1# Main configuration file for the MailScanner Email Processor 2# 3# READ THIS FIRST! 4# Instead of making changes directly to this file, you should put your 5# configuration options in your own file in /etc/MailScanner/conf.d/ 6# Example file: /etc/MailScanner/conf.d/my_settings.conf 7# However, if you are changing some variable definition which is used 8# in other definitions in this file such as %org-name% in the first 9# example below, you must also either change it in this file or copy 10# all the definitions that use that variable into your own file. 11# 12# Examples: 13# 14# %org-name% = foobar 15# Max Children = 30 16# Incoming Queue Dir = /var/spool/mqueue.in 17# 18# READ THIS TOO! 19# In addition to this file you must also set your preferences in: 20# 21# /etc/MailScanner/defaults 22# 23# It's good practice to check through configuration files to make sure 24# they fit with your system and your needs, whatever you expect them to 25# contain. 26# 27# Note: If your directories are symlinked (soft-linked) in any way, 28# please put their *real* location in here, not a path that 29# includes any links. You may get some very strange error 30# messages from some of the virus scanners if you don't. 31# 32# Note for Version 4.00 and above: 33# A lot of the settings can take a ruleset as well as just simple 34# values. These rulesets are files containing rules which are applied 35# to the current message to calculate the value of the configuration 36# option. The rules are checked in the order they appear in the ruleset. 37# 38# Note for Version 4.03 and above: 39# As well as rulesets, you can now include your own functions in 40# here. Look at the directory containing Config.pm and you will find 41# CustomConfig.pm. In here, you can add your own "value" function and 42# an Initvalue function to set up any global state you need such as 43# database connections. Then for a setting below, you can put: 44# Configuration Option = &ValueFunction 45# where "ValueFunction" is the name of the function you have 46# written in CustomConfig.pm. 47# 48# Note for Version 4.54 and above: 49# Numbers can be scaled by 1 thousand, 1 million or 1 billion by 50# putting a "k", "m" or "g" immediately after the number. You must 51# *not* put any spaces between the number and the k, m or g. 52# 53# Note for Version 4.77 and above: 54# If you are going to use "host:" in rulesets, it is imperative that 55# you have a local caching name-server (DNS server). Or else using 56# "host:" in rulesets will really slow you down. 57# 58# Note for Version 4.78 and above: 59# This file now supports nested "include" statements. The syntax is 60# include filename-wildcard-here 61# where filename-wildcard-here is replaced with the full path of one 62# or more other MailScanner.conf files to be read. You can use the 63# normal shell wildcard characters such as "*". 64# For each setting, the last value read will be used by MailScanner. 65# At the end of this file, there is an "include" that will pull in 66# all the files in /etc/MailScanner/conf.d so you can just add 67# your own local changes in there, and not need to modify this file. 68# 69 70# 71# Definition of variables which are substituted into definitions below. 72# 73# You can add any %variables% that you want to use in addition to the 74# ones provided. 75# 76# You can also use any shell environment variables here such as $HOSTNAME 77# or ${HOSTNAME} in configuration settings and rulesets. See the 78# definition of "Hostname" for an example. 79# 80 81# Enter a short identifying name for your organisation below, this is 82# used to make the X-MailScanner headers unique for your organisation. 83# Multiple servers within one site should use an identical value here 84# to avoid adding multiple redundant headers where mail has passed 85# through several servers within your organisation. 86# 87# Note: Some Symantec scanners complain (incorrectly) about "." 88# ***** characters appearing in the names of headers. 89# Some other mail servers complain about "_" characters 90# appearing in the names of headers as well. 91# So don't put "." or "_" in this setting. 92# 93# **** RULE: It must not contain any spaces! **** 94%org-name% = yoursite 95 96# Enter the full name of your organisation below, this is used in the 97# signature placed at the bottom of report messages sent by MailScanner. 98# It can include pretty much any text you like. You can make the result 99# span several lines by including "\n" sequences in the text. These will 100# be replaced by line-breaks. 101%org-long-name% = Your Organisation Name Here 102 103# Enter the location of your organisation's web site below. This is used 104# in the signature placed at the bottom of report messages sent by 105# MailScanner. It should preferably be the location of a page that you 106# have written explaining why you might have rejected the mail and what 107# the recipient and/or sender should do about it. 108%web-site% = www.your-organisation.com 109 110# Configuration directory containing this file 111%etc-dir% = /etc/MailScanner 112 113# Set the directory containing all the reports in the required language 114%report-dir% = /usr/share/MailScanner/reports/en 115 116# Rulesets directory containing your ".rules" files 117%rules-dir% = /etc/MailScanner/rules 118 119# Configuration directory containing files related to MCP 120# (Message Content Protection) 121%mcp-dir% = /etc/MailScanner/mcp 122 123# One other that is set automatically for you is %version% which is, 124# unsurprisingly, the string of the MailScanner version. It does not 125# contain the build number (the "-1" on the end), but does include the rest. 126 127 128# 129# System settings 130# --------------- 131# 132 133# How many MailScanner processes do you want to run at a time? 134# There is no point increasing this figure if your MailScanner server 135# is happily keeping up with your mail traffic. 136# If you are running on a server with more than 1 CPU, or you have a 137# high mail load (and/or slow DNS lookups) then you should see better 138# performance if you increase this figure. 139# If you are running on a small system with limited RAM, you should 140# note that each child takes just over 20MB. 141# 142# As a rough guide, try 5 children per CPU. But read the notes above. 143Max Children = 5 144 145# The number of milter children to use when using the prefork dispatcher 146# This setting is ignored when using the postfork dispatcher 147Milter Max Children = 10 148 149# Dispatcher method for the milter. Options are prefork and postfork. 150# prefork spawns a predefined maximum number of children, which is suitable 151# for non-bursty and steady traffic 152# A word of caution with prefork: bursts in traffic may exhaust all children 153# and result in connection failures to the milter. Use more children or 154# consider using postfork 155# postfork spawns children as connections are made and is suitable for 156# bursty and intermittent traffic 157Milter Dispatcher = postfork 158 159# User to run as (not normally used for sendmail) 160# If you want to change the ownership or permissions of the quarantine or 161# temporary files created by MailScanner, please see the "Incoming Work" 162# settings later in this file. 163#Run As User = mail 164#Run As User = postfix 165Run As User = 166 167# Group to run as (not normally used for sendmail) 168#Run As Group = mail 169#Run As Group = postfix 170Run As Group = 171 172# How often (in seconds) should each process check the incoming mail 173# queue for new messages? If you have a quiet mail server, you might 174# want to increase this value so it causes less load on your server, at 175# the cost of slightly increasing the time taken for an average message 176# to be processed. 177Queue Scan Interval = 6 178 179# Set location of incoming mail queue 180# 181# This can be any one of 182# 1. A directory name 183# Example: /var/spool/mqueue.in 184# 2. A wildcard giving directory names 185# Example: /var/spool/mqueue.in/* 186# 3. The name of a file containing a list of directory names, 187# which can in turn contain wildcards. 188# Example: /etc/MailScanner/mqueue.in.list.conf 189# 190# If you are using sendmail and have your queues split into qf, df, xf 191# directories, then just specify the main directory, do not give me the 192# directory names of the qf,df,xf directories. 193# Example: if you have /var/spool/mqueue.in/qf 194# /var/spool/mqueue.in/df 195# /var/spool/mqueue.in/xf 196# then just tell me /var/spool/mqueue.in. I will find the subdirectories 197# automatically. 198# 199Incoming Queue Dir = /var/spool/mqueue.in 200 201# Set location of outgoing mail queue. 202# This can also be the filename of a ruleset. 203Outgoing Queue Dir = /var/spool/mqueue 204 205# Set where to unpack incoming messages before scanning them 206# This can completely safely use tmpfs or a ramdisk, which will 207# give you a significant performance improvement. 208# NOTE: The path given here must not include any links at all, 209# NOTE: but must be the absolute path to the directory. 210# NOTE: If you change this, you should change these too: 211# NOTE: SpamAssassin Temporary Dir 212# NOTE: SpamAssassin Cache Database File 213Incoming Work Dir = /var/spool/MailScanner/incoming 214 215# Set where to store infected and message attachments (if they are kept) 216# This can also be the filename of a ruleset. 217Quarantine Dir = /var/spool/MailScanner/quarantine 218 219# Set where to store the process id number so you can stop MailScanner 220# You should NOT put this in a subdirectory of /var/run else you will 221# run into problems. 222PID file = /var/run/MailScanner.pid 223 224# Set Milter PID File, if in use 225Milter PID File = /var/run/MSMilter.pid 226 227# To avoid resource leaks, re-start periodically. Forces a re-read of all 228# the configuration files too, so new updates to the bad phishing sites list 229# are read frequently. 230Restart Every = 7200 231 232# Set whether to use postfix, sendmail, exim, zmailer, or msmail (milter) 233# If you are using postfix, then see the "SpamAssassin User State Dir" 234# setting near the end of this file 235MTA = sendmail 236 237# If using msmail, define whether postfix is using long or short IDs 238MSMail Queue Type = short 239 240# MSMail delivery method 241# Scanned mail can be delivered using SMTP or QMQP 242MSMail Delivery Method = SMTP 243 244# MSMail Socket type when using QMQP 245# Can be set to unix or inet 246# This setting is ignored for SMTP delivery 247MSMail Socket Type = unix 248 249# MSMail Socket Directory when using a unix port 250# This setting is ignored for SMTP delivery 251MSMail Socket Dir = /var/spool/postfix/public/qmqp 252 253# Port msmail should deliver messages to relay 254# If using QMQP with an inet socket, this port is typically 628 255MSMail Relay Port = 25 256 257# IP Address msmail should use to deliver 258MSMail Relay Address = 127.0.0.1 259 260# Milter loopback behavior 261# When delivering scanned mail using SMTP, this prevents 262# an infinite mail loop and must be set to yes 263# When delivering scanned mail using QMQP, this can be 264# set to no to allow scanning of mail received on loopback 265# interfaces 266Milter Ignore Loopback = yes 267 268# If using the milter/msmail, this setting will activate 269# the milter scanner, which will reject mail that meets 270# certain criteria (i.e. blacklisted) 271Milter Scanner = yes 272 273# Port the milter should use 274Milter Port = 33333 275 276# IP the milter should bind 277Milter Bind = 127.0.0.1 278 279# Set how to invoke MTA when sending messages MailScanner has created 280# (e.g. to sender/recipient saying "found a virus in your message") 281# This can also be the filename of a ruleset. 282Sendmail = /usr/lib/sendmail 283 284# Sendmail2 is provided for Exim users. 285# It is the command used to attempt delivery of outgoing cleaned/disinfected 286# messages. 287# This is not usually required for sendmail. 288# This can also be the filename of a ruleset. 289#For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf 290#For sendmail users: Sendmail2 = /usr/lib/sendmail 291#Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf 292Sendmail2 = /usr/lib/sendmail 293 294# 295# Incoming Work Dir Settings 296# -------------------------- 297# 298# You should not normally need to touch these settings at all, 299# unless you are using ClamAV and need to be able to use the 300# external archive unpackers instead of ClamAV's built-in ones. 301 302# If you want to create the temporary working files so they are owned 303# by a user other than the "Run As User" setting at the top of this file, 304# you can change that here. 305# 306# Note: If the "Run As User" is not "root" you cannot change the 307# user but may still be able to change the group, if the 308# "Run As User" is a member of both of the groups "Run As Group" 309# and "Incoming Work Group" 310# Note: If the "Run As User" is "root" (or not set at all) and you are 311# using the "clamd" virus scanner AND clamd is not running as root, 312# then this must be set to the group clamd is using (from your 313# clamd.conf), example: 314# Incoming Work Group = mtagroup 315# Incoming Work Permissions = 0660 316# 317# The installer creates a group on your system called "mtagroup" 318# and adds found users from mail, clamav, postfix, exim, etc 319# to that group. This combined with Incoming Work Permissions 320# of 0660 allows file access without errors such as the 321# infamous ClamAV ./lstat() error. 322Incoming Work User = 323Incoming Work Group = mtagroup 324 325# If you want processes running under the same *group* as MailScanner to 326# be able to read the working files (and list what is in the 327# directories, of course), set to 0640. If you want *all* other users to 328# be able to read them, set to 0644. For a detailed description, if 329# you're not already familiar with it, refer to `man 2 chmod`. 330# Typical use: external helper programs of virus scanners (notably ClamAV), 331# like unpackers. 332# Use with care, you may well open security holes. 333# 334# Note: If the "Run As User" is "root" (or not set at all) and you are 335# using the "clamd" virus scanner, add the clam daemon user to 336# the group "mtagroup" and set: 337# Incoming Work Group = mtagroup 338# Incoming Work Permissions = 0660 339# 340# 0660 is useful for using a group to allow permissions across 341# your MTA and virus scanners. the installer creates mtagroup 342# and adds found users (clamav, postfix, mail, exim) to that 343# group during the install process 344Incoming Work Permissions = 0660 345 346# 347# Quarantine and Archive Settings 348# ------------------------------- 349# 350# If, for example, you are using a web interface so that users can manage 351# their quarantined files, you might want to change the ownership and 352# permissions of the quarantined so that they can be read and/or deleted 353# by the web server. 354# Don't touch this unless you know what you are doing! 355 356# If you want to create the quarantine/archive so the files are owned 357# by a user other than the "Run As User" setting at the top of this file, 358# you can change that here. 359# Note: If the "Run As User" is not "root" then you cannot change the 360# user but may still be able to change the group, if the 361# "Run As User" is a member of both of the groups "Run As Group" 362# and "Quarantine Group". 363Quarantine User = 364Quarantine Group = 365 366# If you want processes running under the same *group* as MailScanner to 367# be able to read the quarantined files (and list what is in the 368# directories, of course), set to 0640. If you want *all* other users to 369# be able to read them, set to 0644. For a detailed description, if 370# you're not already familiar with it, refer to `man 2 chmod`. 371# Typical use: let the webserver have access to the files so users can 372# download them if they really want to. 373# Use with care, you may well open security holes. 374Quarantine Permissions = 0660 375 376# 377# Processing Incoming Mail 378# ------------------------ 379# 380 381# In every batch of virus-scanning, limit the maximum 382# a) number of unscanned messages to deliver 383# b) number of potentially infected messages to unpack and scan 384# c) total size of unscanned messages to deliver 385# d) total size of potentially infected messages to unpack and scan 386 387Max Unscanned Bytes Per Scan = 100m 388Max Unsafe Bytes Per Scan = 50m 389Max Unscanned Messages Per Scan = 30 390Max Unsafe Messages Per Scan = 30 391 392# If more messages are found in the queue than this, then switch to an 393# "accelerated" mode of processing messages. This will cause it to stop 394# scanning messages in strict date order, but in the order it finds them 395# in the queue. If your queue is bigger than this size a lot of the time, 396# then some messages could be greatly delayed. So treat this option as 397# "in emergency only". 398Max Normal Queue Size = 800 399 400# If this is set to "yes", then email messages passing through MailScanner 401# will be processed and checked, and all the other options in this file 402# will be used to control what checks are made on the message. 403# 404# If this is set to "no", then email messages will NOT be processed or 405# checked *at all*, and so any viruses or other problems will be ignored. 406# 407# If this is set to "virus", then email messages will only be scanned for 408# viruses and *nothing* else. 409# 410# The purpose of this option is to set it to be a ruleset, so that you 411# can skip all scanning of mail destined for some of your users/customers 412# and still scan all the rest. 413# A sample ruleset would look like this: 414# To: bad.customer.com no 415# From: ignore.domain.com no 416# From: my.domain.com virus 417# FromOrTo: default yes 418# That will scan all mail except mail to bad.customer.com and mail from 419# ignore.domain.com. To set this up, put the 3 lines above into a file 420# called /etc/MailScanner/rules/scan.messages.rules and set the next line to 421# Scan Messages = %rules-dir%/scan.messages.rules 422# This can also be the filename of a ruleset (as illustrated above). 423Scan Messages = yes 424 425# You may not want to receive mail from certain addresses and/or to certain 426# addresses. If so, you can do this with your email transport (sendmail, 427# Postfix, etc) but that will just send a one-line message which is not 428# helpful to the user sending the message. 429# If this is set to yes, then the message set by the "Rejection Report" 430# will be sent instead, and the incoming message will be deleted. 431# If you want to store a copy of the original incoming message then use the 432# "Archive Mail" setting to archive a copy of it. 433# The purpose of this option is to set it to be a ruleset, so that you 434# can reject messages from a few offending addresses where you need to send 435# a polite reply instead of just a brief 1-line rejection message. 436Reject Message = no 437 438# Limit the number of attempts made at processing any particular message. 439# If you get a message which repeatedly crashes MailScanner, it will 440# limit the impact by ignoring the message and refusing to process it, 441# after more than the given number of attempts have been made at it. 442# Note that enabling this feature causes a slight performance hit. 443# Set this to 0 to disable the limit and the entire Processing Attempts 444# Database and its requirement for SQLite. 445# This cannot be a ruleset, only a simple value. 446Maximum Processing Attempts = 6 447 448# This is the location of the database file used to track the number of 449# times any message has been attempted. 450# To clear out the database, just delete the file, MailScanner will re- 451# create it automatically when it starts. 452Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db 453 454# The maximum number of attachments allowed in a message before it is 455# considered to be an error. Some email systems, if bouncing a message 456# between 2 addresses repeatedly, add information about each bounce as 457# an attachment, creating a message with thousands of attachments in just 458# a few minutes. This can slow down or even stop MailScanner as it uses 459# all available memory to unpack these thousands of attachments. 460# This can also be the filename of a ruleset. 461Maximum Attachments Per Message = 200 462 463# Expand TNEF attachments using an external program (or a Perl module)? 464# This should be "yes" unless the scanner you are using (Sophos, McAfee) has 465# the facility built-in. However, if you set it to "no", then the filenames 466# within the TNEF attachment will not be checked against the filename rules. 467Expand TNEF = yes 468 469# When the TNEF (winmail.dat) attachments are expanded, should the 470# attachments contained in there be added to the list of attachments in 471# the message? 472# If you set this to "add" or "replace" then recipients of messages sent 473# in "Outlook Rich Text Format" (TNEF) will be able to read the attachments 474# if they are not using Microsoft Outlook. 475# 476# no => Leave winmail.dat TNEF attachments alone. 477# add => Add the contents of winmail.dat as extra attachments, but also 478# still include the winmail.dat file itself. This will result in 479# TNEF messages being doubled in size. 480# replace => Replace the winmail.dat TNEF attachment with the files it 481# contains, and delete the original winmail.dat file itself. 482# This means the message stays the same size, but is usable by 483# non-Outlook recipients. 484# 485# This can also be the filename of a ruleset. 486Use TNEF Contents = replace 487 488# Some versions of Microsoft Outlook generate unparsable Rich Text 489# format attachments. Do we want to deliver these bad attachments anyway? 490# Setting this to yes introduces the slight risk of a virus getting through, 491# but if you have a lot of troubled Outlook users you might need to do this. 492# We are working on a replacement for the TNEF decoder. 493# This can also be the filename of a ruleset. 494Deliver Unparsable TNEF = no 495 496# Where the MS-TNEF expander is installed. 497# This is EITHER the full command (including maxsize option) that runs 498# the external TNEF expander binary, 499# OR the keyword "internal" which will make MailScanner use the Perl 500# module that does the same job. 501# They are both provided as I am unsure which one is faster and which 502# one is capable of expanding more file formats (there are plenty!). 503# 504# The --maxsize option limits the maximum size that any expanded attachment 505# may be. It helps protect against Denial Of Service attacks in TNEF files. 506# This can also be the filename of a ruleset. 507#TNEF Expander = internal 508TNEF Expander = /usr/bin/tnef --maxsize=100000000 509 510# The maximum length of time the TNEF Expander is allowed to run for 1 message. 511# (in seconds) 512TNEF Timeout = 120 513 514# Where the "file" command is installed. 515# This is used for checking the content type of files, regardless of their 516# filename. 517# To disable Filetype checking, set this value to blank. 518File Command = /usr/bin/file 519 520# The maximum length of time the "file" command is allowed to run for 1 521# batch of messages (in seconds). 522File Timeout = 20 523 524# Where the "gunzip" command is installed. 525# This is used for expanding .gz files. 526# To disable gzipped file checking, set this value to blank 527# and the timeout to 0. 528Gunzip Command = /bin/gunzip 529 530# The maximum length of time the "gunzip" command is allowed to run to expand 531# 1 attachment file (in seconds). 532Gunzip Timeout = 50 533 534# Where the "unrar" command is installed. 535# If you haven't got this command, look at www.rarlab.com. 536# 537# This is used for unpacking rar archives so that the contents can be 538# checked for banned filenames and filetypes, and also that the 539# archive can be tested to see if it is password-protected. 540# Virus scanning the contents of rar archives is still left to the virus 541# scanner, with one exception: 542# If using the clavavmodule virus scanner, this adds external RAR checking 543# to that scanner which is needed for archives which are RAR version 3. 544Unrar Command = /usr/bin/unrar 545 546# The maximum length of time the "unrar" command is allowed to run for 1 547# RAR archive (in seconds) 548Unrar Timeout = 50 549 550# Used as unpacking engine for multiple archive formats 551Un7zip Command = /usr/bin/7z 552 553# The maximum length of time the "7z" command is allowed to run for 1 554# 7zip or other 7zip compatible archive (in seconds) 555Un7zip Timeout = 50 556 557# A few viruses store their infected data in UU-encoded files, to try to 558# catch out virus scanners. This rarely succeeds at all. 559# Setting this option to yes means that you can apply filename and filetype 560# checks to the contents of UU-encoded files. This may occasionally be 561# useful, in which case you should set to yes. 562# This can also be the filename of a ruleset. 563Find UU-Encoded Files = no 564 565# The maximum size, in bytes, of any message including the headers. 566# If this is set to zero, then no size checking is done. 567# This can also be the filename of a ruleset, so you can have different 568# settings for different users. You might want to set this quite small for 569# dialup users so their email applications don't time out downloading huge 570# messages. 571Maximum Message Size = %rules-dir%/max.message.size.rules 572 573# The maximum size, in bytes, of any attachment in a message. 574# If this is set to zero, effectively no attachments are allowed. 575# If this is set less than zero, then no size checking is done. 576# This can also be the filename of a ruleset, so you can have different 577# settings for different users. You might want to set this quite small for 578# large mailing lists so they don't get deluged by large attachments. 579# This can also be the filename of a ruleset. 580Maximum Attachment Size = -1 581 582# The minimum size, in bytes, of any attachment in a message. 583# If this is set less than or equal to zero, then no size checking is done. 584# It is very useful to set this to 1 as it removes any zero-length 585# attachments which may be created by broken viruses. 586# This can also be the filename of a ruleset. 587Minimum Attachment Size = -1 588 589# The maximum depth to which zip archives, rar archives and Microsoft Office 590# documents will be unpacked, to allow for checking filenames and filetypes 591# within zip and rar archives and embedded within Office documents. 592# 593# Note: This setting does *not* affect virus scanning in archives at all. 594# 595# To disable this feature set this to 0. 596# A common useful setting is this option = 0, and Allow Password-Protected 597# Archives = no. That block password-protected archives but does not do 598# any filename/filetype checks on the files within the archive. 599# This can also be the filename of a ruleset. 600Maximum Archive Depth = 8 601 602# Find zip archives by filename or by file contents? 603# Finding them by content is a far more reliable way of finding them, but 604# it does mean that you cannot tell your users to avoid zip file checking 605# by renaming the file from ".zip" to "_zip" and tricks like that. 606# Only set this to no (i.e. check by filename only) if you don't want to 607# reliably check the contents of zip files. Note this does not affect 608# virus checking, but it will affect all the other checks done on the contents 609# of the zip file. 610# This can also be the filename of a ruleset. 611Find Archives By Content = yes 612 613# Do you want to unpack Microsoft "OLE" documents, such as *.doc, *.xls 614# and *.ppt documents? This will extract any files which have been hidden 615# by being embedded in these documents. 616# There are one or two minor bugs in the third-party code that does the 617# processing of these files, so it can cause MailScanner to hang in very 618# rare cases. 619# ClamAV has its own OLE unpacking code, so you can safely switch this off 620# if you just rely on ClamAV for your virus-scanning. Note that this will, 621# however, disabled all filename and filetype checking of embedded files. 622# This can also be the filename of a ruleset. 623Unpack Microsoft Documents = yes 624 625# Should the attachments be compressed and put into a single zip file? 626# This can also be the filename of a ruleset. 627Zip Attachments = no 628 629# If the attachments are to be compressed into a single zip file, 630# this is the filename of the zip file. 631# This can also be the filename of a ruleset. 632Attachments Zip Filename = MessageAttachments.zip 633 634# If the original total size of all the attachments to be compressed is 635# less than this number of bytes, they will not be zipped at all. 636# This can also be the filename of a ruleset. 637Attachments Min Total Size To Zip = 100k 638 639# Attachments whose filenames end in these strings will not be zipped. 640# This can also be the filename of a ruleset. 641Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml 642 643# Do you want to add the plain text contents of Microsoft Word documents? 644# This feature uses the 'antiword' program available from 645# http://www.winfield.demon.nl/ 646# For those of you running on Linux, you can get RPMs and SRPMs from 647# http://www.volny.cz/zellerin/rpmmenu.html 648# It is switched off by default, as it causes a slight performance hit. 649# This can also be the filename of a ruleset. 650Add Text Of Doc = no 651 652# Location and full command of the "antiword" program 653# Using a ruleset here, you could have different output styles for 654# different people. 655# This can also be the filename of a ruleset. 656Antiword = /usr/bin/antiword -f 657 658# The maximum length of time the "antiword" command is allowed to run for 1 659# Word document (in seconds) 660Antiword Timeout = 50 661 662# MailScanner can automatically unpack small archives, 663# so you don't have to go through several extra clicks to extract small 664# files from automatically-generated emailed archives. 665# 666# This is the maximum number of files in each archive. If an archive contains 667# more files than this, we do not try to unpack it at all. 668# Set this value to 0 to disable this feature. 669# This can also be the filename of a ruleset. 670Unzip Maximum Files Per Archive = 0 671 672# The maximum unpacked size of each file in an archive. Bigger than this, and 673# the file will not be unpacked. Setting this value to 0 will disable this 674# feature completely. 675# This can also be the filename of a ruleset. 676Unzip Maximum File Size = 50k 677 678# The list of filename extensions that should be unpacked. 679# This can also be the filename of a ruleset. 680Unzip Filenames = *.txt *.ini *.log *.csv 681 682# The MIME type of the files unpacked from the archive. 683# If you are using it for mostly text files, then use "text/plain". 684# If you are using it for mostly binary files, then use 685# "application/octet-stream". 686# This can also be the filename of a ruleset. 687Unzip MimeType = text/plain 688 689 690# 691# Virus Scanning and Vulnerability Testing 692# ---------------------------------------- 693# 694 695# Do you want to scan email for viruses? 696# A few people don't have a virus scanner licence and so want to disable 697# all the virus scanning. 698# If you use a ruleset for this setting, then the mail will be scanned if 699# *any* of the rules match (except the default). That way unscanned mail 700# never reaches a user who is having their mail virus-scanned. 701# 702# If you want to be able to switch scanning on/off for different users or 703# different domains, set this to the filename of a ruleset. 704# This can also be the filename of a ruleset. 705Virus Scanning = yes 706 707# Which Virus Scanning package(s) to use: 708# avast from www.avast.com 709# avastd the daemon version from www.avast.com 710# sophos from www.sophos.com 711# sophossavi (also from www.sophos.com, using the SAVI perl module) 712# savid (also from www.sophos.com, using the SAVID daemon) 713# bitdefender from www.bitdefender.com 714# esets from www.eset.com 715# f-secure from www.f-secure.com 716# f-secured the daemon version of f-secure from www.f-secure.com 717# f-protd-6 the daemon version of f-prot 6 from www.f-prot.com 718# clamav Removed, use clamd 719# clamavmodule Removed, use clamd 720# clamd (also from www.clamav.net using the clamd daemon) 721# *Note: read the comments above the "Incoming Work Group" setting*, 722# avg from www.grisoft.com 723# generic Other virus scanner: edit the generic-wrapper and generic-autoupdate 724# to fit your own needs. The output spec is in generic-wrapper, or 725# drweb from www.drweb.com (note: this is a commercial scanner) 726# kse Kaspersky Scan Engine from www.kaspersky.com 727# (note: this is a commercial scanner) 728# none No virus scanning at all. 729# 730# 731# Note: If you want to use multiple virus scanners, then this should be a 732# space-separated list of virus scanners. For example: 733# Virus Scanners = sophos f-prot mcafee 734# 735# Note: Make sure that you check that the base installation directory in the 736# 3rd column of virus.scanners.conf matches the location you have 737# installed each of your virus scanners. The supplied 738# virus.scanners.conf file assumes the default installation locations 739# recommended by each of the virus scanner installation guides. 740# 741# Note: If you specify "auto" then MailScanner will search for all the 742# scanners you have installed and will use all of them. If you really 743# want none, then specify "none". 744# 745# This *cannot* be the filename of a ruleset. 746Virus Scanners = auto 747 748# The maximum length of time the virus scanner is allowed to run 749# for 1 batch of messages (in seconds). 750Virus Scanner Timeout = 300 751 752# Should I attempt to disinfect infected attachments and then deliver 753# the clean ones. "Disinfection" involves removing viruses from files 754# (such as removing macro viruses from documents). "Cleaning" is the 755# replacement of infected attachments with "VirusWarning.txt" text 756# attachments. 757# Less than 1% of viruses in the wild can be successfully disinfected, 758# as macro viruses are now a rare occurrence. So the default has been 759# changed to "no" as it gives a significant performance improvement. 760# 761# This can also be the filename of a ruleset. 762Deliver Disinfected Files = no 763 764# Strings listed here will be searched for in the output of the virus scanners. 765# It is used to list which viruses should be handled differently from other 766# viruses. If a virus name is given here, then 767# 1) The sender will not be warned that he sent it 768# 2) No attempt at true disinfection will take place 769# (but it will still be "cleaned" by removing the nasty attachments 770# from the message) 771# 3) The recipient will not receive the message, 772# unless the "Still Deliver Silent Viruses" option is set 773# Other words that can be put in this list are the 5 special keywords 774# HTML-IFrame : inserting this will stop senders being warned about 775# HTML Iframe tags, when they are not allowed. 776# HTML-Codebase : inserting this will stop senders being warned about 777# HTML Object Codebase/Data tags, when they are not allowed. 778# HTML-Script : inserting this will stop senders being warned about 779# HTML Script tags, when they are not allowed. 780# HTML-Form : inserting this will stop senders being warned about 781# HTML Form tags, when they are not allowed. 782# Zip-Password : inserting this will stop senders being warned about 783# password-protected zip files, when they are not allowed. 784# This keyword is not needed if you include All-Viruses. 785# All-Viruses : inserting this will stop senders being warned about 786# any virus, while still allowing you to warn senders 787# about HTML-based attacks. This includes Zip-Password 788# so you don't need to include both. 789# 790# The default of "All-Viruses" means that no senders of viruses will be 791# notified (as the sender address is always forged these days anyway), 792# but anyone who sends a message that is blocked for other reasons will 793# still be notified. 794# 795# This can also be the filename of a ruleset. 796Silent Viruses = HTML-IFrame All-Viruses 797 798# Still deliver (after cleaning) messages that contained viruses listed 799# in the above option ("Silent Viruses") to the recipient? 800# Setting this to "yes" is good when you are testing everything, and 801# because it shows management that MailScanner is protecting them, 802# but it is bad because they have to filter/delete all the incoming virus 803# warnings. 804# 805# Note: Once you have deployed this into "production" use, you should set 806# Note: this option to "no" so you don't bombard thousands of people with 807# Note: useless messages they don't want! 808# 809# This can also be the filename of a ruleset. 810Still Deliver Silent Viruses = no 811 812# Do you want to still scan the message for spam? 813# Setting this to yes will allow a message with a 814# silent virus to proceed with spam checks and not be deleted immediately. 815# Silent viruses will be replaced with a warning message by default. 816# 817# This can be a filename of a ruleset. 818Still Scan Silent Viruses = no 819 820# If Still Deliver Silent Viruses is yes, do you want to deliver the 821# message unmodified? 822# 823# Warning: This is dangerous and should only be used if the 824# silent viruses you are targeting are safe. 825# Even so, a message could still have other viruses that could 826# come through with this setting enabled on the message payload. 827# 828# MailScanner versions <= to 5.1.3-2 actually did this by default 829# when Still Deliver Silent Viruses was set to yes. This setting exists 830# to remove this behavior by default in 5.1.4 onward. 831# 832# The subject line will still be modified if configured to do so for 833# virus infected messages, which is consistent with the old behavior. 834# 835# This can be a filename of a ruleset. 836Still Deliver Silent Viruses Unmodified = no 837 838# Strings listed here will be searched for in the output of the virus scanners. 839# It works to achieve the opposite effect of the "Silent Viruses" listed above. 840# If a string here is found in the output of the virus scanners, then the 841# message will be treated as if it were not infected with a "Silent Virus". 842# If a message is detected as both a silent virus and a non-forging virus, 843# then the ___non-forging status will override the silent status.___ 844# In simple terms, you should list virus names (or parts of them) that you 845# know do *not* forge the From address. 846# A good example of this is a document macro virus or a Joke program. 847# Another word that can be put in this list is the special keyword 848# Zip-Password : inserting this will cause senders to be warned about 849# password-protected zip files, when they are not allowed. 850# This will over-ride the All-Viruses setting in the list 851# of "Silent Viruses" above. 852# 853Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar 854 855# Some virus scanners now use their signatures to detect spam as well as 856# viruses. These "viruses" are called "spam-viruses". When they are found 857# the following header will be added to your message before it is passed to 858# SpamAssassin, listing all the "spam-viruses" that were found as a comma- 859# separated list. 860# This can also be the filename of a ruleset. 861Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: 862 863# This defines which virus reports from your virus scanners are really the 864# names of "spam-viruses" as described in the "Spam-Virus Header" section 865# above. This is a space-separated list of strings which can contain "*" 866# wildcards to mean "any string of characters", and which will match the 867# whole name of the virus reported by your virus scanner. So for example 868# "HTML/*" will match all virus names which start with the string "HTML/". 869# The supplied example is suitable for F-Prot6 and the SaneSecurity 870# databases for ClamAV. The test is case-sensitive. 871# This cannot be a ruleset, it must be a simple value as described. 872Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish* 873 874# Should encrypted messages be blocked? 875# This is useful if you are wary about your users sending encrypted 876# messages to your competition. 877# This can be a ruleset so you can block encrypted message to certain domains. 878Block Encrypted Messages = no 879 880# Should unencrypted messages be blocked? 881# This could be used to ensure all your users send messages outside your 882# company encrypted to avoid snooping of mail to your business partners. 883# This can be a ruleset so you can just check mail to certain users/domains. 884Block Unencrypted Messages = no 885 886# Should archives which contain any password-protected files be allowed? 887# Leaving this set to "no" is a good way of protecting against all the 888# protected zip files used by viruses at the moment. 889# This can also be the filename of a ruleset. 890Allow Password-Protected Archives = no 891 892# Normally, you can still get the filenames out of a password-protected 893# archive, despite the encryption. So by default filename checks are still 894# done on these files. However, some people want to suppress this checking 895# as they allow a few people to receive password-protected archives that 896# contain things such as .exe's as part of their business needs. This option 897# can be used to suppress filename checks inside password-protected archives. 898# This can also be the filename of a ruleset. 899Check Filenames In Password-Protected Archives = yes 900 901# 902# Options specific to Sophos Anti-Virus 903# ------------------------------------- 904# 905 906# Anything on the next line that appears in brackets at the end of a line 907# of output from Sophos will cause the error/infection to be ignored. 908# Use of this option is dangerous, and should only be used if you are having 909# trouble with lots of corrupt PDF files, for example. 910# If you need to specify more than 1 string to find in the error message, 911# then put each string in quotes and separate them with a comma. 912# For example: 913#Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date", "Password protected file" 914Allowed Sophos Error Messages = 915 916# The directory (or a link to it) containing all the Sophos *.ide files. 917# This is only used by the "sophossavi" virus scanner, and is irrelevant 918# for all other scanners. 919Sophos IDE Dir = /opt/sophos-av/lib/sav 920 921# The directory (or a link to it) containing all the Sophos *.so libraries. 922# This is only used by the "sophossavi" virus scanner, and is irrelevant 923# for all other scanners. 924Sophos Lib Dir = /opt/sophos-av/lib 925 926# SophosSAVI only: monitor each of these files for changes in size to 927# detect when a Sophos update has happened. The date of the Sophos Lib Dir 928# is also monitored. 929# This is only used by the "sophossavi" virus scanner, not the "sophos" 930# scanner setting. 931Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide 932 933# SophosSAVID only: location of the socket 934SAVID Socket = /var/lib/savdid/savdid.sock 935 936# 937# Options specific to ClamAV Anti-Virus 938# ------------------------------------- 939# 940 941# Removed 942# ClamAVModule only: monitor each of these files for changes in size to 943# detect when a ClamAV update has happened. 944# This is only used by the "clamavmodule" virus scanner, not the "clamav" 945# scanner setting. 946# Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd /var/lib/clamav/*.inc/* /var/lib/clamav/*.?db /var/lib/clamav/*.cvd 947 948# ClamAVModule only: set limits when scanning for viruses. 949# 950# The maximum recursion level of archives, 951# The maximum number of files per batch, 952# The maximum file of each file, 953# The maximum compression ratio of archive. 954# These settings *cannot* be the filename of a ruleset, only a simple number. 955# ClamAVmodule Maximum Recursion Level = 8 956# ClamAVmodule Maximum Files = 1000 957# ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) 958# ClamAVmodule Maximum Compression Ratio = 250 959 960# Clamd only: configuration options for using the clamd daemon. 961# 1. The port to use when communicating with clamd via TCP connection 962# 2. The Socket, or IP to use for communicating with the clamd Daemon. 963# You enter either the full path to the UNIX socket file or the IP 964# address the daemon is listening on. 965# 3. The ClamD Lock file should be created by clamd init script in most 966# cases. If it is not then the entry should be blank. 967# 4. If MailScanner is running on a system with more then 1 CPU core (or 968# more than 1 CPU) then you can set "Clamd Use Threads" to "yes" to 969# speed up the scanning, otherwise there is no advantage and it should 970# be set to "no". 971# 972# None of these options can be the filenames of rulesets, they must be just 973# simple values. 974Clamd Port = 3310 975Clamd Socket = /var/run/clamd.scan/clamd.sock 976Clamd Lock File = # /var/lock/subsys/clamd 977Clamd Use Threads = yes 978 979# There are now sets of signatures available from places such as 980# www.sanesecurity.co.uk which use ClamAV to detect spam. Some of these 981# signatures rely on being passed the whole message as one file. By setting 982# this option to "yes", each entire message is written out to the scanning 983# area, thus enabling these signatures to work reliably. 984# It has a slight speed impact but is worth it for the extra spam-spotting 985# ability. 986# 987# This option cannot be the filename of a ruleset, it must be "yes" or "no". 988ClamAV Full Message Scan = yes 989 990# 991# Options specific to F-Protd-6 Anti-Virus 992# ---------------------------------------- 993# 994# This is the port number used by the local fpscand daemon. 10200 is the 995# default value used by the F-Prot 6 installation program, and so should 996# be correct. 997# This option cannot be the filename of a ruleset, it must be a number. 998Fpscand Port = 10200 999 1000# 1001# Options specific to Kaspersky Scan Engine (kse) 1002# ----------------------------------------------- 1003# kse only: configuration options for using the kse daemon. 1004# 1. The port to use when communicating with kse via TCP connection 1005# 2. The Socket, or IP to use for communicating with the kse Daemon. 1006# You enter either the full path to the UNIX socket file or the IP 1007# address the daemon is listening on. 1008Kse Port = 9999 1009Kse Socket = /var/run/kse/kse.sock 1010 1011# Options specific to Avastd Anti-Virus 1012# ------------------------------------- 1013# This is the unix socket used by the local Avastd daemon. 1014# /var/run/avast/scan.sock is the default location 1015# This option cannot be the filename of a ruleset, it must be a path. 1016Avastd Socket = /var/run/avast/scan.sock 1017 1018# 1019# Options specific to F-Secure Anti-Virus (f-secured) 1020# --------------------------------------------------- 1021# This is the unix socket used by the local F-Secure daemon. 1022# /tmp/.fsav-0 is the default location 1023# This option cannot be the filename of a ruleset, it must be a path. 1024Fsecure Socket = /tmp/.fsav-0 1025 1026# 1027# Removing/Logging dangerous or potentially offensive content 1028# ----------------------------------------------------------- 1029# 1030 1031# Do you want to scan the messages for potentially dangerous content? 1032# Setting this to "no" will disable all the content-based checks except 1033# Virus Scanning, Allow Partial Messages and Allow External Message Bodies. 1034# This can also be the filename of a ruleset. 1035Dangerous Content Scanning = yes 1036 1037# Do you want to allow partial messages, which only contain a fraction of 1038# the attachments, not the whole thing? There is absolutely no way to 1039# scan these "partial messages" properly for viruses, as MailScanner never 1040# sees all of the attachment at the same time. Enabling this option can 1041# allow viruses through. You have been warned. 1042# This can also be the filename of a ruleset so you can, for example, allow 1043# them in outgoing mail but not in incoming mail. 1044Allow Partial Messages = no 1045 1046# Do you want to allow messages whose body is stored somewhere else on the 1047# internet, which is downloaded separately by the user's email package? 1048# There is no way to guarantee that the file fetched by the user's email 1049# package is free from viruses, as MailScanner never sees it. 1050# This feature is dangerous as it can allow viruses to be fetched from 1051# other Internet sites by a user's email package. The user would just 1052# think it was a normal email attachment and would have been scanned by 1053# MailScanner. 1054# It is only currently supported by Netscape 6 anyway, and the only people 1055# who use it are the IETF. So I would strongly advise leaving this switched off. 1056# This can also be the filename of a ruleset. 1057Allow External Message Bodies = no 1058 1059# Do you want to check for "Phishing" attacks? 1060# These are attacks that look like a genuine email message from your bank, 1061# which contain a link to click on to take you to the web site where you 1062# will be asked to type in personal information such as your account number 1063# or credit card details. 1064# Except it is not the real bank's web site at all, it is a very good copy 1065# of it run by thieves who want to steal your personal information or 1066# credit card details. 1067# These can be spotted because the real address of the link in the message 1068# is not the same as the text that appears to be the link. 1069# Note: This does cause extra load, particularly on systems receiving lots 1070# of spam such as secondary MX hosts. 1071# This can also be the filename of a ruleset. 1072Find Phishing Fraud = yes 1073 1074# While detecting "Phishing" attacks, do you also want to point out links 1075# to numeric IP addresses. Genuine links to totally numeric IP addresses 1076# are very rare, so this option is set to "yes" by default. If a numeric 1077# IP address is found in a link, the same phishing warning message is used 1078# as in the Find Phishing Fraud option above. 1079# This can also be the filename of a ruleset. 1080Also Find Numeric Phishing = yes 1081 1082# If this is set to yes, then most of the URL in a link must match the 1083# destination address it claims to take you to. This is the default as it is 1084# a much stronger test and is very hard to maliciously avoid. 1085# If this is set to no, then just the company name and country (and any 1086# names between the two, dependent on the specific country) must match. 1087# This is not as strict as it will not protect you against internal 1088# malicious sites based within the company being abused. For example, it would 1089# not find www.nasty.company-name.co.uk pretending to be 1090# www.nice.company-name.co.uk. But it will still detect most phishing attacks 1091# of the type www.nasty.co.jp versus www.nice.co.jp. 1092# Depending on the country code it knows how many levels of domain need to 1093# be checked. 1094# This can also be the filename of a ruleset. 1095Use Stricter Phishing Net = yes 1096 1097# If a phishing fraud is detected, do you want to highlight the tag with 1098# a message stating that the link may be to a fraudulent web site. 1099# This can also be the filename of a ruleeset. 1100Highlight Phishing Fraud = yes 1101 1102# Do you want to highlight links that do not show a URL to the user? 1103Highlight Hidden URLs = no 1104 1105# Do you want Highlight Phishing in mailto: links? 1106Highlight Mailto Phishing = yes 1107 1108# There are some companies, such as banks, that insist on sending out 1109# email messages with links in them that are caught by the "Find Phishing 1110# Fraud" test described above. 1111# This is a space-separated list of the names of files which contain a 1112# list of link destinations which should be ignored in the test. This may, 1113# for example, contain the known websites of some banks. 1114# See the file itself for more information. 1115# This can only be the names of the files containing the list, it *cannot* 1116# be the filename of a ruleset. 1117Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf 1118 1119# As an opposite to the "safe" list above, there is also a live continuously- 1120# updated list of known bad sites, which will always trigger the "Find 1121# Phishing Fraud" test described above. 1122# This is a space-separated list of the names of files which contain 1123# a list of link destinations which should always trigger the test. This 1124# file should be updated hourly. 1125# This can only be the name of the file containing the list, it *cannot* 1126# be the filename of a ruleset. 1127Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf 1128 1129# This file lists all the countries that use 2nd-level and 3rd-level 1130# domain names to classify distinct types of website within their country. 1131# This cannot be the name of a ruleset, it is just a simple setting. 1132Country Sub-Domains List = %etc-dir%/country.domains.conf 1133 1134# Do you want to allow <IFrame> tags in email messages? This is not a good 1135# idea as it allows various Microsoft Outlook security vulnerabilities to 1136# remain unprotected, but if you have a load of mailing lists sending them, 1137# then you will want to allow them to keep your users happy. 1138# Value: yes => Allow these tags to be in the message 1139# no => Ban messages containing these tags 1140# disarm => Allow these tags, but stop these tags from working 1141# This can also be the filename of a ruleset, so you can allow them from 1142# known mailing lists but ban them from everywhere else. 1143Allow IFrame Tags = disarm 1144 1145# Do you want to allow <Form> tags in email messages? This is a bad idea 1146# as these are used as scams to pursuade people to part with credit card 1147# information and other personal data. 1148# Value: yes => Allow these tags to be in the message 1149# no => Ban messages containing these tags 1150# disarm => Allow these tags, but stop these tags from working 1151# Note: Disarming can be defeated, it is not 100% safe! 1152# This can also be the filename of a ruleset. 1153Allow Form Tags = disarm 1154 1155# Do you want to allow <Script> tags in email messages? This is a bad idea 1156# as these are used to exploit vulnerabilities in email applications and 1157# web browsers. 1158# Value: yes => Allow these tags to be in the message 1159# no => Ban messages containing these tags 1160# disarm => Allow these tags, but stop these tags from working 1161# Note: Disarming can be defeated, it is not 100% safe! 1162# This can also be the filename of a ruleset. 1163Allow Script Tags = disarm 1164 1165# Do you want to allow <Img> tags with very small images in email messages? 1166# This is a bad idea as these are used as 'web bugs' to find out if a message 1167# has been read. It is not dangerous, it is just used to make you give away 1168# information. 1169# Value: yes => Allow these tags to be in the message 1170# disarm => Allow these tags, but stop these tags from working 1171# Note: Disarming can be defeated, it is not 100% safe! 1172# Note: You cannot block messages containing web bugs as their detection 1173# is very vulnerable to false alarms. 1174# This can also be the filename of a ruleset. 1175Allow WebBugs = disarm 1176 1177# This is a list of filenames (or parts of filenames) that may appear in 1178# the filename of a web bug URL. They are only checked in the filename, 1179# not any directories or hostnames in the URL of the possible web bug. 1180# 1181# If it appears, then the web bug is assumed to be a harmless "spacer" for 1182# page layout purposes and not a real web bug at all. 1183# It should be a space- and/or comma-separated list of filename parts. 1184# 1185# Note: Use this with care, as spammers may use this to circumvent the 1186# web bug trap. It is disabled by default because of this problem. 1187# 1188# This can also be the filename of a ruleset. 1189#Ignored Web Bug Filenames = spacer pixel.gif pixel.png 1190Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim 1191 1192# This is a list of server names (or parts of) which are known to host web 1193# bugs. All images from these hosts will be replaced by the "Web Bug 1194# Replacement" defined below. 1195# This can also be the filename of a ruleset. 1196Known Web Bug Servers = msgtag.com 1197 1198# When a web bug is found, what image do you want to replace it with? 1199# By replacing it with a real image, the page layout still works properly, 1200# so the formatting and layout of the message is correct. 1201# The following is a harmless untracked 1x1 pixel transparent image. 1202# If this is not specified, the the old value of "MailScannerWebBug" is used, 1203# which of course is not an image and may well upset layout of the email. 1204# This can also be the filename of a ruleset. 1205Web Bug Replacement = https://s3.amazonaws.com/msv5/images/spacer.gif 1206 1207# Do you want to allow <Object Codebase=...> or <Object Data=...> tags 1208# in email messages? 1209# This is a bad idea as it leaves you unprotected against various 1210# Microsoft-specific security vulnerabilities. But if your users demand 1211# it, you can do it. 1212# Value: yes => Allow these tags to be in the message 1213# no => Ban messages containing these tags 1214# disarm => Allow these tags, but stop these tags from working 1215# This can also be the filename of a ruleset, so you can allow them just 1216# for specific users or domains. 1217Allow Object Codebase Tags = disarm 1218 1219# This option interacts with the "Allow ... Tags" options above like this: 1220# 1221# Allow...Tags Convert Danger... Action Taken on HTML Message 1222# ============ ================= ============================ 1223# no no Blocked 1224# no yes Blocked 1225# disarm no Specified HTML tags disarmed 1226# disarm yes Specified HTML tags disarmed 1227# yes no Nothing, allowed to pass 1228# yes yes All HTML tags stripped 1229# 1230# If an "Allow ... Tags = yes" is triggered by a message, and this 1231# "Convert Dangerous HTML To Text" is set to "yes", then the HTML 1232# message will be converted to plain text. This makes the HTML 1233# harmless, while still allowing your users to see the text content 1234# of the messages. Note that all graphical content will be removed. 1235# 1236# This can also be the filename of a ruleset, so you can make this apply 1237# only to specific users or domains. 1238Convert Dangerous HTML To Text = no 1239 1240# Do you want to convert all HTML messages into plain text? 1241# This is very useful for users who are children or are easily offended 1242# by nasty things like pornographic spam. 1243# This can also be the filename of a ruleset, so you can switch this 1244# feature on and off for particular users or domains. 1245Convert HTML To Text = no 1246 1247# 1248# Attachment Filename Checking 1249# ---------------------------- 1250# 1251 1252# There are now 2 sets of configurations for filename and filetype checking. 1253# One set applies to files found within attachments which are archives, 1254# their names start with "Archives:". 