = no
2865
2866# Log all occurrences of HTML tags found in messages, that can be blocked.
2867# This will help you build up your whitelist of message sources for which
2868# particular HTML tags should be allowed, such as mail from newsletters
2869# and daily cartoon strips.
2870# This can also be the filename of a ruleset.
2871Log Dangerous HTML Tags = no
2872
2873# Log all actions from the "SpamAssassin Rule Actions" setting?
2874# This can also be the filename of a ruleset.
2875Log SpamAssassin Rule Actions = yes
2876
2877#
2878# Advanced SpamAssassin Settings
2879# ------------------------------
2880#
2881# If you are using Postfix you may well need to use some of the settings
2882# below, as the home directory for the "postfix" user cannot be written
2883# to by the "postfix" user.
2884# You may also need to use these if you have installed SpamAssassin
2885# somewhere other than the default location.
2886#
2887
2888# SpamAssassin creates lots of temporary files as it works on messages.
2889# For speed, these should be created in a location mounted using tmpfs if
2890# you have it. MailScanner will attempt to mkdir it if necessary, so no
2891# special scripts are needed to set it up before running MailScanner.
2892# Note: If you move the "Incoming Work Dir" then you should move this too.
2893SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
2894
2895# The per-user files (bayes, auto-whitelist, user_prefs) are looked
2896# for here and in ~/.spamassassin/. Note the files are mutable.
2897# If this is unset then no extra places are searched for.
2898# If using Postfix, you probably want to set this as shown in the example
2899# line at the end of this comment, and do
2900#      mkdir /var/spool/MailScanner/spamassassin
2901#      chown postfix.postfix /var/spool/MailScanner/spamassassin
2902# NOTE: SpamAssassin is always called from MailScanner as the same user,
2903#       and that is the "Run As" user specified above. So you can only
2904#       have 1 set of "per-user" files, it's just that you might possibly
2905#       need to modify this location.
2906#       You should not normally need to set this at all.
2907#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
2908SpamAssassin User State Dir =
2909
2910# This setting is useful if SpamAssassin is installed in an unusual place,
2911# e.g. /opt/MailScanner. The install prefix is used to find some fallback
2912# directories if neither of the following two settings work.
2913# If this is set then it adds to the list of places that are searched;
2914# otherwise it has no effect.
2915#SpamAssassin Install Prefix = /opt/MailScanner
2916SpamAssassin Install Prefix =
2917
2918# The site rules are searched for here.
2919# Normal location on most systems is /etc/mail/spamassassin.
2920SpamAssassin Site Rules Dir = /etc/mail/spamassassin
2921
2922# The site-local rules are searched for here, and in prefix/etc/spamassassin,
2923# prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin,
2924# /etc/mail/spamassassin, and maybe others.
2925# Be careful of setting this: it may mean the spamassassin.conf file
2926# is missed out, you will need to insert a soft-link with "ln -s" to link
2927# the file into mailscanner.cf in the new directory.
2928# If this is set then it replaces the list of places that are searched;
2929# otherwise it has no effect.
2930#SpamAssassin Local Rules Dir = /etc/MailScanner/mail/spamassassin
2931SpamAssassin Local Rules Dir =
2932
2933# The rules created by the "sa-update" tool are searched for here.
2934# This directory contains the 3.001001/updates_spamassassin_org
2935# directory structure beneath it.
2936# Only un-comment this setting once you have proved that the sa-update
2937# cron job has run successfully and has created a directory structure under
2938# the spamassassin directory within this one and has put some *.cf files in
2939# there. Otherwise it will ignore all your current rules!
2940# The default location may be /var/opt on Solaris systems.
2941SpamAssassin Local State Dir = # /var/lib/spamassassin
2942
2943# The default rules are searched for here, and in prefix/share/spamassassin,
2944# /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others.
2945# If this is set then it adds to the list of places that are searched;
2946# otherwise it has no effect.
