1# Sample config file for rmilter
2# $Id$
3#
4
5# .include - directive to include other config file
6#.include /etc/rmilter/rmilter-grey.conf
7
8# pidfile - path to pid file
9# Default: pidfile = /var/run/rmilter.pid
10
11pidfile = /var/run/rmilter/rmilter.pid;
12
13
14clamav {
15	# servers - clamav socket definitions in format:
16	# /path/to/file
17	# host[:port]
18	# sockets are separated by ','
19	# Default: empty
20	#servers = localhost;
21	# connect_timeout - timeout in miliseconds for connecting to clamav
22	# Default: 1s
23	connect_timeout = 1s;
24
25	# port_timeout - timeout in miliseconds for waiting for clamav port response
26	# Default: 4s
27	port_timeout = 4s;
28
29	# results_timeout - timeout in miliseconds for waiting for clamav response
30	# Default: 20s
31	results_timeout = 20s;
32
33	# error_time - time in seconds during which we are counting errors
34	# Default: 10
35	error_time = 10;
36
37	# dead_time - time in seconds during which we are thinking that server is down
38	# Default: 300
39	dead_time = 300;
40
41	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
42	# this upstream is dead
43	# Default: 10
44	maxerrors = 10;
45};
46
47spamd {
48	# servers - spamd socket definitions in format:
49	# /path/to/file
50	# host[:port]
51	# sockets are separated by ','
52	# is server name is prefixed with r: it is rspamd server
53	# Default: empty
54	servers = localhost:11333;
55
56	# also_check - extra spamd servers to check
57	#also_check = r:spam.example.com;
58
59	# diff_dir - path where to write messages that have different results from main and extra checks
60	#diff_dir = /var/run/rmilter/diffmsg;
61
62	# connect_timeout - timeout in milliseconds for connecting to spamd
63	# Default: 1s
64	connect_timeout = 1s;
65
66	# results_timeout - timeout in milliseconds for waiting for spamd response
67	# Default: 20s
68	results_timeout = 20s;
69
70	# error_time - time in seconds during which we are counting errors
71	# Default: 10
72	error_time = 10;
73
74	# dead_time - time in seconds during which we are thinking that server is down
75	# Default: 300
76	dead_time = 300;
77
78	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
79	# this upstream is dead
80	# Default: 10
81	maxerrors = 10;
82
83	# reject_message - reject message for spam
84	# Default: "Spam message rejected; If this is not spam contact abuse"
85	reject_message = "Spam message rejected; If this is not spam contact abuse";
86
87	# whitelist - list of ips or nets that should be not checked with spamd
88	# Default: empty
89	whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128;
90
91	# rspamd_metric - metric for using with rspamd
92	# Default: "default"
93	rspamd_metric = "default";
94};
95
96redis {
97	# servers_grey - memcached servers for greylisting in format:
98	# host[:port][, host[:port]]
99	# It is possible to make memcached mirroring, its syntax is {server1, server2}
100	servers_grey = localhost;
101
102	# servers_white - memcached servers for whitelisting in format similar to that is used
103	# in servers_grey
104	# servers_white = {localhost, mcgi12.example.com}, mcgi18.example.com:11211;
105
106	# servers_limits - memcached servers used for limits storing, can not be mirrored
107	servers_limits = localhost;
108
109	# servers_id - memcached servers used for message id storing, can not be mirrored
110	servers_id = localhost;
111
112	# id_prefix - prefix for extracting message ids from memcached
113	# Default: empty (no prefix is prepended to key)
114	id_prefix = "message_id.";
115
116	# grey_prefix - prefix for extracting greylisted records from memcached
117	# Default: empty (no prefix is prepended to key)
118	grey_prefix = "grey.";
119
120	# id_prefix - prefix for extracting whitelisted records from memcached
121	# Default: empty (no prefix is prepended to key)
122	white_prefix = "white.";
123
124	# connect_timeout - timeout in miliseconds for waiting for memcached
125	# Default: 1s
126	connect_timeout = 1s;
127
128	# error_time - time in seconds during which we are counting errors
129	# Default: 10
130	error_time = 10;
131
132	# dead_time - time in seconds during which we are thinking that server is down
133	# Default: 300
134	dead_time = 300;
135
136	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
137	# this upstream is dead
138	# Default: 10
139	maxerrors = 10;
140
141	# protocol - protocol that is using for connecting to memcached (tcp or udp)
142	# Default: udp
143	protocol = tcp;
144};
145
146# bind_socket - socket credits for local bind:
147# unix:/path/to/file - bind to local socket
148# inet:port@host - bind to inet socket
149# Default: bind_socket = unix:/var/tmp/rmilter.sock;
150
151bind_socket = unix:/run/rmilter/rmilter.sock;
152
153# tempdir - path to directory that contains temporary files
154# Default: $TMPDIR
155
156tempdir = /tmp;
157
158# max_size - maximum size of scanned mail with clamav and dcc
159# Default: 0 (no limit)
160
161max_size = 10M;
162
163# strict_auth - strict checks for mails from authenticated senders
164# Default: no
165
166strict_auth = no;
167
168# spf_domains - path to file that contains hash of spf domains
169# Default: empty
170
171#spf_domains = example.com;
172
173# use_dcc - whether use or not dcc system
174# Default: no
175
176use_dcc = no;
177
178# rule definition:
179# rule {
180#	accept|discard|reject|tempfail|quarantine "[message]"; <- action definition
181#	[not] connect <regexp> <regexp>; <- conditions
182#	helo <regexp>;
183#	envfrom <regexp>;
184#	envrcpt <regexp>;
185#	header <regexp> <regexp>;
186#	body <regexp>;
187# };
188
189# limits section
190limits {
191	# Whitelisted ip or networks
192	limit_whitelist = 194.67.45.4/32;
193	# Whitelisted recipients
194	limit_whitelist_rcpt =  postmaster, mailer-daemon;
195	# Addrs for bounce checks
196	limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon;
197	# Limit for bounce mail
198	limit_bounce_to = 5:0.000277778;
199	# Limit for bounce mail per one source ip
200	limit_bounce_to_ip = 5:0.000277778;
201	# Limit for all mail per recipient
202	limit_to = 20:0.016666667;
203	# Limit for all mail per one source ip
204	limit_to_ip = 30:0.025;
205	# Limit for all mail per one source ip and from address
206	limit_to_ip_from = 100:0.033333333;
207};
208
209greylisting {
210	timeout = 300s;
211	expire = 3d;
212	whitelist = 127.0.0.1,
213				192.168.1.1,
214				192.168.2.0/24,
215				[::1]/128;
216};
217
218dkim {
219	# Sample for dkim specific keys
220	# domain {
221	#   key = /etc/dkim/dkim_example.key;
222	#   domain = "example.com";
223	#	selector = "dkim";
224	# };
225	# domain {
226	#   key = /etc/dkim/dkim_test.key;
227	#   domain = "test.com";
228	#	selector = "dkim";
229	# };
230	# Universal selector, keys will be checked for pattern /etc/dkim/<domain>.<selector>.key
231    domain {
232		key = /etc/dkim;
233		domain = "*";
234		selector = "dkim";
235	};
236    header_canon = relaxed;
237    body_canon = relaxed;
238    sign_alg = sha256;
239};
240
241
242# Order of checks at EOM:
243#
244# SPF -> DCC -> CLAMAV
245