1255# The other set of configuration options applies to normal attachments, 1256# their names do *not* start with "Archives:". 1257 1258# What sort of attachments are considered to be archives? 1259# You may well consider, for example, zip and rar files to be archives, but 1260# maybe TNEF files to not be archives as they are really just another way 1261# of supplying attachments that is only used by Microsoft Exchange and Outlook. 1262# This is a space-separated list of the types which are treated as archives. 1263# Valid keywords within this are: 1264# zip -- Zip files and Microsoft Office 2007 documents 1265# rar -- Rar archives 1266# uu -- UU-encoded files 1267# ole -- Microsoft ".doc" and ".xls" and ".ppt" files 1268# tnef -- "winmail.dat" files created by Microsoft Exchange or Outlook 1269Archives Are = zip rar ole 1270 1271# To simplify web-based configuration systems, there are now two extra 1272# settings here. They are both intended for use with normal rulesets 1273# that you would expect to find in %rules-dir%. The first gives a list 1274# of patterns to match against the attachment filenames, and a filename 1275# is allowed if it matches any of these patterns. The second gives the 1276# the equivalent list for patterns that are used to deny filenames. 1277# If either of these match at all, then filename.rules.conf is ignored 1278# for that filename. 1279# So you can easily have a set like this: 1280# Allow Filenames = \.txt$ \.pdf$ 1281# Deny Filenames = \.com$ \.exe$ \.cpl$ \.pif$ 1282# which is a lot simpler than having to handle filename.rules.conf! 1283# It is far simpler when you want to change the allowed+denied list for 1284# different domains/addresses, as you can use the filename of a simple 1285# ruleset here instead. 1286# NOTE: The filename and filetype rules are separate, so if you want to 1287# allow executable *.exe files you will need at least 1288# Allow Filenames = \.exe$ 1289# Allow Filetypes = executable 1290# to make it pass both tests. If either test denies the attachment 1291# then it will be blocked. 1292 1293# Allow any attachment filenames matching any of the patterns listed here. 1294# If this setting is empty, it is ignored and no matches are made. 1295# This can also be the filename of a ruleset. 1296Allow Filenames = 1297 1298# Deny any attachment filenames matching any of the patterns listed here. 1299# If this setting is empty, it is ignored and no matches are made. 1300# This can also be the filename of a ruleset. 1301Deny Filenames = 1302 1303# 1304# Set where to find the attachment filename ruleset. 1305# The structure of this file is explained elsewhere, but it is used to 1306# accept or reject file attachments based on their name, regardless of 1307# whether they are infected or not. 1308# 1309# This can also point to a ruleset, but the ruleset filename must end in 1310# ".rules" so that MailScanner can determine if the filename given is 1311# a ruleset or not! 1312Filename Rules = %etc-dir%/filename.rules.conf 1313 1314# To simplify web-based configuration systems, there are now two extra 1315# settings here. They are both intended for use with normal rulesets 1316# that you would expect to find in %rules-dir%. The first gives a list 1317# of patterns to match against the attachment filetypes, and a filetype 1318# is allowed if it matches any of these patterns. The second gives the 1319# the equivalent list for patterns that are used to deny filetypes. 1320# If either of these match at all, then filetype.rules.conf is ignored 1321# for that filetype. 1322# So you can easily have a set like this: 1323# Allow Filetypes = script postscript 1324# Deny Filetypes = executable MPEG 1325# Allow MIME Filetypes = text/plain text/html 1326# Deny MIME Filetypes = dosexec 1327# which is a lot simpler than having to handle filetype.rules.conf! 1328# It is far simpler when you want to change the allowed+denied list for 1329# different domains/addresses, as you can use the filetype of a simple 1330# ruleset here instead. 1331 1332# Allow any attachment filetypes matching any of the patterns listed here. 1333# If this setting is empty, it is ignored and no matches are made. 1334# This can also be the filename of a ruleset. 1335Allow Filetypes = 1336 1337# Allow any attachment MIME types matching any of the patterns listed here. 1338# If this setting is empty, it is ignored and no matches are made. 1339# This can also be the filename of a ruleset. 1340Allow File MIME Types = 1341 1342# Deny any attachment filetypes matching any of the patterns listed here. 1343# If this setting is empty, it is ignored and no matches are made. 1344# This can also be the filename of a ruleset. 1345Deny Filetypes = 1346 1347# Deny any attachment MIME types matching any of the patterns listed here. 1348# If this setting is empty, it is ignored and no matches are made. 1349# This can also be the filename of a ruleset. 1350Deny File MIME Types = 1351 1352# Set where to find the attachment filetype ruleset. 1353# The structure of this file is explained elsewhere, but it is used to 1354# accept or reject file attachments based on their content as determined 1355# by the "file" command, regardless of whether they are infected or not. 1356# 1357# This can also point to a ruleset, but the ruleset filename must end in 1358# ".rules" so that MailScanner can determine if the filename given is 1359# a ruleset or not! 1360# 1361# To disable this feature, set this to just "Filetype Rules =" or set 1362# the location of the file command to a blank string. 1363Filetype Rules = %etc-dir%/filetype.rules.conf 1364 1365# These are the equivalent of the settings above, except they apply to 1366# files which are contained within "archives", as defined by the 1367# "Archives Are" setting at the top of this section. 1368# They can all be rulesets. 1369Archives: Allow Filenames = 1370Archives: Deny Filenames = 1371Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf 1372Archives: Allow Filetypes = 1373Archives: Allow File MIME Types = 1374Archives: Deny Filetypes = 1375Archives: Deny File MIME Types = 1376Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf 1377 1378# In the "Filename Rules" and "Filetype Rules" rule files, you can 1379# say that you want particular attachment names or types to be "disarmed" 1380# by being renamed. See the sample files for examples of this. 1381# 1382# The "rename" rules in filetype.rules.conf rename attachments that match 1383# the rule according to this setting, where the string "__FILENAME__" will 1384# be replaced with the attachment's original filename. 1385# 1386# In filename.rules.conf, it is a little more complex. They can work just 1387# like the filetype rules.conf version explained in the previous paragraph, 1388# or else the "rename" instruction can also supply the replacement text. 1389# For example, a rule starting 1390# rename to .txt \.reg$ ..... 1391# will match all attachment filenames ending in ".reg" and replace the 1392# ".reg" with ".txt". 1393# 1394# The "rename" rules change the filename of the attachment as described 1395# above, so that either 1396# (a) the user cannot simply double-click on the attachment, but must save 1397# it then rename it back to its original name; only then can they 1398# double-click on the file. 1399# OR 1400# (b) the action taken when the user double-clicks on the file will be 1401# changed. In the "reg"/"txt" example above, the file will be opened 1402# for editing rather than immediately merged into the user's Windows 1403# Registry, which could have had disastrous consequences. 1404# 1405# This provides a simple safeguard so that users have to consciously 1406# think about what they are doing, and do not accidentally take actions 1407# they would probably regret. In some situations this is better than 1408# just denying the file completely, as the user can still see the attachment 1409# they were sent. 1410# 1411# This can also be the filename of a ruleset. 1412Default Rename Pattern = __FILENAME__.disarmed 1413 1414# 1415# Reports and Responses 1416# --------------------- 1417# 1418 1419# Do you want to store copies of the infected attachments and messages? 1420# This can also be the filename of a ruleset. 1421Quarantine Infections = yes 1422 1423# There is no point quarantining most viruses these days as the infected 1424# messages contain no useful content, so if you set this to "no" then no 1425# infections listed in your "Silent Viruses" setting will be quarantined, 1426# even if you have chosen to quarantine infections in general. This is 1427# currently set to "yes" so the behaviour is the same as it was in 1428# previous versions. 1429# This can also be the filename of a ruleset. 1430Quarantine Silent Viruses = no 1431 1432# Do you want to store copies of messages which have been disarmed by 1433# Denial of Service protection? 1434# This can also be the filename of a ruleset. 1435Quarantine Denial Of Service = yes 1436 1437# Do you want to ignore denial of service messages during disarming? 1438# WARNING: This does not solve pipe failures during disarming 1439# and should be used only when absolutely necessary. 1440# This can also be the filename of a ruleset. 1441Ignore Denial Of Service = no 1442 1443# Do you want to ignore QP DOS denial of service failures during disarming? 1444# WARNING: This does not solve failures during disarming 1445# and should be used only when absolutely necessary. 1446# This can also be the filename of a ruleset. 1447Ignore QP Denial Of Service Failure = no 1448 1449# Do you want to store copies of messages which have been disarmed by 1450# having their HTML modified at all? 1451# This can also be the filename of a ruleset. 1452Quarantine Modified Body = no 1453 1454# Do you want to quarantine the original *entire* message as well as 1455# just the infected attachments? 1456# This can also be the filename of a ruleset. 1457Quarantine Whole Message = no 1458 1459# When you quarantine an entire message, do you want to store it as 1460# raw mail queue files (so you can easily send them onto users) or 1461# as human-readable files (header then body in 1 file)? 1462Quarantine Whole Messages As Queue Files = no 1463 1464# Do you want to stop any virus-infected spam getting into the spam or MCP 1465# archives? If you have a system where users can release messages from the 1466# spam or MCP archives, then you probably want to stop them being able to 1467# release any infected messages, so set this to yes. 1468# It is set to no by default as it causes a small hit in performance, and 1469# many people don't allow users to access the spam quarantine, so don't 1470# need it. 1471# This can also be the filename of a ruleset. 1472Keep Spam And MCP Archive Clean = no 1473 1474# Set where to find all the strings used so they can be translated into 1475# your local language. 1476# This can also be the filename of a ruleset so you can produce different 1477# languages for different messages. 1478Language Strings = %report-dir%/languages.conf 1479 1480# Set where to find the message text sent to users who triggered the ruleset 1481# you are using with the "Reject Message" option. 1482Rejection Report = %report-dir%/rejection.report.txt 1483 1484# Set where to find the message text sent to users when one of their 1485# attachments has been deleted from a message. 1486# These can also be the filenames of rulesets. 1487Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt 1488Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt 1489Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt 1490Deleted Size Message Report = %report-dir%/deleted.size.message.txt 1491 1492# Set where to find the message text sent to users when one of their 1493# attachments has been deleted from a message and stored in the quarantine. 1494# These can also be the filenames of rulesets. 1495Stored Bad Content Message Report = %report-dir%/stored.content.message.txt 1496Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt 1497Stored Virus Message Report = %report-dir%/stored.virus.message.txt 1498Stored Size Message Report = %report-dir%/stored.size.message.txt 1499 1500# Set where to find the message text sent to users explaining about the 1501# attached disinfected documents. 1502# This can also be the filename of a ruleset. 1503Disinfected Report = %report-dir%/disinfected.report.txt 1504 1505# Set where to find the HTML and text versions that will be added to the 1506# end of all clean messages, if "Sign Clean Messages" is set. 1507# These can also be the filenames of rulesets. 1508Inline HTML Signature = %report-dir%/inline.sig.html 1509Inline Text Signature = %report-dir%/inline.sig.txt 1510 1511# When using an image in the signature, there are 2 filenames which need 1512# to be set. The first is the location in this server's filesystem of the 1513# image file itself. The second is the name of the image as it is stored in 1514# the attachment. The HTML version of the signature will refer to this 1515# second name in the HTML <img> tag. 1516# Note: the filename extension will be used as the MIME subtype, so a GIF 1517# image must end in ".gif" for example. (.jpg ==> "jpeg" as a special case) 1518# See "Attach Image To Signature" for notes on how to use this. 1519Signature Image Filename = %report-dir%/sig.jpg 1520Signature Image <img> Filename = signature.jpg 1521 1522# Set where to find the HTML and text versions that will be inserted at 1523# the top of messages that have had viruses removed from them. 1524# These can also be the filenames of rulesets. 1525Inline HTML Warning = %report-dir%/inline.warning.html 1526Inline Text Warning = %report-dir%/inline.warning.txt 1527 1528# Set where to find the messages that are delivered to the sender, when they 1529# sent an email containing either an error, banned content, a banned filename 1530# or a virus infection. 1531# These can also be the filenames of rulesets. 1532Sender Content Report = %report-dir%/sender.content.report.txt 1533Sender Error Report = %report-dir%/sender.error.report.txt 1534Sender Bad Filename Report = %report-dir%/sender.filename.report.txt 1535Sender Virus Report = %report-dir%/sender.virus.report.txt 1536Sender Size Report = %report-dir%/sender.size.report.txt 1537 1538# Hide the directory path from all virus scanner reports sent to users. 1539# The extra directory paths give away information about your setup, and 1540# tend to just confuse users. 1541# This can also be the filename of a ruleset. 1542Hide Incoming Work Dir = yes 1543 1544# Include the name of the virus scanner in each of the scanner reports. 1545# This also includes the translation of "MailScanner" in each of the report 1546# lines resulting from one of MailScanner's own checks such as filename, 1547# filetype or dangerous HTML content. To change the name "MailScanner", look 1548# in reports/...../languages.conf. 1549# 1550# Very useful if you use several virus scanners, but a bad idea if you 1551# don't want to let your customers know which scanners you use. 1552Include Scanner Name In Reports = yes 1553 1554# External Message Warning 1555# Place an inline message and the top of body when a message is from an 1556# external source. This should be a ruleset that specifies local domains 1557# that should not receive the external message signature 1558External Message Warning = %rules-dir%/external.message.rules 1559 1560# Inline external message warning 1561# Set inline external message warning 1562# This can be filenames of rulesets 1563Inline HTML External Warning = %report-dir%/inline.external.warning.html 1564Inline Text External Warning = %report-dir%/inline.external.warning.txt 1565 1566# 1567# Changes to Message Headers 1568# -------------------------- 1569# 1570 1571# Add this extra header to all mail as it is processed. 1572# This *must* include the colon ":" at the end. 1573# This can also be the filename of a ruleset. 1574Mail Header = X-%org-name%-MailScanner: 1575 1576# Add this extra header to all messages found to be spam. 1577# This can also be the filename of a ruleset. 1578Spam Header = X-%org-name%-MailScanner-SpamCheck: 1579 1580# Add this extra header if "Spam Score" = yes. The header will 1581# contain 1 character for every point of the SpamAssassin score. 1582Spam Score Header = X-%org-name%-MailScanner-SpamScore: 1583 1584# Add this extra header to all mail as it is processed. 1585# The contents is set by "Information Header Value" and is intended for 1586# you to be able to insert a help URL for your users. 1587# If you don't want an information header at all, just comment out this 1588# setting or set it to be blank. 1589# This can also be the filename of a ruleset. 1590Information Header = X-%org-name%-MailScanner-Information: 1591 1592# Do you want to add the Envelope-From: header? 1593# This is very useful for tracking where spam came from as it 1594# contains the envelope sender address. 1595# This can also be the filename of a ruleset. 1596Add Envelope From Header = yes 1597 1598# Do you want to add the Envelope-To: header? 1599# This can be useful for tracking spam destinations, but should be 1600# used with care due to possible privacy concerns with the use of 1601# Bcc: headers by users. 1602# Note also that this information can be added conditionally by using 1603# the "_TO_" word in a "header" action for Spam Actions, High Scoring 1604# Spam Actions, Non-Spam Actions and SpamAssassin Rule Actions. 1605# This can also be the filename of a ruleset. 1606Add Envelope To Header = no 1607 1608# This is the name of the Envelope From header 1609# controlled by the option above. 1610# This can also be the filename of a ruleset. 1611Envelope From Header = X-%org-name%-MailScanner-From: 1612 1613# This is the name of the Envelope To header 1614# controlled by the option above. 1615# This can also be the filename of a ruleset. 1616Envelope To Header = X-%org-name%-MailScanner-To: 1617 1618# Setting this adds the MailScanner message id number to a header 1619# in the message. If you do not want this header, just set this to be 1620# an empty string (put nothing after the '='). 1621# This can also be the filename of a ruleset. 1622ID Header = X-%org-name%-MailScanner-ID: 1623 1624# Was this message transmitted using IPv6 or IPv4 in its last hop? 1625# To stop this header appearing, set it to be blank. 1626# This can also be the filename of a ruleset. 1627IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol: 1628 1629# The character to use in the "Spam Score Header". 1630# Don't use: x as a score of 3 is "xxx" which the users will think is porn, 1631# # as it will cause confusion with comments in procmail as well 1632# as MailScanner itself, 1633# * as it will cause confusion with pattern matches in procmail, 1634# . as it will cause confusion with pattern matches in procmail, 1635# ? as it will cause the users to think something went wrong. 1636# "s" is nice and safe and stands for "spam". 1637Spam Score Character = s 1638 1639# If this option is set to yes, you will get a spam-score header saying just 1640# the value of the spam score, instead of the row of characters representing 1641# the score. 1642# This can also be the filename of a ruleset. 1643SpamScore Number Instead Of Stars = no 1644 1645# This sets the minimum number of "Spam Score Characters" which will appear 1646# if a message triggered the "Spam List" setting but received a very low 1647# SpamAssassin score. This means that people who only filter on the "Spam 1648# Stars" will still be able to catch messages which receive a very low 1649# SpamAssassin score. Set this value to 0 to disable it. 1650# This can also be the filename of a ruleset. 1651Minimum Stars If On Spam List = 0 1652 1653# Set the "Mail Header" to these values for clean/infected/disinfected messages. 1654# This can also be the filename of a ruleset. 