2947#SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin
2948SpamAssassin Default Rules Dir =
2949
2950#
2951# Database SQL Configuration Settings
2952#
2953# This section allows you to over-ride any setting in this file or its
2954# related "include"d files with a setting or a ruleset in an SQL database.
2955
2956# If you wish to read settings from a database or any other DBI-compatible
2957# data source, then this value should be set to the DBI data source name.
2958#
2959# This value is required for all of the database functions to work; if it
2960# is not supplied or is invalid, then all of the database functions will be
2961# disabled.  See the Perl DBI documentation for all available options.
2962#
2963# Example: DB DSN = DBI:DriverName:database=DataBaseName;host=Hostname;port=Port
2964DB DSN =
2965
2966# Optional username to use to connect to the data source defined by DB DSN.
2967DB Username =
2968
2969# Optional password to use to connect to the data source defined by DB DSN.
2970DB Password =
2971
2972# This should be a valid SQL statement that returns a single row of data from
2973# your data source in integer format. This value is periodically checked every
2974# 15 minutes and if it is numerically greater than the previously retrieved
2975# value then the MailScanner child will exit and reload its configuration.
2976#
2977# This setting is required for all database functions to work; if it is not
2978# defined or the SQL is invalid then all database functions will be disabled.
2979#
2980# Example:  SELECT value FROM config WHERE option='confserialnumber'
2981SQL Serial Number =
2982
2983# This should be a valid SQL statement that takes two placeholder arguments
2984# and returns a single row and column of data.  The first placeholder will
2985# contain the 'external' variable representation of the MailScanner setting
2986# being looked-up and the second placeholder will contain the hostname of the
2987# host that is requesting the data.
2988#
2989# This setting is required for all database functions to work; if it is not
2990# defined or the SQL is invalid then all database functions will be disabled.
2991#
2992# Exmaple: SQL Quick Peek = SELECT value FROM config WHERE external = ? AND host = ?
2993SQL Quick Peek =
2994
2995# This should be a valid SQL statement that has a single placeholder argument
2996# and must return two columns and one row per configuration setting.
2997# The placeholder will contain the hostname of the host requsting the data.
2998# The first column must return the 'internal' representation of the setting
2999# and the second column must return the value that should be assigned.
3000# If the value contains 'foobar.customi[zs]e' then the value is presumed to
3001# be a database ruleset and will cause the defined 'SQL Ruleset' statement to
3002# be run and will use 'foobar' as the ruleset name to retrieve the ruleset.
3003#
3004# This setting is required for all database functions to work; if it is not
3005# defined or the SQL is invalid then all database functions will be disabled.
3006#
3007# Exmaple: SQL Config = SELECT option, value FROM config WHERE host=?
3008SQL Config =
3009
3010# This should be a valid SQL statement that has a single placeholder argument
3011# and must return two columns and one or more rows.  The first column must be
3012# a numeric starting at 1 and in ascending order and the second column should
3013# be the rule string.  The placeholder will contain the ruleset name.
3014#
3015# Example: SQL Ruleset = SELECT num, rule FROM ruleset WHERE rulesetname=? ORDER BY num ASC
3016SQL Ruleset =
3017
3018# This should be a valid SQL statement that returns a single column and one
3019# or more rows.  Each row that is returned is pushed into an array and joined
3020# into a string separated by newlines and then passed into the SpamAssassin API
3021# using the {post_config_text} attribute. See the SpamAssassin API for details.
3022# The returned rows should be valid SpamAssassin configuration settings that
3023# will be processed by SpamAssassin after it has read all of normal configuration.
3024# Any errors will therefore be reported by SpamAssassin and will show up by
3025# running 'MailScanner --lint' or 'MailScanner --debug-sa'.
