1# Sample config file for rmilter 2# $Id$ 3# 4 5# .include - directive to include other config file 6#.include /etc/rmilter/rmilter-grey.conf 7 8# pidfile - path to pid file 9# Default: pidfile = /var/run/rmilter.pid 10 11pidfile = /var/run/rmilter/rmilter.pid; 12 13 14clamav { 15 # servers - clamav socket definitions in format: 16 # /path/to/file 17 # host[:port] 18 # sockets are separated by ',' 19 # Default: empty 20 #servers = localhost; 21 # connect_timeout - timeout in miliseconds for connecting to clamav 22 # Default: 1s 23 connect_timeout = 1s; 24 25 # port_timeout - timeout in miliseconds for waiting for clamav port response 26 # Default: 4s 27 port_timeout = 4s; 28 29 # results_timeout - timeout in miliseconds for waiting for clamav response 30 # Default: 20s 31 results_timeout = 20s; 32 33 # error_time - time in seconds during which we are counting errors 34 # Default: 10 35 error_time = 10; 36 37 # dead_time - time in seconds during which we are thinking that server is down 38 # Default: 300 39 dead_time = 300; 40 41 # maxerrors - maximum number of errors that can occur during error_time to make us thinking that 42 # this upstream is dead 43 # Default: 10 44 maxerrors = 10; 45}; 46 47spamd { 48 # servers - spamd socket definitions in format: 49 # /path/to/file 50 # host[:port] 51 # sockets are separated by ',' 52 # is server name is prefixed with r: it is rspamd server 53 # Default: empty 54 servers = localhost:11333; 55 56 # also_check - extra spamd servers to check 57 #also_check = r:spam.example.com; 58 59 # diff_dir - path where to write messages that have different results from main and extra checks 60 #diff_dir = /var/run/rmilter/diffmsg; 61 62 # connect_timeout - timeout in milliseconds for connecting to spamd 63 # Default: 1s 64 connect_timeout = 1s; 65 66 # results_timeout - timeout in milliseconds for waiting for spamd response 67 # Default: 20s 68 results_timeout = 20s; 69 70 # error_time - time in seconds during which we are counting errors 71 # Default: 10 72 error_time = 10; 73 74 # dead_time - time in seconds during which we are thinking that server is down 75 # Default: 300 76 dead_time = 300; 77 78 # maxerrors - maximum number of errors that can occur during error_time to make us thinking that 79 # this upstream is dead 80 # Default: 10 81 maxerrors = 10; 82 83 # reject_message - reject message for spam 84 # Default: "Spam message rejected; If this is not spam contact abuse" 85 reject_message = "Spam message rejected; If this is not spam contact abuse"; 86 87 # whitelist - list of ips or nets that should be not checked with spamd 88 # Default: empty 89 whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128; 90 91 # rspamd_metric - metric for using with rspamd 92 # Default: "default" 93 rspamd_metric = "default"; 94}; 95 96redis { 97 # servers_grey - memcached servers for greylisting in format: 98 # host[:port][, host[:port]] 99 # It is possible to make memcached mirroring, its syntax is {server1, server2} 100 servers_grey = localhost; 101 102 # servers_white - memcached servers for whitelisting in format similar to that is used 103 # in servers_grey 104 # servers_white = {localhost, mcgi12.example.com}, mcgi18.example.com:11211; 105 106 # servers_limits - memcached servers used for limits storing, can not be mirrored 107 servers_limits = localhost; 108 109 # servers_id - memcached servers used for message id storing, can not be mirrored 110 servers_id = localhost; 111 112 # id_prefix - prefix for extracting message ids from memcached 113 # Default: empty (no prefix is prepended to key) 114 id_prefix = "message_id."; 115 116 # grey_prefix - prefix for extracting greylisted records from memcached 117 # Default: empty (no prefix is prepended to key) 118 grey_prefix = "grey."; 119 120 # id_prefix - prefix for extracting whitelisted records from memcached 121 # Default: empty (no prefix is prepended to key) 122 white_prefix = "white."; 123 124 # connect_timeout - timeout in miliseconds for waiting for memcached 125 # Default: 1s 126 connect_timeout = 1s; 127 128 # error_time - time in seconds during which we are counting errors 129 # Default: 10 130 error_time = 10; 131 132 # dead_time - time in seconds during which we are thinking that server is down 133 # Default: 300 134 dead_time = 300; 135 136 # maxerrors - maximum number of errors that can occur during error_time to make us thinking that 137 # this upstream is dead 138 # Default: 10 139 maxerrors = 10; 140 141 # protocol - protocol that is using for connecting to memcached (tcp or udp) 142 # Default: udp 143 protocol = tcp; 144}; 145 146# bind_socket - socket credits for local bind: 147# unix:/path/to/file - bind to local socket 148# inet:port@host - bind to inet socket 149# Default: bind_socket = unix:/var/tmp/rmilter.sock; 150 151bind_socket = unix:/run/rmilter/rmilter.sock; 152 153# tempdir - path to directory that contains temporary files 154# Default: $TMPDIR 155 156tempdir = /tmp; 157 158# max_size - maximum size of scanned mail with clamav and dcc 159# Default: 0 (no limit) 160 161max_size = 10M; 162 163# strict_auth - strict checks for mails from authenticated senders 164# Default: no 165 166strict_auth = no; 167 168# spf_domains - path to file that contains hash of spf domains 169# Default: empty 170 171#spf_domains = example.com; 172 173# use_dcc - whether use or not dcc system 174# Default: no 175 176use_dcc = no; 177 178# rule definition: 179# rule { 180# accept|discard|reject|tempfail|quarantine "[message]"; <- action definition 181# [not] connect <regexp> <regexp>; <- conditions 182# helo <regexp>; 183# envfrom <regexp>; 184# envrcpt <regexp>; 185# header <regexp> <regexp>; 186# body <regexp>; 187# }; 188 189# limits section 190limits { 191 # Whitelisted ip or networks 192 limit_whitelist = 194.67.45.4/32; 193 # Whitelisted recipients 194 limit_whitelist_rcpt = postmaster, mailer-daemon; 195 # Addrs for bounce checks 196 limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon; 197 # Limit for bounce mail 198 limit_bounce_to = 5:0.000277778; 199 # Limit for bounce mail per one source ip 200 limit_bounce_to_ip = 5:0.000277778; 201 # Limit for all mail per recipient 202 limit_to = 20:0.016666667; 203 # Limit for all mail per one source ip 204 limit_to_ip = 30:0.025; 205 # Limit for all mail per one source ip and from address 206 limit_to_ip_from = 100:0.033333333; 207}; 208 209greylisting { 210 timeout = 300s; 211 expire = 3d; 212 whitelist = 127.0.0.1, 213 192.168.1.1, 214 192.168.2.0/24, 215 [::1]/128; 216}; 217 218dkim { 219 # Sample for dkim specific keys 220 # domain { 221 # key = /etc/dkim/dkim_example.key; 222 # domain = "example.com"; 223 # selector = "dkim"; 224 # }; 225 # domain { 226 # key = /etc/dkim/dkim_test.key; 227 # domain = "test.com"; 228 # selector = "dkim"; 229 # }; 230 # Universal selector, keys will be checked for pattern /etc/dkim/<domain>.<selector>.key 231 domain { 232 key = /etc/dkim; 233 domain = "*"; 234 selector = "dkim"; 235 }; 236 header_canon = relaxed; 237 body_canon = relaxed; 238 sign_alg = sha256; 239}; 240 241 242# Order of checks at EOM: 243# 244# SPF -> DCC -> CLAMAV 245