1655Clean Header Value = Found to be clean 1656Infected Header Value = Found to be infected 1657Disinfected Header Value = Disinfected 1658 1659# Set the "Information Header" to this value. 1660# This can also be the filename of a ruleset. 1661Information Header Value = Please contact the ISP for more information 1662 1663# Do you want the full spam report, or just a simple "spam / not spam" report? 1664Detailed Spam Report = yes 1665 1666# Do you want to include the numerical scores in the detailed SpamAssassin 1667# report, or just list the names of the scores 1668Include Scores In SpamAssassin Report = yes 1669 1670# Do you want to always include the Spam Report in the SpamCheck 1671# header, even if the message wasn't spam? 1672# This can also be the filename of a ruleset. 1673Always Include SpamAssassin Report = no 1674 1675# What to do when you get several MailScanner headers in one message, 1676# from multiple MailScanner servers. Values are 1677# "append" : Append the new data to the existing header 1678# "add" : Add a new header 1679# "replace" : Replace the old data with the new data 1680# Default is "append" 1681# This can also be the filename of a ruleset. 1682Multiple Headers = append 1683 1684# Some people prefer that message headers are added in strict order with 1685# the newest headers at the top and the oldest headers at the bottom. 1686# This is also required if you receive a message which is authenticated by 1687# DKIM, and you are forwarding that message onto somewhere else, and want 1688# not to break the DKIM signature. 1689# **Note**: To avoid breaking DKIM signatures, you *must* also set 1690# Multiple Headers = add 1691# So if some of your users forward mail from PayPal, Ebay or Yahoo! to 1692# accounts stored on Gmail or Googlemail, then you need to set this to "yes" 1693# and "Multiple Headers = add" to avoid breaking the DKIM signature. 1694# It may be worth using a ruleset to just apply this to messages sent by 1695# the companies mentioned above. 1696# This can also be the filename of a ruleset. 1697Place New Headers At Top Of Message = no 1698 1699# Name of this host, or a name like "The MailScanner" if you want to hide 1700# the real hostname. It is used in the Help Desk note contained in the 1701# virus warnings sent to users. 1702# Remember you can use $HOSTNAME in here, so you might want to set it to 1703# Hostname = The %org-name% ($HOSTNAME) MailScanner 1704# This can also be the filename of a ruleset. 1705Hostname = The %org-name% ($HOSTNAME) MailScanner 1706 1707# If this is "no", then (as far as possible) messages which have already 1708# been processed by another MailScanner server will not have the clean 1709# signature added to the message. This prevents messages getting many 1710# copies of the signature as they flow through your site. 1711# This can also be the filename of a ruleset. 1712Sign Messages Already Processed = no 1713 1714# Add the "Inline HTML Signature" or "Inline Text Signature" to the end 1715# of uninfected messages? 1716# If you add your own signature in your email application, and include the 1717# magic token "_SIGNATURE_" in your email message, the signature will be 1718# inserted just there, rather than at the end of the message. 1719# This can also be the filename of a ruleset. 1720Sign Clean Messages = yes 1721 1722# If you are using HTML signatures, you can embed an image in the signature. 1723# For the filename(s) of the image, see the settings "Signature Image 1724# Filename" and "Signature Image <img> Filename". 1725# In your HTML, you must refer to the image with an HTML tag that looks like: 1726# <img alt="MailScanner Signature" src="cid:signature.jpg"> 1727# where "signature.jpg" is the name of the image set in the 1728# "Signature Image <img> Filename" setting above. If used correctly, Mail- 1729# Scanner will notice if the image is already present and not add it again. 1730# 1731# This can also be the filename of a ruleset. 1732Attach Image To Signature = no 1733 1734# Normally, you would only want to attach the image to messages with an 1735# HTML part, as plain text messages clearly cannot display an image. 1736# However, if you find some other use for this feature, you may want to 1737# attach an image to a message which is just text. 1738# See "Attach Image To Signature" for notes on how to use this. 1739# This can also be the filename of a ruleset. 1740Attach Image To HTML Message Only = yes 1741 1742# This option can be used to stop any duplication of en email signature 1743# appearing in the HTML of an email message. It looks for the "alt" 1744# attribute in the <img> tag specifying the image to be inserted in the 1745# HTML signature. If you want to use this option without inserting an image 1746# into the signature, simply specify an <img> tag without a "src" attribute. 1747# 1748# If the "alt" tag appears, and contains the word "MailScanner" and the 1749# word "Signature" and the %org-name% you specified at the top of this file, 1750# then the message is considered to already be signed. If this option is 1751# also set to "no", then it will not be signed again. Multiple image 1752# signatures at the bottom of a message can make the message very large and 1753# ugly once it has been replied to a couple of times. 1754# This can also be the filename of a ruleset. 1755Allow Multiple HTML Signatures = no 1756 1757# If any of these headers exist, then the message is actually a reply and 1758# so we may not want to sign it with an HTML signature. Plain text sig- 1759# natures will still apply, but HTML signatures, which may include an image, 1760# will not. 1761# By default, this feature is disabled by specifying no header names. 1762# This should be a space or comma-separated list of header names. 1763# This can also be the filename of a ruleset. 1764Dont Sign HTML If Headers Exist = # In-Reply-To: References: 1765 1766# Add the "Inline HTML Warning" or "Inline Text Warning" to the top of 1767# messages that have had attachments removed from them? 1768# This can also be the filename of a ruleset. 1769Mark Infected Messages = yes 1770 1771# When a message is to not be virus-scanned (which may happen depending 1772# upon the setting of "Virus Scanning", especially if it is a ruleset), 1773# do you want to add the header advising the users to get their email 1774# virus-scanned by you? 1775# Very good for advertising your MailScanning service and encouraging 1776# users to give you some more money and sign up to virus scanning. 1777# This can also be the filename of a ruleset. 1778Mark Unscanned Messages = yes 1779 1780# This is the text used by the "Mark Unscanned Messages" option above. 1781# This can also be the filename of a ruleset. 1782Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details 1783 1784# If any of these headers are included in a a message, they will be deleted. 1785# This is a space-separated list of a mixture of any combination of 1786# 1. Names of headers, optionally ending with a ':' 1787# (the ':' will be added if not supplied) 1788# 2. Regular expressions starting and ending with a '/'. 1789# These regular expressions are matched against the entire header line, 1790# not just the name of the header. 1791# **NOTE** The regular expressions must *not* contain spaces, 1792# so use '\s' instead of ' '. 1793# This is very useful for removing return-receipt requests and any headers 1794# which mean special things to your email client application. 1795# X-Mozilla-Status is bad as it allows spammers to make a message appear to 1796# have already been read, which is believed to bypass some naive spam 1797# filtering systems. 1798# Receipt requests are bad as they give any attacker confirmation that an 1799# account is active and being read. You don't want this sort of information 1800# to leak outside your corporation. So you might want to remove 1801# Disposition-Notification-To 1802# Return-Receipt-To 1803# X-Confirm-Reading-To 1804# Disposition-Notification-To 1805# Receipt-Requested-To 1806# Confirm-Reading-To 1807# MDRcpt-To 1808# MDSend-Notifications-To 1809# Smtp-Rcpt-To 1810# Return-Receipt-To 1811# Read-Receipt-To 1812# X-Confirm-Reading-To 1813# X-Acknowledge-To 1814# Delivery-Receipt-To 1815# X-PMrqc 1816# Errors-To 1817# X-IMAPBase 1818# X-IMAP 1819# X-UID 1820# Status 1821# X-Status 1822# X-UIDL 1823# X-Keywords 1824# X-Mozilla-Status 1825# X-Mozilla-Status2 1826# If you are having problems with duplicate message-id headers when you 1827# release spam from the quarantine and send it to an Exchange server, then add 1828# Message-Id. 1829# Each header should end in a ":", but MailScanner will add it if you forget. 1830# Headers should be separated by commas or spaces. 1831# This can also be the filename of a ruleset. 1832Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: 1833 1834# Do you want to deliver messages once they have been cleaned of any 1835# viruses? 1836# By making this a ruleset, you can re-create the "Deliver From Local" 1837# facility of previous versions. 1838Deliver Cleaned Messages = yes 1839 1840# 1841# Notifications back to the senders of blocked messages 1842# ----------------------------------------------------- 1843# 1844 1845# Do you want to notify the people who sent you messages containing 1846# viruses or badly-named filenames? 1847# This can also be the filename of a ruleset. 1848Notify Senders = yes 1849 1850# *If* "Notify Senders" is set to yes, do you want to notify people 1851# who sent you messages containing viruses? 1852# The default value has been changed to "no" as most viruses now fake 1853# sender addresses and therefore should be on the "Silent Viruses" list. 1854# This can also be the filename of a ruleset. 1855Notify Senders Of Viruses = no 1856 1857# *If* "Notify Senders" is set to yes, do you want to notify people 1858# who sent you messages containing attachments that are blocked due to 1859# their filename or file contents? 1860# This can also be the filename of a ruleset. 1861Notify Senders Of Blocked Filenames Or Filetypes = yes 1862 1863# *If* "Notify Senders" is set to yes, do you want to notify people 1864# who sent you messages containing attachments that are blocked due to 1865# being too small or too large? 1866# This can also be the filename of a ruleset. 1867Notify Senders Of Blocked Size Attachments = no 1868 1869# *If* "Notify Senders" is set to yes, do you want to notify people 1870# who sent you messages containing other blocked content, such as 1871# partial messages or messages with external bodies? 1872# This can also be the filename of a ruleset. 1873Notify Senders Of Other Blocked Content = yes 1874 1875# If you supply a space-separated list of message "precedence" settings, 1876# then senders of those messages will not be warned about anything you 1877# rejected. This is particularly suitable for mailing lists, so that any 1878# MailScanner responses do not get sent to the entire list. 1879Never Notify Senders Of Precedence = list bulk 1880 1881# 1882# Changes to the Subject: line 1883# ---------------------------- 1884# 1885 1886# When the message has been scanned but no other subject line changes 1887# have happened, do you want modify the subject line? 1888# This can be 1 of 4 values: 1889# no = Do not modify the subject line, or 1890# start = Add text to the start of the subject line, or 1891# end = Add text to the end of the subject line, or 1892# yes = Add text to the end of the subject line. 1893# This makes very good advertising of your MailScanning service. 1894# This can also be the filename of a ruleset. 1895Scanned Modify Subject = no # end 1896 1897# This is the text to add to the start/end of the subject line if the 1898# "Scanned Modify Subject" option is set. 1899# This can also be the filename of a ruleset. 1900Scanned Subject Text = {Scanned} 1901 1902# If the message contained a virus, do you want to modify the subject line? 1903# This can be 1 of 4 values: 1904# no = Do not modify the subject line, or 1905# start = Add text to the start of the subject line, or 1906# yes = Add text to the start of the subject line, or 1907# end = Add text to the end of the subject line. 1908# This makes filtering in Outlook very easy. 1909# This can also be the filename of a ruleset. 1910Virus Modify Subject = start 1911 1912# This is the text to add to the start of the subject if the 1913# "Virus Modify Subject" option is set. 1914# This can also be the filename of a ruleset. 1915Virus Subject Text = {Virus?} 1916 1917# If an attachment triggered a filename check, but there was nothing 1918# else wrong with the message, do you want to modify the subject line? 1919# This can be 1 of 4 values: 1920# no = Do not modify the subject line, or 1921# start = Add text to the start of the subject line, or 1922# yes = Add text to the start of the subject line, or 1923# end = Add text to the end of the subject line. 1924# This makes filtering in Outlook very easy. 1925# This can also be the filename of a ruleset. 1926Filename Modify Subject = start 1927 1928# This is the text to add to the start of the subject if the 1929# "Filename Modify Subject" option is set. 1930# You might want to change this so your users can see at a glance 1931# whether it just was just the filename that MailScanner rejected. 1932# This can also be the filename of a ruleset. 1933Filename Subject Text = {Filename?} 1934 1935# If an attachment triggered a content check, but there was nothing 1936# else wrong with the message, do you want to modify the subject line? 1937# This can be 1 of 4 values: 1938# no = Do not modify the subject line, or 1939# start = Add text to the start of the subject line, or 1940# yes = Add text to the start of the subject line, or 1941# end = Add text to the end of the subject line. 1942# This makes filtering in Outlook very easy. 1943# This can also be the filename of a ruleset. 1944Content Modify Subject = start 1945 1946# This is the text to add to the start of the subject if the 1947# "Content Modify Subject" option is set. 1948# You might want to change this so your users can see at a glance 1949# whether it just was just the content that MailScanner rejected. 1950# This can also be the filename of a ruleset. 1951Content Subject Text = {Dangerous Content?} 1952 1953# If an attachment or the entire message triggered a size check, but 1954# there was nothing else wrong with the message, do you want to modify 1955# the subject line? 1956# This can be 1 of 4 values: 1957# no = Do not modify the subject line, or 1958# start = Add text to the start of the subject line, or 1959# yes = Add text to the start of the subject line, or 1960# end = Add text to the end of the subject line. 1961# This makes filtering in Outlook very easy. 1962# This can also be the filename of a ruleset. 1963Size Modify Subject = start 1964 1965# This is the text to add to the start of the subject if the 1966# "Size Modify Subject" option is set. 1967# You might want to change this so your users can see at a glance 1968# whether it just was just the message or attachment size that 1969# MailScanner rejected. 1970# This can also be the filename of a ruleset. 1971Size Subject Text = {Size} 1972 1973# If HTML tags in the message were "disarmed" by using the HTML "Allow" 1974# options above with the "disarm" settings, do you want to modify the 1975# subject line? 1976# This can be 1 of 4 values: 1977# no = Do not modify the subject line, or 1978# start = Add text to the start of the subject line, or 1979# yes = Add text to the start of the subject line, or 1980# end = Add text to the end of the subject line. 1981# This can also be the filename of a ruleset. 1982Disarmed Modify Subject = start 1983 1984# This is the text to add to the start of the subject if the 1985# "Disarmed Modify Subject" option is set. 1986# This can also be the filename of a ruleset. 1987Disarmed Subject Text = {Disarmed} 1988 1989# If a potential phishing attack is found in the message, do you want to 1990# modify the subject line? 1991# This can be 1 of 4 values: 1992# no = Do not modify the subject line, or 1993# start = Add text to the start of the subject line, or 1994# yes = Add text to the start of the subject line, or 1995# end = Add text to the end of the subject line. 1996# This can also be the filename of a ruleset. 1997Phishing Modify Subject = no 1998 1999# This is the text to add to the start of the subject if the "Phishing 2000# Modify Subhect" option is set. 2001# This can also be the filename of a ruleset. 2002Phishing Subject Text = {Fraud?} 2003 2004# If the message is spam, do you want to modify the subject line? 2005# This can be 1 of 4 values: 2006# no = Do not modify the subject line, or 2007# start = Add text to the start of the subject line, or 2008# yes = Add text to the start of the subject line, or 2009# end = Add text to the end of the subject line. 2010# This makes filtering in Outlook very easy. 2011# This can also be the filename of a ruleset. 2012Spam Modify Subject = start 2013 2014# This is the text to add to the start of the subject if the 2015# "Spam Modify Subject" option is set. 2016# The exact string "_SCORE_" will be replaced by the numeric 2017# SpamAssassin score. 2018# The exact string "_STARS_" will be replaced by a row of stars 2019# whose length is the SpamAssassin score. 2020# This can also be the filename of a ruleset. 2021Spam Subject Text = {Spam?} 2022 2023# This is just like the "Spam Modify Subject" option above, except that 2024# it applies when the score from SpamAssassin is higher than the 2025# "High SpamAssassin Score" value. 2026# This can be 1 of 4 values: 2027# no = Do not modify the subject line, or 2028# start = Add text to the start of the subject line, or 2029# yes = Add text to the start of the subject line, or 2030# end = Add text to the end of the subject line. 2031# This can also be the filename of a ruleset. 2032High Scoring Spam Modify Subject = start 2033 2034# This is just like the "Spam Subject Text" option above, except that 2035# it applies when the score from SpamAssassin is higher than the 2036# "High SpamAssassin Score" value. 2037# The exact string "_SCORE_" will be replaced by the numeric 2038# SpamAssassin score. 2039# The exact string "_STARS_" will be replaced by a row of stars 2040# whose length is the SpamAssassin score. 2041# This can also be the filename of a ruleset. 2042High Scoring Spam Subject Text = {Spam?} 2043 2044# 2045# Changes to the Message Body 2046# --------------------------- 2047# 2048 2049# When a virus or attachment is replaced by a plain-text warning, 2050# should the warning be in an attachment? If "no" then it will be 2051# placed in-line. This can also be the filename of a ruleset. 2052Warning Is Attachment = yes 2053 2054# When a virus or attachment is replaced by a plain-text warning, 2055# and that warning is an attachment, this is the filename of the 2056# new attachment. 2057# This can also be the filename of a ruleset. 2058Attachment Warning Filename = %org-name%-Attachment-Warning.txt 2059 2060# What character set do you want to use for the attachment that 2061# replaces viruses (VirusWarning.txt)? 2062# The default is ISO-8859-1 as even Americans have to talk to the 2063# rest of the world occasionally :-) 2064# This can also be the filename of a ruleset. 2065Attachment Encoding Charset = ISO-8859-1 2066 2067# 2068# Mail Archiving and Monitoring 2069# ----------------------------- 2070# 2071 2072# Space-separated list of any combination of 2073# 1. email addresses to which mail should be forwarded, 2074# 2. directory names where you want mail to be stored, 2075# 3. file names (they must already exist unless "Missing Mail Archive Is = 2076# directory" is set below) which mail will be appended 2077# in "mbox" format suitable for importing into most mail systems. 2078# 2079# Any of the items above can contain 3 magic strings, which are subsituted 2080# as follows: 2081# _DATE_ will be replaced with the current date in yyyymmdd format. 