3026#
3027# Example:  SQL SpamAssassin Config = SELECT text FROM sa_config
3028SQL SpamAssassin Config =
3029
3030# If enabled; this will log lots of debugging output to STDERR and to syslog
3031# to help pinpoint any errors in the returned database values and will show
3032# exactly what is being processed as the data is being loaded.
3033SQL Debug = no
3034
3035#
3036# MCP (Message Content Protection)
3037# -----------------------------
3038#
3039# This scans text and HTML messages segments for any banned text, using
3040# a 2nd copy of SpamAssassin to provide the searching abilities.
3041# This 2nd copy has its own entire set of rules, preferences and settings.
3042# When used together with the patches for SpamAssassin, it can also check
3043# the content of attachments such as office documents.
3044#
3045# See https://web.archive.org/web/20150323143115/http://www.mailscanner.info/mcp.html for more info.
3046#
3047
3048MCP Checks = no
3049
3050# Do the spam checks first, or the MCP checks first?
3051# This cannot be the filename of a ruleset, only a fixed value.
3052First Check = spam
3053
3054# The rest of these options are clones of the equivalent spam options
3055MCP Required SpamAssassin Score = 1
3056MCP High SpamAssassin Score = 10
3057MCP Error Score = 1
3058
3059MCP Header = X-%org-name%-MailScanner-MCPCheck:
3060Non MCP Actions = deliver
3061MCP Actions = deliver
3062High Scoring MCP Actions = deliver
3063Bounce MCP As Attachment = no
3064
3065MCP Modify Subject = start
3066MCP Subject Text = {MCP?}
3067High Scoring MCP Modify Subject = start
3068High Scoring MCP Subject Text = {MCP?}
3069
3070Is Definitely MCP = no
3071Is Definitely Not MCP = no
3072Definite MCP Is High Scoring = no
3073Always Include MCP Report = no
3074Detailed MCP Report = yes
3075Include Scores In MCP Report = no
3076Log MCP = no
3077
3078MCP Max SpamAssassin Timeouts = 20
3079MCP Max SpamAssassin Size = 100k
3080MCP SpamAssassin Timeout = 10
3081
3082MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spamassassin.conf
3083MCP SpamAssassin User State Dir =
3084MCP SpamAssassin Local Rules Dir = %mcp-dir%
3085MCP SpamAssassin Default Rules Dir = %mcp-dir%
3086MCP SpamAssassin Install Prefix = %mcp-dir%
3087Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
3088Sender MCP Report = %report-dir%/sender.mcp.report.txt
3089
3090#
3091# Advanced Settings
3092# -----------------
3093#
3094# Don't bother changing anything below this unless you really know
3095# what you are doing, or else if MailScanner has complained about
3096# your "Minimum Code Status" setting.
3097#
3098
3099# When trying to work out the value of configuration parameters which are
3100# using a ruleset, this controls the behaviour when a rule is checking the
3101# "To:" addresses.
3102# If this option is set to "yes", then the following happens when checking
3103# the ruleset:
3104#   a) 1 recipient. Same behaviour as normal.
3105#   b) Several recipients, but all in the same domain (domain.com for example).
3106#      The rules are checked for one that matches the string "*@domain.com".
3107#   c) Several recipients, not all in the same domain.
3108#      The rules are checked for one that matches the string "*@*".
3109#
3110# If this option is set to "no", then some rules will use the result they
3111# get from the first matching rule for any of the recipients of a message,
3112# so the exact value cannot be predicted for messages with more than 1
3113# recipient.
3114#
3115# This value *cannot* be the filename of a ruleset.
3116Use Default Rules With Multiple Recipients = no
3117
3118# When working out from IP address the message was sent from,
3119# no or 0  ==> use the SMTP client address, ie. the address of the system
3120#              talking to the MailScanner server. This is the normal setting.
3121# yes or 1 ==> use the first IP address contained in the first "Received:"
3122#              header at the top of the email message's headers.