2082# This will make archive-rolling and maintenance much easier, 2083# as you can guarantee that yesterday's mail archive will not 2084# be in active use today. 2085# _HOUR_ will be replaced with the number of the current hour, with 2086# a leading zero if necessary to make it 2 digits. 2087# _TOUSER_ will be replaced with the left-hand side of the email 2088# address of each of the recipients in turn. 2089# _TODOMAIN_ will be replaced with the right-hand side of the email 2090# address of each of the recipients in turn. 2091# _FROMUSER_ will be replaced with the left-hand side of the email 2092# address of the sender. 2093# _FROMDOMAIN_ will be replaced with the right-hand side of the email 2094# address of the sender. 2095# 2096# If you give this option a ruleset, you can control exactly whose mail 2097# is archived or forwarded. If you do this, beware of the legal implications 2098# as this could be deemed to be illegal interception unless the police have 2099# asked you to do this. 2100# 2101# Note: This setting still works even if "Scan Messages" is no. 2102# 2103#Archive Mail = /var/spool/MailScanner/archive 2104Archive Mail = 2105 2106# If a location specified in "Archive Mail" is not found, should it assume 2107# that the location is a file or a directory name? 2108# Before this option was added, it was always assumed to be a directory. 2109# However, if the _FROMUSER_, _FROMDOMAIN_, _TOUSER_, _TODOMAIN_, _DATE_ 2110# or _HOUR_ tokens are used in the name of the location, it might be 2111# useful to store the messages in an mbox file containing the address of 2112# the recipient. 2113# 2114# This can also be the filename of a ruleset. 2115Missing Mail Archive Is = directory 2116 2117# 2118# Notices to System Administrators 2119# -------------------------------- 2120# 2121 2122# Notify the local system administrators ("Notices To") when any infections 2123# are found? 2124# This can also be the filename of a ruleset. 2125Send Notices = yes 2126 2127# Include the full headers of each message in the notices sent to the local 2128# system administrators? 2129# This can also be the filename of a ruleset. 2130Notices Include Full Headers = yes 2131 2132# Hide the directory path from all the system administrator notices. 2133# The extra directory paths give away information about your setup, and 2134# tend to just confuse users but are still useful for local sys admins. 2135# This can also be the filename of a ruleset. 2136Hide Incoming Work Dir in Notices = no 2137 2138# What signature to add to the bottom of the notices. 2139# To insert a line-break in there, use the sequence "\n". 2140Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info 2141 2142# The visible part of the email address used in the "From:" line of the 2143# notices. The <user@domain> part of the email address is set to the 2144# "Local Postmaster" setting. 2145Notices From = MailScanner 2146 2147# Where to send the notices. 2148# This can also be the filename of a ruleset. 2149Notices To = postmaster 2150 2151# Address of the local Postmaster, which is used as the "From" address in 2152# virus warnings sent to users. 2153# This can also be the filename of a ruleset. 2154Local Postmaster = postmaster 2155 2156# 2157# Spam Detection and Virus Scanner Definitions 2158# -------------------------------------------- 2159# 2160 2161# This is the name of the file that translates the names of the "Spam List" 2162# values to the real DNS names of the spam blacklists. 2163Spam List Definitions = %etc-dir%/spam.lists.conf 2164 2165# This is the name of the file that translates the names of the virus 2166# scanners into the commands that have to be run to do the actual scanning. 2167Virus Scanner Definitions = %etc-dir%/virus.scanners.conf 2168 2169# 2170# Spam Detection and Spam Lists (DNS blocklists) 2171# ---------------------------------------------- 2172# 2173 2174# Do you want to check messages to see if they are spam? 2175# Note: If you switch this off then *no* spam checks will be done at all. 2176# This includes both MailScanner's own checks and SpamAssassin. 2177# If you want to just disable the "Spam List" feature then set 2178# "Spam List =" (i.e. an empty list) in the setting below. 2179# This can also be the filename of a ruleset. 2180Spam Checks = yes 2181 2182# This is the list of spam blacklists (RBLs) which you are using. 2183# See the "Spam List Definitions" file for more information about what 2184# you can put here. For example: 2185# Spam List = BARRACUDA SORBS SPAMHAUS SPAMCOP 2186# but read the comments in the "Spam List Definitions" file. 2187# This can also be the filename of a ruleset. 2188Spam List = 2189 2190# This is the list of spam domain blacklists which you are using 2191# (such as the "rfc-ignorant" domains). See the "Spam List Definitions" 2192# file for more information about what you can put here. 2193# This can also be the filename of a ruleset. 2194Spam Domain List = 2195 2196# If a message appears in at least this number of "Spam Lists" (as defined 2197# above), then the message will be treated as spam and so the "Spam 2198# Actions" will happen, unless the message reaches the levels for "High 2199# Scoring Spam". By default this is set to 1 to mimic the previous 2200# behaviour, which means that appearing in any "Spam Lists" will cause 2201# the message to be treated as spam. 2202# This can also be the filename of a ruleset. 2203Spam Lists To Be Spam = 1 2204 2205# If a message appears in at least this number of "Spam Lists" (as defined 2206# above), then the message will be treated as "High Scoring Spam" and so 2207# the "High Scoring Spam Actions" will happen. You probably want to set 2208# this to 2 if you are actually using this feature. 5 is high enough that 2209# it will never happen unless you use lots of "Spam Lists". 2210# This can also be the filename of a ruleset. 2211Spam Lists To Reach High Score = 3 2212 2213# If an individual "Spam List" or "Spam Domain List" check takes longer 2214# that this (in seconds), the check is abandoned and the timeout noted. 2215Spam List Timeout = 10 2216 2217# Postfix/Exim only: (yes/no) 2218# If an user sends a mails after authenticating to the local mta 2219# this option disables the rbl checks if set to "yes". If set to "no" or not 2220# defined the rbl check will be executed even when the user is authenticated. 2221Spam List Skip If Authenticated = no 2222 2223# The maximum number of timeouts caused by any individual "Spam List" or 2224# "Spam Domain List" before it is marked as "unavailable". Once marked, 2225# the list will be ignored until the next automatic re-start (see 2226# "Restart Every" for the longest time it will wait). 2227# This can also be the filename of a ruleset. 2228Max Spam List Timeouts = 7 2229 2230# The total number of Spam List attempts during which "Max Spam List Timeouts" 2231# will cause the spam list fo be marked as "unavailable". See the previous 2232# comment for more information. 2233# The default values of 5 and 10 mean that 5 timeouts in any sequence of 10 2234# attempts will cause the list to be marked as "unavailable" until the next 2235# periodic restart (see "Restart Every"). 2236Spam List Timeouts History = 10 2237 2238# Spam Whitelist: 2239# Make this point to a ruleset, and anything in that ruleset whose value 2240# is "yes" will *never* be marked as spam. 2241# The whitelist check is done before the blacklist check. If anyone whitelists 2242# a message, then all recipients get the message. If no-one has whitelisted it, 2243# then the blacklist is checked. 2244# This setting over-rides the "Is Definitely Spam" setting. 2245# This can also be the filename of a ruleset. 2246#Is Definitely Not Spam = no 2247Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules 2248 2249# Spam Blacklist: 2250# Make this point to a ruleset, and anything in that ruleset whose value 2251# is "yes" will *always* be marked as spam. 2252# This value can be over-ridden by the "Is Definitely Not Spam" setting. 2253# This can also be the filename of a ruleset. 2254Is Definitely Spam = no 2255 2256# Setting this to yes means that spam found in the blacklist is treated 2257# as "High Scoring Spam" in the "Spam Actions" section below. Setting it 2258# to no means that it will be treated as "normal" spam. 2259# This can also be the filename of a ruleset. 2260Definite Spam Is High Scoring = no 2261 2262# Spammers have learnt that they can get their message through by sending 2263# a message with lots of recipients, one of which chooses to whitelist 2264# everything coming to them, including the spammer. 2265# So if a message arrives with more than this number of recipients, ignore 2266# the "Is Definitely Not Spam" whitelist. 2267Ignore Spam Whitelist If Recipients Exceed = 20 2268 2269# Spammers do not have the power to send out huge messages to everyone as 2270# it costs them too much (more smaller messages makes more profit than less 2271# very large messages). So if a message is bigger than a certain size, it 2272# is highly unlikely to be spam. Limiting this saves a lot of time checking 2273# huge messages. 2274# Disable this option by setting it to a huge value. 2275# This is measured in bytes. 2276# This can also be the filename of a ruleset. 2277Max Spam Check Size = 200k 2278 2279 2280# 2281# Watermarking 2282# ------------ 2283# 2284 2285# Do you want to use the watermarking features at all? 2286# Setting this to "no" will disable the whole of this section. 2287Use Watermarking = no 2288 2289# Do you want to add a watermark to each email message? 2290# Setting this enables delivery error messages to be identified as yours 2291# so you want to see them. Delivery error messages without valid watermarks 2292# are treated as spam (or whatever you set below), as you probably don't 2293# want to see them. Spammers can send vast quantities of spam claiming to 2294# come from you so that you get all the delivery errors (known as a "joe-job" 2295# attack). 2296# This can also be the filename of a ruleset. 2297Add Watermark = yes 2298 2299# Do you want to check watermarks? 2300# This can also be the filename of a ruleset. 2301Check Watermarks With No Sender = yes 2302 2303# If the message has an invalid watermark and no sender address, then it 2304# is a delivery error (DSN) for a message which didn't come from us. 2305# Delivery errors have no sender address. 2306# So we probably want to treat it as spam, or high-scoring spam. 2307# This option can take one of 5 values: 2308# "delete", 2309# "spam", 2310# "high-scoring spam", 2311# "nothing" or 2312# a number greater than 0. 2313# If it is set to "delete", then the message is deleted and no further action 2314# is taken. 2315# If it is set to a number, then that is added to the message's spam score 2316# and it's spam status is updated accordingly. 2317# If you set it to "nothing" then there probably isn't much 2318# point in checking watermarks at all. But it could still be useful in 2319# rulesets and Custom Functions. 2320# This can also be the filename of a ruleset. 2321Treat Invalid Watermarks With No Sender as Spam = nothing 2322 2323# Enable this feature if you have more then one Mailscanner installation 2324# (or you have a trust relationship with another Mailscanner user). An 2325# example would be a secondary MX with MailScanner installed which relays 2326# to the primary MX for delivery. For this to work you need to use the 2327# same value for "Watermark Header", and have the same "Watermark Secret". 2328# 2329# This could be achieved by using a ruleset. 2330# 2331# This feature skips Spam Checks if the Watermark is trusted. The trust 2332# only works between servers so will not apply to replies to emails. 2333# 2334# If the Watermark has expired or is invalid then the message is processed 2335# as normal. 2336# This can also be the filename of a ruleset. 2337Check Watermarks To Skip Spam Checks = yes 2338 2339# This is the secret key used in the watermark calculations to ensure 2340# that the watermark can't be spoofed. It should be set to the same value 2341# on all the MailScanners in your organisation. 2342# 2343# Note: YOU SHOULD CHANGE THIS TO SOMETHING SECRET! 2344# 2345# This can also be the filename of a ruleset. 2346Watermark Secret = %org-name%-Secret 2347 2348# This sets the lifetime of a watermark. Set it to the maximum length of 2349# time that you want to allow for delivery errors to be delivered. 2350# Most sites set their delivery timeouts to less than 7 days, so that is 2351# a reasonable value to use. 2352# This time is measured in seconds. 7 days = 604800 seconds. 2353# This can also be the filename of a ruleset. 2354Watermark Lifetime = 604800 2355 2356# This sets the name of the Watermark header. Good to make sure this is 2357# customised for your site, as you don't want to be reading other people's 2358# watermarks. 2359# This can also be the filename of a ruleset. 2360Watermark Header = X-%org-name%-MailScanner-Watermark: 2361 2362 2363# 2364# SpamAssassin 2365# ------------ 2366# 2367 2368# Do you want to find spam using the "SpamAssassin" package? 2369# This can also be the filename of a ruleset. 2370Use SpamAssassin = yes 2371 2372# SpamAssassin is not very fast when scanning huge messages, so messages 2373# bigger than this value will be truncated to this length for SpamAssassin 2374# testing. The original message will not be affected by this. This value 2375# is a good compromise as very few spam messages are bigger than this. 2376# 2377# Now for the options: 2378# 1) <length of data in bytes> 2379# 2) <length of data in bytes> trackback 2380# 3) <length of data in bytes> continue <max extra bytes allowed> 2381# 2382# 1) Put in a simple number. 2383# This will be the simple cut-off point for messages that are larger than 2384# this number. 2385# 2) Put in a number followed by 'trackback'. 2386# Once the size limit is reached, MailScanner reverses towards the start 2387# of the message, until it hits a line that is blank. The message passed 2388# to SpamAssassin is truncated there. This stops any part-images being 2389# passed to SpamAssassin, and so avoids rules which trigger on this. 2390# 3) Put in a number followed by 'continue' followed by another number. 2391# Once the size limit is reached, MailScanner continues adding to the data 2392# passed to SpamAssassin, until at most the 2nd number of bytes have been 2393# added looking for a blank line. This tries to complete the image data 2394# that has been started when the 1st number of bytes has been reached, 2395# while imposing a limit on the amount that can be added (to avoid attacks). 2396# 2397# If all this confuses you, just leave it alone at "40k" as that is good. 2398Max SpamAssassin Size = 200k 2399 2400# This replaces the SpamAssassin configuration value 'required_hits'. 2401# If a message achieves a SpamAssassin score higher than this value, 2402# it is spam. See also the High SpamAssassin Score configuration option. 2403# This can also be the filename of a ruleset, so the SpamAssassin 2404# required_hits value can be set to different values for different messages. 2405Required SpamAssassin Score = 6 2406 2407# If a message achieves a SpamAssassin score higher than this value, 2408# then the "High Scoring Spam Actions" are used. You may want to use 2409# this to deliver moderate scores, while deleting very high scoring messsages. 2410# This can also be the filename of a ruleset. 2411High SpamAssassin Score = 10 2412 2413# Set this option to "yes" to enable the automatic whitelisting functions 2414# available within SpamAssassin. This will cause addresses from which you 2415# get real mail, to be marked so that it will never incorrectly spam-tag 2416# messages from those addresses. 2417# To disable whitelisting, you must set "use_auto_whitelist 0" in your 2418# spamassassin.conf file as well as set this to no. 2419SpamAssassin Auto Whitelist = yes 2420 2421# If SpamAssassin takes longer than this (in seconds), the check is 2422# abandoned and the timeout noted. 2423SpamAssassin Timeout = 75 2424 2425# If SpamAssassin times out more times in a row than this, then it will be 2426# marked as "unavailable" until MailScanner next re-starts itself. 2427# This means that remote network failures causing SpamAssassin trouble will 2428# not mean your mail stops flowing. 2429Max SpamAssassin Timeouts = 10 2430 2431# The total number of SpamAssassin attempts during which "Max SpamAssassin 2432# Timeouts" will cause SpamAssassin to stop doing all network-based tests. 2433# If double the timeout value is reached (i.e. it continues to timeout at 2434# the same frequency as before) then it is marked as "unavailable". 2435# See the previous comment for more information. 2436# The default values of 10 and 20 mean that 10 timeouts in any sequence of 2437# 20 attempts will trigger the behaviour described above, until the next 2438# periodic restart (see "Restart Every"). 2439SpamAssassin Timeouts History = 30 2440 2441# If the message sender is on any of the Spam Lists, do you still want 2442# to do the SpamAssassin checks? Setting this to "no" will reduce the load 2443# on your server, but will stop the High Scoring Spam Actions from ever 2444# happening. 2445# This can also be the filename of a ruleset. 2446Check SpamAssassin If On Spam List = yes 2447 2448# Normally, SpamAssassin skips over all non-text attachments and does not 2449# scan them for indications that the message is spam. 2450# This setting over-rides that behaviour, telling SpamAssassin to scan all 2451# attachments regardless of type. This can be very useful for spotting rude 2452# and derogatory content in Microsoft Word documents, for example. 2453# However, it does slightly slow SpamAssassin and so is disabled by default. 2454# Setting this to "yes" will have no effect without a small patch to the 2455# SpamAssassin code. 2456# This can also be the filename of a ruleset. 2457Include Binary Attachments In SpamAssassin = no 2458 2459# Do you want to include the "Spam Score" header. This shows 1 character 2460# (Spam Score Character) for every point of the SpamAssassin score. This 2461# makes it very easy for users to be able to filter their mail using 2462# whatever SpamAssassin threshold they want. For example, they just look 2463# for "sssss" for every message whose score is > 5, for example. 2464# This can also be the filename of a ruleset. 2465Spam Score = yes 2466 2467# Many naive spammers send out the same message to lots of people. 2468# These messages are very likely to have roughly the same SpamAssassin score. 2469# For extra speed, cache the SpamAssassin results for the messages 2470# being processed so that you only call SpamAssassin once for all of the 2471# messages. 2472# If you set this to "no" then the entire SpamAssassin Cache Database File 2473# is not used, along with its requirement for SQLite. 2474# This can also be the filename of a ruleset. 2475Cache SpamAssassin Results = yes 2476 2477# The SpamAssassin cache uses a database file which needs to be writable 2478# by the MailScanner "Run As User". This file will be created and setup for 2479# you automatically when MailScanner is started. 2480# Note: If you move the "Incoming Work Dir" then you should move this too. 2481# Note: you will also need to update /usr/sbin/ms-sa-cache 2482SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db 2483 2484# If you are using the Bayesian statistics engine on a busy server, 2485# you may well need to force a Bayesian database rebuild and expiry 2486# at regular intervals. This is measures in seconds. 2487# 1 day = 86400 seconds. 2488# To disable this feature set this to 0. 2489# Note: If you enable this feature, set "bayes_auto_expire 0" in 2490# spam.assasssin.prefs.conf which you will find in the same 2491# directory as this file. 2492Rebuild Bayes Every = 0 2493 2494# The Bayesian database rebuild and expiry may take a 2 or 3 minutes 2495# to complete. During this time you can either wait, or simply 2496# disable SpamAssassin checks until it has completed. 2497Wait During Bayes Rebuild = no 2498 2499# 2500# Custom Spam Scanner Plugin 2501# -------------------------- 2502# 2503 2504# Use the Custom Spam Scanner. This is code you will have to write yourself, 2505# a function called "GenericSpamScanner" stored in the file 2506# MailScanner/lib/MailScanner/CustomFunctions/GenericSpamScanner.pm 2507# It will be passed 2508# $IP - the numeric IP address of the system on the remote end 2509# of the SMTP connections 2510# $From - the address of the envelope sender of the message 2511# $To - a perl reference to the envelope recipients of the message 2512# $Message - a perl reference to the list of line of the message 2513# A sample function is given in the correct file in the distribution. 2514# This sample function also includes code to show you how to make it run 2515# an external program to produce a spam score. 2516# This can also be the filename of a ruleset. 2517Use Custom Spam Scanner = no 2518 2519# How much of the message should be passed to the Custom Spam Scanner. 2520# Most spam tools only need the first 20kbytes of the message to determine 2521# if it is spam or not. Passing more than is necessary only slows things 2522# down. 2523# This can also be the filename of a ruleset. 2524Max Custom Spam Scanner Size = 20k 2525 2526# How long should the custom spam scanner take to run? If it takes more 2527# seconds than this, then it should be considered to have crashed and 2528# should be killed. This stops denial-of-service attacks. 2529Custom Spam Scanner Timeout = 20 2530 2531# If the Custom Spam Scanner times out more times in a row than this, 2532# then it will be marked as "unavailable" until MailScanner next re- 2533# starts itself. 2534Max Custom Spam Scanner Timeouts = 10 2535 2536# The total number of Custom Spam Scanner attempts during which "Max 2537# Custom Spam Scanner Timeouts" will cause the Custom Spam Scanner to 2538# be marked as "unavailable". See the previous comment for more information. 2539# The default values of 10 and 20 mean that 10 timeouts in any sequence of 2540# 20 attempts will trigger the behaviour described above, until the next 2541# periodic restart (see "Restart Every"). 2542Custom Spam Scanner Timeout History = 20 2543 2544# 2545# What to do with spam 2546# -------------------- 2547# 2548 2549# This is a list of actions to take when a message is spam. 2550# It can be any combination of the following: 2551# deliver - deliver the message as normal 2552# delete - delete the message 2553# store - store the message in the (spam) quarantine 2554# store-nonmcp - store the message in the non-MCP quarantine 2555# store-mcp - store the message in the MCP quarantine 2556# store-nonspam - store the message in the non-spam quarantine 2557# store-spam - store the message in the spam quarantine 2558# store-<directory-path> - store the message in the <directory-path> 2559# bounce - send a rejection message back to the sender 2560# forward user@domain.com - forward a copy of the message to user@domain.com 2561# See the note below about the keywords that 2562# can be used. 2563# striphtml - convert all in-line HTML content to plain text. 2564# You need to specify "deliver" as well for the 2565# message to reach the original recipient. 2566# attachment - Convert the original message into an attachment 2567# of the message. This means the user has to take 2568# an extra step to open the spam, and stops "web 2569# bugs" very effectively. 2570# notify - Send the recipients a short notification that 2571# spam addressed to them was not delivered. They 2572# can then take action to request retrieval of 2573# the original message if they think it was not 2574# spam. 2575# header "name: value" - Add the header 2576# name: value 2577# to the message. name must not contain any spaces. 2578# The "value" may contain the magic keyword "_TO_" 2579# anywhere in it. _TO_ will be replaced by a 2580# comma-separated list of the original recipients 2581# of the message. This is very useful if you just 2582# forward the message to a new address and don't 2583# use the "deliver" action, as otherwise the list 2584# of the original recipients may be lost. 2585# custom(parameter) - Call the CustomAction function in /usr/lib/Mail- 2586# Scanner/MailScanner/CustomFunctions/CustomAction 2587# .pm with the 'parameter' passed in. This can be 2588# used to implement any custom action you require. 2589# 2590# "forward" keywords 2591# ================== 2592# In an email address specified in the "forward" action, several keywords can 2593# be used which will be substituted with various properties of the message: 2594# _FROMUSER_ The left-hand side of the address of the sender. 2595# _FROMDOMAIN_ The right-hand side of the address of the sender. 2596# _TOUSER_ The left-hand side of each of the recipients in turn. 2597# _TODOMAIN_ The right-hand side of each of the recipients in turn. 2598# _DATE_ The date the message was received by MailScanner. 2599# _HOUR_ The hour the message was received by MailScanner. 2600# This means that you can forward messages to email addresses which show the 2601# original recipients of the message, which could be very useful when 2602# delivering into spam archive management systems. 2603# 2604# The default value I have set here enables Thunderbird to automatically 2605# handle spam when set to trust the "SpamAssassin" headers. 2606# 2607# This can also be the filename of a ruleset, in which case the filename 2608# must end in ".rule" or ".rules". 2609#Spam Actions = store forward anonymous@ecs.soton.ac.uk 2610Spam Actions = deliver header "X-Spam-Status: Yes" 2611 2612# This is just like the "Spam Actions" option above, except that it applies 2613# when the score from SpamAssassin is higher than the "High SpamAssassin Score" 2614# value. 2615# deliver - deliver the message as normal 2616# delete - delete the message 2617# store - store the message in the (spam) quarantine 2618# store-nonmcp - store the message in the non-MCP quarantine 2619# store-mcp - store the message in the MCP quarantine 2620# store-nonspam - store the message in the non-spam quarantine 2621# store-spam - store the message in the spam quarantine 2622# store-<directory-path> - store the message in the <directory-path> 2623# forward user@domain.com - forward a copy of the message to user@domain.com 2624# See the note below about the keywords that 2625# can be used. 2626# striphtml - convert all in-line HTML content to plain text. 2627# You need to specify "deliver" as well for the 2628# message to reach the original recipient. 2629# attachment - Convert the original message into an attachment 2630# of the message. This means the user has to take 2631# an extra step to open the spam, and stops "web 2632# bugs" very effectively. 2633# notify - Send the recipients a short notification that 2634# spam addressed to them was not delivered. They 2635# can then take action to request retrieval of 2636# the original message if they think it was not 2637# spam. 2638# header "name: value" - Add the header 2639# name: value 2640# to the message. name must not contain any spaces. 2641# The "value" may contain the magic keyword "_TO_" 2642# anywhere in it. _TO_ will be replaced by a 2643# comma-separated list of the original recipients 2644# of the message. This is very useful if you just 2645# forward the message to a new address and don't 2646# use the "deliver" action, as otherwise the list 2647# of the original recipients may be lost. 2648# custom(parameter) - Call the CustomAction function in /usr/lib/Mail- 2649# Scanner/MailScanner/CustomFunctions/CustomAction 2650# .pm with the 'parameter' passed in. This can be 2651# used to implement any custom action you require. 2652# 2653# "forward" keywords 2654# ================== 2655# In an email address specified in the "forward" action, several keywords can 2656# be used which will be substituted with various properties of the message: 2657# _FROMUSER_ The left-hand side of the address of the sender. 2658# _FROMDOMAIN_ The right-hand side of the address of the sender. 2659# _TOUSER_ The left-hand side of each of the recipients in turn. 2660# _TODOMAIN_ The right-hand side of each of the recipients in turn. 2661# _DATE_ The date the message was received by MailScanner. 2662# _HOUR_ The hour the message was received by MailScanner. 2663# This means that you can forward messages to email addresses which show the 2664# original recipients of the message, which could be very useful when 2665# delivering into spam archive management systems. 2666# 2667# The default value I have set here enables Thunderbird to automatically 2668# handle spam when set to trust the "SpamAssassin" headers. 2669# 2670# This can also be the filename of a ruleset, in which case the filename 2671# must end in ".rule" or ".rules". 2672High Scoring Spam Actions = store 2673 2674# This is just like the "Spam Actions" option above, except that it applies 2675# to messages that are *NOT* spam. 2676# deliver - deliver the message as normal 2677# delete - delete the message 2678# store - store the message in the (non-spam) quarantine 2679# store-nonmcp - store the message in the non-MCP quarantine 2680# store-mcp - store the message in the MCP quarantine 2681# store-nonspam - store the message in the non-spam quarantine 2682# store-spam - store the message in the spam quarantine 2683# store-<directory-path> - store the message in the <directory-path> 2684# forward user@domain.com - forward a copy of the message to user@domain.com 2685# See the note below about the keywords that 2686# can be used. 2687# striphtml - convert all in-line HTML content to plain text 2688# header "name: value" - Add the header 2689# name: value 2690# to the message. name must not contain any spaces. 2691# The "value" may contain the magic keyword "_TO_" 2692# anywhere in it. _TO_ will be replaced by a 2693# comma-separated list of the original recipients 2694# of the message. This is very useful if you just 2695# forward the message to a new address and don't 2696# use the "deliver" action, as otherwise the list 2697# of the original recipients may be lost. 2698# custom(parameter) - Call the CustomAction function in /usr/lib/Mail- 2699# Scanner/MailScanner/CustomFunctions/CustomAction 2700# .pm with the 'parameter' passed in. This can be 2701# used to implement any custom action you require. 2702# 2703# "forward" keywords 2704# ================== 2705# In an email address specified in the "forward" action, several keywords can 2706# be used which will be substituted with various properties of the message: 2707# _FROMUSER_ The left-hand side of the address of the sender. 2708# _FROMDOMAIN_ The right-hand side of the address of the sender. 2709# _TOUSER_ The left-hand side of each of the recipients in turn. 2710# _TODOMAIN_ The right-hand side of each of the recipients in turn. 2711# _DATE_ The date the message was received by MailScanner. 2712# _HOUR_ The hour the message was received by MailScanner. 2713# This means that you can forward messages to email addresses which show the 2714# original recipients of the message, which could be very useful when 2715# delivering into spam archive management systems. 2716# 2717# The default value I have set here enables Thunderbird to automatically 2718# handle spam when set to trust the "SpamAssassin" headers. 2719# 2720# This can also be the filename of a ruleset, in which case the filename 2721# must end in ".rule" or ".rules". 2722Non Spam Actions = deliver header "X-Spam-Status: No" 2723 2724# This next setting is very powerful. It allows you to adjust the list of 2725# actions taken on a message by adding or removing any action or actions, 2726# depending on what SpamAssassin rules it matched. 2727# It can be used to replace the functionality of MCP, but without the large 2728# processing overhead that involves. 2729# 2730# The setting consists of a comma-separated list of 2731# SA_RULENAME=>action,action,... 2732# pairs, where 'SA_RULENAME' is the name of any SpamAssassin rule (or 2733# meta-rule), and 'action' is the name of any of the actions listed above 2734# the 'Spam Actions' configuration setting or the word "not-" preceding any 2735# of the action names. 2736# Preceding the action name with "not-" as in "not-deliver" or "not-forward 2737# user@domain.com" will cause the action to be removed from the list of 2738# actions that would normally be taken on this message. 2739# 2740# All of the keywords available in the "forward" action also work here. 2741# 2742# You can specify a comma-separated list of actions if you need more than 1 2743# action per rule. 2744# 2745# Example: Setting this to 2746# SpamAssassin Rule Actions = FROM_BOSS_WIFE=>not-forward secretary@domain.com 2747# would result in mail from the boss's wife not being forwarded to the boss's 2748# secretary, which would be useful if the non-spam actions for the message 2749# included forwarding to the boss's secretary. 2750# 2751# You can also trigger actions on the spam score of the message. You can 2752# compare the spam score with a number and cause this to trigger an action. 2753# For example, instead of a SA_RULENAME you can specify 2754# SpamScore>number or SpamScore>=number or SpamScore==number or 2755# SpamScore<number or SpamScore<=number 2756# where "number" is the threshold value you are comparing it against. 2757# So you could have a rule/action pair that looks like 2758# SpamScore>25=>delete 2759# This would cause all messages with a total spam score of more than 25 to be 2760# deleted. You can use this to implement multiple levels of spam actions in 2761# addition to the normal spam actions and the high-scoring spam actions. 2762# 2763# Combining this with a ruleset makes it even more powerful, as different 2764# recipients and/or senders can have different sets of rules applied to them. 2765# 2766# This can also be the filename of a ruleset, in which case the filename 2767# must end in ".rule" or ".rules". 2768SpamAssassin Rule Actions = 2769 2770# There are 3 reports: 2771# Sender Spam Report - sent when a message triggers both a Spam 2772# List and SpamAssassin, 2773# Sender Spam List Report - sent when a message triggers a Spam List, 2774# Sender SpamAssassin Report - sent when a message triggers SpamAssassin. 2775# 2776# These can also be the filenames of rulesets. 2777Sender Spam Report = %report-dir%/sender.spam.report.txt 2778Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt 2779Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt 2780 2781# If you use the 'attachment' Spam Action or High Scoring Spam Action 2782# then this is the location of inline spam report that is inserted at 2783# the top of the message. 2784Inline Spam Warning = %report-dir%/inline.spam.warning.txt 2785 2786# If you use the 'notify' Spam Action or High Scoring Spam Action then 2787# this is the location of the notification message that is sent to the 2788# original recipients of the message. 2789Recipient Spam Report = %report-dir%/recipient.spam.report.txt 2790 2791# You can use this ruleset to enable the "bounce" Spam Action. 2792# You must *only* enable this for mail from sites with which you have 2793# agreed to bounce possible spam. Use it on low-scoring spam only (<10) 2794# and only to your regular customers for use in the rare case that a 2795# message is mis-tagged as spam when it shouldn't have been. 2796# Beware that many sites will automatically delete the bounce messages 2797# created by using this option unless you have agreed this with them in 2798# advance. 2799# If you enable this, be prepared to handle the irate responses from 2800# people to whom you are essentially sending more spam! 2801Enable Spam Bounce = %rules-dir%/bounce.rules 2802 2803# When you bounce a spam message back to the sender, do you want to 2804# encapsulate it in another message, rather like the "attachment" option 2805# when delivering spam to the original recipient? 2806# NOTE: If you enable this option, be sure to whitelist your local server 2807# ie. 127.0.0.1 as otherwise the spam bounce message will be detected 2808# as spam again, which will cause another spam bounce and so on 2809# until your mail queues fill up and your server crashes! 2810# This can also be the filename of a ruleset. 2811Bounce Spam As Attachment = no 2812 2813# 2814# Logging 2815# ------- 2816# 2817 2818# This is the syslog "facility" name that MailScanner uses. If you don't 2819# know what a syslog facility name is, then either don't change this value 2820# or else go and read "man syslog.conf". The default value of "mail" will 2821# cause the MailScanner logs to go into the same place as all your other 2822# mail logs. 2823Syslog Facility = mail 2824 2825# Do you want to log the processing speed for each section of the code 2826# for a batch? This can be very useful for diagnosing speed problems, 2827# particularly in spam checking. 2828Log Speed = no 2829 2830# Do you want all spam to be logged? Useful if you want to gather 2831# spam statistics from your logs, but can increase the system load quite 2832# a bit if you get a lot of spam. 2833Log Spam = no 2834 2835# Do you want all non-spam to be logged? Useful if you want to see 2836# all the SpamAssassin reports of mail that was marked as non-spam. 2837# Note: It will generate a lot of log traffic. 2838Log Non Spam = no 2839 2840# Do you want to log all messages that are delivered and not delivered 2841# to the original recipients. Note that this log output will include 2842# the Subject: of the original email, so is switched off by default. 2843# In some countries, particularly the EU, it may well be illegal to log 2844# the Subject: of email messages. 2845Log Delivery And Non-Delivery = no 2846 2847# Log all the filenames that are allowed by the Filename Rules, or just 2848# the filenames that are denied? 2849# This can also be the filename of a ruleset. 2850Log Permitted Filenames = no 2851 2852# Log all the filenames that are allowed by the Filetype Rules, or just 2853# the filetypes that are denied? 2854# This can also be the filename of a ruleset. 2855Log Permitted Filetypes = no 2856 2857# Log all the filenames that are allowed by the MIME types set in Filetype 2858# Rules, or just the MIME tyes that are denied? 2859# This can also be the filename of a ruleset. 2860Log Permitted File MIME Types = no 2861 2862# Log all occurrences of "Silent Viruses" as defined above? 2863# This can only be a simple yes/no value, not a ruleset. 2864Log Silent Viruses = no 2865 2866# Log all occurrences of HTML tags found in messages, that can be blocked. 2867# This will help you build up your whitelist of message sources for which 2868# particular HTML tags should be allowed, such as mail from newsletters 2869# and daily cartoon strips. 2870# This can also be the filename of a ruleset. 2871Log Dangerous HTML Tags = no 2872 2873# Log all actions from the "SpamAssassin Rule Actions" setting? 2874# This can also be the filename of a ruleset. 2875Log SpamAssassin Rule Actions = yes 2876 2877# 2878# Advanced SpamAssassin Settings 2879# ------------------------------ 2880# 2881# If you are using Postfix you may well need to use some of the settings 2882# below, as the home directory for the "postfix" user cannot be written 2883# to by the "postfix" user. 2884# You may also need to use these if you have installed SpamAssassin 2885# somewhere other than the default location. 2886# 2887 2888# SpamAssassin creates lots of temporary files as it works on messages. 2889# For speed, these should be created in a location mounted using tmpfs if 2890# you have it. MailScanner will attempt to mkdir it if necessary, so no 2891# special scripts are needed to set it up before running MailScanner. 