3123# Any number > 1 ==> use the first IP address contained in the n-th
3124#                    "Received:" header starting from the top of the email
3125#                    message's headers.
3126# Users of BarricadeMX should note that this setting will always be forced
3127# to 2, so it will always give you IP address of the system connecting to
3128# BarricadeMX.
3129#
3130# This is very useful when you are injecting mail into a MailScanner server
3131# using "fetchmail" as otherwise all mail will appear to be coming from the
3132# the IP address of the system running "fetchmail", and not the address the
3133# mail actually came from.
3134# You need to use this together with the "invisible" option in "fetchmail",
3135# so that "fetchmail" does not add its own "Received:" header to the start
3136# of the message.
3137#
3138# This value *cannot* be the filename of a ruleset.
3139Read IP Address From Received Header = no
3140
3141# When putting the value of the spam score of a message into the headers,
3142# how do you want to format it. If you don't know how to use sprintf() or
3143# printf() in C, please *do not modify* this value. A few examples for you:
3144# %d     ==> 12
3145# %5.2f  ==> 12.34
3146# %05.1f ==> 012.3
3147# This can also be the filename of a ruleset.
3148Spam Score Number Format = %d
3149
3150# This is the version number of the MailScanner distribution that created
3151# this configuration file. Please do not change this value.
3152MailScanner Version Number = 5.3.4
3153
3154# Do not change this unless you absolutely have to, these numbers have
3155# been carefully calculated.
3156# They affect the length of time that different types of message are
3157# stored in the SpamAssassin cache which can be configured earlier in
3158# this file (look for "Cache").
3159# The numbers are all set in seconds. They are:
3160# 1. Non-Spam cache lifetime                           = 30 minutes
3161# 2. Spam (low scoring) cache lifetime                 = 5 minutes
3162# 3. High-Scoring spam cache lifetime                  = 3 hours
3163# 4. Viruses cache lifetime                            = 2 days
3164# 5. How often to check the cache for expired messages = 10 minutes
3165SpamAssassin Cache Timings = 1800,300,10800,172800,600
3166
3167# Set Debug to "yes" to stop it running as a daemon and just process
3168# one batch of messages and then exit.
3169Debug = no
3170
3171# Do you want to debug SpamAssassin from within MailScanner?
3172Debug SpamAssassin = no
3173
3174# Set Run In Foreground to "yes" if you want MailScanner to operate
3175# normally in foreground (and not as a background daemon).
3176# Use this if you are controlling the execution of MailScanner
3177# with a tool like DJB's 'supervise' (see http://cr.yp.to/daemontools.html).
3178Run In Foreground = no
3179
3180# If you are using an LDAP server to read the configuration, these
3181# are the details required for the LDAP connection. The connection
3182# is anonymous.
3183#LDAP Server = localhost
3184#LDAP Base   = o=fsl
3185#LDAP Site   = default
3186
3187# This option is intended for people who want to log more information
3188# about messages than what is put in syslog. It is intended to be used
3189# with a Custom Function which has the side-effect of logging information,
3190# perhaps to an SQL database, or any other processing you want to do
3191# after each message is processed.
3192# Its value is completely ignored, it is purely there to have side
3193# effects.
3194# If you want to use it, read CustomConfig.pm.
3195Always Looked Up Last = no
3196
3197# This option is intended for people who want to log per-batch information.
3198# This is evaluated after the "Always Looked Up Last" configuration option
3199# for each message in the batch. This is looked up once for the entire batch.
3200# Its value is completely ignored, it is purely there to have side effects.
3201# If you want to use it, read CustomConfig.pm.
3202Always Looked Up Last After Batch = no
3203
3204# When attempting delivery of outgoing messages, should we do it in the
3205# background or wait for it to complete? The danger of doing it in the
3206# background is that the machine load goes ever upwards while all the
3207# slow sendmail processes run to completion. However, running it in the
3208# foreground may cause the mail server to run too slowly.