2892# Note: If you move the "Incoming Work Dir" then you should move this too. 2893SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp 2894 2895# The per-user files (bayes, auto-whitelist, user_prefs) are looked 2896# for here and in ~/.spamassassin/. Note the files are mutable. 2897# If this is unset then no extra places are searched for. 2898# If using Postfix, you probably want to set this as shown in the example 2899# line at the end of this comment, and do 2900# mkdir /var/spool/MailScanner/spamassassin 2901# chown postfix.postfix /var/spool/MailScanner/spamassassin 2902# NOTE: SpamAssassin is always called from MailScanner as the same user, 2903# and that is the "Run As" user specified above. So you can only 2904# have 1 set of "per-user" files, it's just that you might possibly 2905# need to modify this location. 2906# You should not normally need to set this at all. 2907#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin 2908SpamAssassin User State Dir = 2909 2910# This setting is useful if SpamAssassin is installed in an unusual place, 2911# e.g. /opt/MailScanner. The install prefix is used to find some fallback 2912# directories if neither of the following two settings work. 2913# If this is set then it adds to the list of places that are searched; 2914# otherwise it has no effect. 2915#SpamAssassin Install Prefix = /opt/MailScanner 2916SpamAssassin Install Prefix = 2917 2918# The site rules are searched for here. 2919# Normal location on most systems is /etc/mail/spamassassin. 2920SpamAssassin Site Rules Dir = /etc/mail/spamassassin 2921 2922# The site-local rules are searched for here, and in prefix/etc/spamassassin, 2923# prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, 2924# /etc/mail/spamassassin, and maybe others. 2925# Be careful of setting this: it may mean the spamassassin.conf file 2926# is missed out, you will need to insert a soft-link with "ln -s" to link 2927# the file into mailscanner.cf in the new directory. 2928# If this is set then it replaces the list of places that are searched; 2929# otherwise it has no effect. 2930#SpamAssassin Local Rules Dir = /etc/MailScanner/mail/spamassassin 2931SpamAssassin Local Rules Dir = 2932 2933# The rules created by the "sa-update" tool are searched for here. 2934# This directory contains the 3.001001/updates_spamassassin_org 2935# directory structure beneath it. 2936# Only un-comment this setting once you have proved that the sa-update 2937# cron job has run successfully and has created a directory structure under 2938# the spamassassin directory within this one and has put some *.cf files in 2939# there. Otherwise it will ignore all your current rules! 2940# The default location may be /var/opt on Solaris systems. 2941SpamAssassin Local State Dir = # /var/lib/spamassassin 2942 2943# The default rules are searched for here, and in prefix/share/spamassassin, 2944# /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. 2945# If this is set then it adds to the list of places that are searched; 2946# otherwise it has no effect. 2947#SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin 2948SpamAssassin Default Rules Dir = 2949 2950# 2951# Database SQL Configuration Settings 2952# 2953# This section allows you to over-ride any setting in this file or its 2954# related "include"d files with a setting or a ruleset in an SQL database. 2955 2956# If you wish to read settings from a database or any other DBI-compatible 2957# data source, then this value should be set to the DBI data source name. 2958# 2959# This value is required for all of the database functions to work; if it 2960# is not supplied or is invalid, then all of the database functions will be 2961# disabled. See the Perl DBI documentation for all available options. 2962# 2963# Example: DB DSN = DBI:DriverName:database=DataBaseName;host=Hostname;port=Port 2964DB DSN = 2965 2966# Optional username to use to connect to the data source defined by DB DSN. 2967DB Username = 2968 2969# Optional password to use to connect to the data source defined by DB DSN. 2970DB Password = 2971 2972# This should be a valid SQL statement that returns a single row of data from 2973# your data source in integer format. This value is periodically checked every 2974# 15 minutes and if it is numerically greater than the previously retrieved 2975# value then the MailScanner child will exit and reload its configuration. 2976# 2977# This setting is required for all database functions to work; if it is not 2978# defined or the SQL is invalid then all database functions will be disabled. 2979# 2980# Example: SELECT value FROM config WHERE option='confserialnumber' 2981SQL Serial Number = 2982 2983# This should be a valid SQL statement that takes two placeholder arguments 2984# and returns a single row and column of data. The first placeholder will 2985# contain the 'external' variable representation of the MailScanner setting 2986# being looked-up and the second placeholder will contain the hostname of the 2987# host that is requesting the data. 2988# 2989# This setting is required for all database functions to work; if it is not 2990# defined or the SQL is invalid then all database functions will be disabled. 2991# 2992# Exmaple: SQL Quick Peek = SELECT value FROM config WHERE external = ? AND host = ? 2993SQL Quick Peek = 2994 2995# This should be a valid SQL statement that has a single placeholder argument 2996# and must return two columns and one row per configuration setting. 2997# The placeholder will contain the hostname of the host requsting the data. 2998# The first column must return the 'internal' representation of the setting 2999# and the second column must return the value that should be assigned. 3000# If the value contains 'foobar.customi[zs]e' then the value is presumed to 3001# be a database ruleset and will cause the defined 'SQL Ruleset' statement to 3002# be run and will use 'foobar' as the ruleset name to retrieve the ruleset. 3003# 3004# This setting is required for all database functions to work; if it is not 3005# defined or the SQL is invalid then all database functions will be disabled. 3006# 3007# Exmaple: SQL Config = SELECT option, value FROM config WHERE host=? 3008SQL Config = 3009 3010# This should be a valid SQL statement that has a single placeholder argument 3011# and must return two columns and one or more rows. The first column must be 3012# a numeric starting at 1 and in ascending order and the second column should 3013# be the rule string. The placeholder will contain the ruleset name. 3014# 3015# Example: SQL Ruleset = SELECT num, rule FROM ruleset WHERE rulesetname=? ORDER BY num ASC 3016SQL Ruleset = 3017 3018# This should be a valid SQL statement that returns a single column and one 3019# or more rows. Each row that is returned is pushed into an array and joined 3020# into a string separated by newlines and then passed into the SpamAssassin API 3021# using the {post_config_text} attribute. See the SpamAssassin API for details. 3022# The returned rows should be valid SpamAssassin configuration settings that 3023# will be processed by SpamAssassin after it has read all of normal configuration. 3024# Any errors will therefore be reported by SpamAssassin and will show up by 3025# running 'MailScanner --lint' or 'MailScanner --debug-sa'. 3026# 3027# Example: SQL SpamAssassin Config = SELECT text FROM sa_config 3028SQL SpamAssassin Config = 3029 3030# If enabled; this will log lots of debugging output to STDERR and to syslog 3031# to help pinpoint any errors in the returned database values and will show 3032# exactly what is being processed as the data is being loaded. 3033SQL Debug = no 3034 3035# 3036# MCP (Message Content Protection) 3037# ----------------------------- 3038# 3039# This scans text and HTML messages segments for any banned text, using 3040# a 2nd copy of SpamAssassin to provide the searching abilities. 3041# This 2nd copy has its own entire set of rules, preferences and settings. 3042# When used together with the patches for SpamAssassin, it can also check 3043# the content of attachments such as office documents. 3044# 3045# See https://web.archive.org/web/20150323143115/http://www.mailscanner.info/mcp.html for more info. 3046# 3047 3048MCP Checks = no 3049 3050# Do the spam checks first, or the MCP checks first? 3051# This cannot be the filename of a ruleset, only a fixed value. 3052First Check = spam 3053 3054# The rest of these options are clones of the equivalent spam options 3055MCP Required SpamAssassin Score = 1 3056MCP High SpamAssassin Score = 10 3057MCP Error Score = 1 3058 3059MCP Header = X-%org-name%-MailScanner-MCPCheck: 3060Non MCP Actions = deliver 3061MCP Actions = deliver 3062High Scoring MCP Actions = deliver 3063Bounce MCP As Attachment = no 3064 3065MCP Modify Subject = start 3066MCP Subject Text = {MCP?} 3067High Scoring MCP Modify Subject = start 3068High Scoring MCP Subject Text = {MCP?} 3069 3070Is Definitely MCP = no 3071Is Definitely Not MCP = no 3072Definite MCP Is High Scoring = no 3073Always Include MCP Report = no 3074Detailed MCP Report = yes 3075Include Scores In MCP Report = no 3076Log MCP = no 3077 3078MCP Max SpamAssassin Timeouts = 20 3079MCP Max SpamAssassin Size = 100k 3080MCP SpamAssassin Timeout = 10 3081 3082MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spamassassin.conf 3083MCP SpamAssassin User State Dir = 3084MCP SpamAssassin Local Rules Dir = %mcp-dir% 3085MCP SpamAssassin Default Rules Dir = %mcp-dir% 3086MCP SpamAssassin Install Prefix = %mcp-dir% 3087Recipient MCP Report = %report-dir%/recipient.mcp.report.txt 3088Sender MCP Report = %report-dir%/sender.mcp.report.txt 3089 3090# 3091# Advanced Settings 3092# ----------------- 3093# 3094# Don't bother changing anything below this unless you really know 3095# what you are doing, or else if MailScanner has complained about 3096# your "Minimum Code Status" setting. 3097# 3098 3099# When trying to work out the value of configuration parameters which are 3100# using a ruleset, this controls the behaviour when a rule is checking the 3101# "To:" addresses. 3102# If this option is set to "yes", then the following happens when checking 3103# the ruleset: 3104# a) 1 recipient. Same behaviour as normal. 3105# b) Several recipients, but all in the same domain (domain.com for example). 3106# The rules are checked for one that matches the string "*@domain.com". 3107# c) Several recipients, not all in the same domain. 3108# The rules are checked for one that matches the string "*@*". 3109# 3110# If this option is set to "no", then some rules will use the result they 3111# get from the first matching rule for any of the recipients of a message, 3112# so the exact value cannot be predicted for messages with more than 1 3113# recipient. 3114# 3115# This value *cannot* be the filename of a ruleset. 3116Use Default Rules With Multiple Recipients = no 3117 3118# When working out from IP address the message was sent from, 3119# no or 0 ==> use the SMTP client address, ie. the address of the system 3120# talking to the MailScanner server. This is the normal setting. 3121# yes or 1 ==> use the first IP address contained in the first "Received:" 3122# header at the top of the email message's headers. 3123# Any number > 1 ==> use the first IP address contained in the n-th 3124# "Received:" header starting from the top of the email 3125# message's headers. 3126# Users of BarricadeMX should note that this setting will always be forced 3127# to 2, so it will always give you IP address of the system connecting to 3128# BarricadeMX. 3129# 3130# This is very useful when you are injecting mail into a MailScanner server 3131# using "fetchmail" as otherwise all mail will appear to be coming from the 3132# the IP address of the system running "fetchmail", and not the address the 3133# mail actually came from. 3134# You need to use this together with the "invisible" option in "fetchmail", 3135# so that "fetchmail" does not add its own "Received:" header to the start 3136# of the message. 3137# 3138# This value *cannot* be the filename of a ruleset. 3139Read IP Address From Received Header = no 3140 3141# When putting the value of the spam score of a message into the headers, 3142# how do you want to format it. If you don't know how to use sprintf() or 3143# printf() in C, please *do not modify* this value. A few examples for you: 3144# %d ==> 12 3145# %5.2f ==> 12.34 3146# %05.1f ==> 012.3 3147# This can also be the filename of a ruleset. 3148Spam Score Number Format = %d 3149 3150# This is the version number of the MailScanner distribution that created 3151# this configuration file. Please do not change this value. 3152MailScanner Version Number = 5.3.4 3153 3154# Do not change this unless you absolutely have to, these numbers have 3155# been carefully calculated. 3156# They affect the length of time that different types of message are 3157# stored in the SpamAssassin cache which can be configured earlier in 3158# this file (look for "Cache"). 3159# The numbers are all set in seconds. They are: 3160# 1. Non-Spam cache lifetime = 30 minutes 3161# 2. Spam (low scoring) cache lifetime = 5 minutes 3162# 3. High-Scoring spam cache lifetime = 3 hours 3163# 4. Viruses cache lifetime = 2 days 3164# 5. How often to check the cache for expired messages = 10 minutes 3165SpamAssassin Cache Timings = 1800,300,10800,172800,600 3166 3167# Set Debug to "yes" to stop it running as a daemon and just process 3168# one batch of messages and then exit. 3169Debug = no 3170 3171# Do you want to debug SpamAssassin from within MailScanner? 3172Debug SpamAssassin = no 3173 3174# Set Run In Foreground to "yes" if you want MailScanner to operate 3175# normally in foreground (and not as a background daemon). 3176# Use this if you are controlling the execution of MailScanner 3177# with a tool like DJB's 'supervise' (see http://cr.yp.to/daemontools.html). 3178Run In Foreground = no 3179 3180# If you are using an LDAP server to read the configuration, these 3181# are the details required for the LDAP connection. The connection 3182# is anonymous. 3183#LDAP Server = localhost 3184#LDAP Base = o=fsl 3185#LDAP Site = default 3186 3187# This option is intended for people who want to log more information 3188# about messages than what is put in syslog. It is intended to be used 3189# with a Custom Function which has the side-effect of logging information, 3190# perhaps to an SQL database, or any other processing you want to do 3191# after each message is processed. 3192# Its value is completely ignored, it is purely there to have side 3193# effects. 3194# If you want to use it, read CustomConfig.pm. 3195Always Looked Up Last = no 3196 3197# This option is intended for people who want to log per-batch information. 3198# This is evaluated after the "Always Looked Up Last" configuration option 3199# for each message in the batch. This is looked up once for the entire batch. 3200# Its value is completely ignored, it is purely there to have side effects. 3201# If you want to use it, read CustomConfig.pm. 3202Always Looked Up Last After Batch = no 3203 3204# When attempting delivery of outgoing messages, should we do it in the 3205# background or wait for it to complete? The danger of doing it in the 3206# background is that the machine load goes ever upwards while all the 3207# slow sendmail processes run to completion. However, running it in the 3208# foreground may cause the mail server to run too slowly. 3209Deliver In Background = yes 3210 3211# Attempt immediate delivery of messages, or just place them in the outgoing 3212# queue for the MTA to deliver when it wants to? 3213# batch -- attempt delivery of messages, in batches of up to 20 at once. 3214# queue -- just place them in the queue and let the MTA find them. 3215# This can also be the filename of a ruleset. For example, you could use a 3216# ruleset here so that messages coming to you are immediately delivered, 3217# while messages going to any other site are just placed in the queue in 3218# case the remote delivery is very slow. 3219Delivery Method = batch 3220 3221# Are you using Exim with split spool directories? If you don't understand 3222# this, the answer is probably "no". Refer to the Exim documentation for 3223# more information about split spool directories. 3224Split Exim Spool = no 3225 3226# Where to put the virus scanning engine lock files. 3227# These lock files are used between MailScanner and the virus signature 3228# "autoupdate" scripts, to ensure that they aren't both working at the 3229# same time (which could cause MailScanner to let a virus through). 3230# 3231Lockfile Dir = /var/spool/MailScanner/incoming/Locks 3232 3233# Where to put the code for your "Custom Functions". No code in this 3234# directory should be over-written by the installation or upgrade process. 3235# All files starting with "." or ending with ".rpmnew" will be ignored, 3236# all other files will be compiled and may be used with Custom Functions. 3237Custom Functions Dir = /usr/share/MailScanner/perl/custom 3238 3239# How to lock spool files. 3240# Don't set this unless you *know* you need to. 3241# For sendmail, it defaults to "posix". 3242# For sendmail 8.12 and older, you will probably need to change it to flock, 3243# particularly on Linux systems. 3244# For Exim, it defaults to "posix". 3245# No other type is implemented. 3246Lock Type = 3247 3248# This is the syslog "socket type" that MailScanner uses. This should 3249# normally be left blank, and MailScanner will use the type appropriate 3250# for your operating system. The only people who may ever need to change 3251# this are some Solaris users who may want to set it to "native". Read 3252# "man Sys::Syslog" for more information. The default value depends on your 3253# operating system. 3254# This cannot be a ruleset, only a simple value. 3255Syslog Socket Type = 3256 3257# Do you want to automatically do a syntax check of the configuration files 3258# when MailScanner is started up? It will still start up, regardless, but it 3259# will print plenty of errors and warnings if anything important is wrong in 3260# your setup, instead of just logging it to your system's mail logs. It does 3261# slightly slow down the startup of MailScanner, of course, but that is only 3262# done once and so it does not really matter. 3263# This makes it easier for novice users. 3264# This cannot be a ruleset, only a simple value. 3265Automatic Syntax Check = yes 3266 3267# Minimum acceptable code stability status -- if we come across code 3268# that's not at least as stable as this, we barf. 3269# This is currently only used to check that you don't end up using untested 3270# virus scanner support code without realising it. 3271# Levels used are: 3272# none - there may not even be any code. 3273# unsupported - code may be completely untested, a contributed dirty hack, 3274# anything, really. 3275# alpha - code is pretty well untested. Don't assume it will work. 3276# beta - code is tested a bit. It should work. 3277# supported - code *should* be reliable. 3278# 3279# Don't even *think* about setting this to anything other than "beta" or 3280# "supported" on a system that receives real mail until you have tested it 3281# yourself and are happy that it is all working as you expect it to. 3282# Don't set it to anything other than "supported" on a system that could 3283# ever receive important mail. 3284# 3285# READ and UNDERSTAND the above text BEFORE changing this. 3286# 3287Minimum Code Status = supported 3288 3289# 3290# 3291# Include conf.d files automatically, so you can override any of the 3292# items set above with settings in your own local configuration files. 3293# They will be read and processed in alphabetical order. 3294# 3295# 3296include /etc/MailScanner/conf.d/* 3297 3298# End Of File 3299