3209Deliver In Background = yes
3210
3211# Attempt immediate delivery of messages, or just place them in the outgoing
3212# queue for the MTA to deliver when it wants to?
3213#      batch -- attempt delivery of messages, in batches of up to 20 at once.
3214#      queue -- just place them in the queue and let the MTA find them.
3215# This can also be the filename of a ruleset. For example, you could use a
3216# ruleset here so that messages coming to you are immediately delivered,
3217# while messages going to any other site are just placed in the queue in
3218# case the remote delivery is very slow.
3219Delivery Method = batch
3220
3221# Are you using Exim with split spool directories? If you don't understand
3222# this, the answer is probably "no". Refer to the Exim documentation for
3223# more information about split spool directories.
3224Split Exim Spool = no
3225
3226# Where to put the virus scanning engine lock files.
3227# These lock files are used between MailScanner and the virus signature
3228# "autoupdate" scripts, to ensure that they aren't both working at the
3229# same time (which could cause MailScanner to let a virus through).
3230#
3231Lockfile Dir = /var/spool/MailScanner/incoming/Locks
3232
3233# Where to put the code for your "Custom Functions". No code in this
3234# directory should be over-written by the installation or upgrade process.
3235# All files starting with "." or ending with ".rpmnew" will be ignored,
3236# all other files will be compiled and may be used with Custom Functions.
3237Custom Functions Dir = /usr/share/MailScanner/perl/custom
3238
3239# How to lock spool files.
3240# Don't set this unless you *know* you need to.
3241# For sendmail, it defaults to "posix".
3242# For sendmail 8.12 and older, you will probably need to change it to flock,
3243# particularly on Linux systems.
3244# For Exim, it defaults to "posix".
3245# No other type is implemented.
3246Lock Type =
3247
3248# This is the syslog "socket type" that MailScanner uses. This should
3249# normally be left blank, and MailScanner will use the type appropriate
3250# for your operating system. The only people who may ever need to change
3251# this are some Solaris users who may want to set it to "native". Read
3252# "man Sys::Syslog" for more information. The default value depends on your
3253# operating system.
3254# This cannot be a ruleset, only a simple value.
3255Syslog Socket Type =
3256
3257# Do you want to automatically do a syntax check of the configuration files
3258# when MailScanner is started up? It will still start up, regardless, but it
3259# will print plenty of errors and warnings if anything important is wrong in
3260# your setup, instead of just logging it to your system's mail logs. It does
3261# slightly slow down the startup of MailScanner, of course, but that is only
3262# done once and so it does not really matter.
3263# This makes it easier for novice users.
3264# This cannot be a ruleset, only a simple value.
3265Automatic Syntax Check = yes
3266
3267# Minimum acceptable code stability status -- if we come across code
3268# that's not at least as stable as this, we barf.
3269# This is currently only used to check that you don't end up using untested
3270# virus scanner support code without realising it.
3271# Levels used are:
3272# none          - there may not even be any code.
3273# unsupported   - code may be completely untested, a contributed dirty hack,
3274#                 anything, really.
3275# alpha         - code is pretty well untested. Don't assume it will work.
3276# beta          - code is tested a bit. It should work.
3277# supported     - code *should* be reliable.
3278#
3279# Don't even *think* about setting this to anything other than "beta" or
3280# "supported" on a system that receives real mail until you have tested it
3281# yourself and are happy that it is all working as you expect it to.
3282# Don't set it to anything other than "supported" on a system that could
3283# ever receive important mail.
3284#
3285# READ and UNDERSTAND the above text BEFORE changing this.
3286#
3287Minimum Code Status = supported
3288
3289#
3290#
3291# Include conf.d files automatically, so you can override any of the
3292# items set above with settings in your own local configuration files.
3293# They will be read and processed in alphabetical order.
3294#
3295#
3296include /etc/MailScanner/conf.d/*
3297
3298# End Of File
3299