[Postfixbuch-users] Whilelist von Amavis
R. Wilhelm
postfix at online-webservice24.de
Mo Aug 6 14:18:44 CEST 2007
srv1:~# egrep -v '^#|^$|^[[:space:]]+#' /etc/amavisd.conf
use strict;
$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
$mydomain = 'online-webservice24.de'; # (no useful default)
$myhostname = 'srv1.online-webservice24.de'; # fqdn of this host, default
by uname(3)
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'amavis'; # (no default; customary: vscan or amavis or
sweep), -g
$TEMPBASE = $MYHOME; # (must be set if other config vars use
is), -T
$pid_file = "/var/run/amavis/amavisd.pid"; # (default is
"$MYHOME/amavisd.pid"), -P
$lock_file = "/var/run/amavis/amavisd.lock"; # (default is
"$MYHOME/amavisd.lock"), -L
$ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
$notify_method = $forward_method; # where to submit notifications
$max_servers = 5; # number of pre-forked children (default 2),
-m
$max_requests = 20; # retire a child after that many accepts (default 20)
$child_timeout=5*60; # abort child if it does not complete its processing
in
$smtpd_timeout = 120; # disconnect session if client is idle for too long
@local_domains_maps = (
[".$mydomain" ],
read_hash('/etc/postfix/vhcs2/domains')
); # $mydomain and its subdomains
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
$inet_socket_port = 10024; # accept SMTP on this local TCP port
@inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP
$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis')
$syslog_facility = 'mail'; # Syslog facility as a string
$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
$log_level = 5; # (defaults to 0), -d
$log_recip_templ = undef; # undef disables by-recipient level-0 log entries
$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
read_l10n_templates('de_DE', '/etc/amavis');
$final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD)
$final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_spam_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)
@viruses_that_fake_sender_maps = (new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i
,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/^/ => 1], # true by default (remove or comment-out if undesired)
));
$QUARANTINEDIR = '/var/lib/amavis/virusmails'; # -Q
$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";
$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";
$virus_quarantine_to = 'virus-quarantine'; # traditional local
quarantine
$bad_header_quarantine_to = 'undef';
#'bad-header-quarantine'; # local quarantine
$spam_quarantine_to = '/var/lib/amavis/spammails/'; # local
quarantine
$sa_quarantine_cutoff_level = 13; # dflt: undef, which disables this
feature
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: 'X-Virus-Scanned')
$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
$defang_undecipherable = 1; # default is false: don't modify mail body
$defang_spam = 1; # default is false: don't modify mail body
$remove_existing_x_scanned_headers= 1; # remove existing X-Virus-Scanned
$remove_existing_spam_headers = 1; # remove existing spam headers if
$bypass_decode_parts = 1; # (defaults to false)
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains
undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
);
$banned_namepath_re = new_RE(
qr'(?# BLOCK COMMON NAME EXENSIONS )
^ (.*\t)? N= [^\t\n]* \. (pif|scr) (\t.*)? $'xmi,
);
$banned_namepath_re = undef; # to disable new-style
%banned_rules = (
'MYNETS-DEFAULT' => new_RE( # permissive set of rules for internal hosts
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any name/type in Unix archives
qr'.\.(vbs|pif|scr)$'i, # banned extension - rudimentary
),
'DEFAULT' => $banned_filename_re,
);
$sql_select_white_black_list = undef; # undef disables SQL
white/blacklisting
$localpart_is_case_sensitive = 0; # (default is false)
@score_sender_maps = ({ # a by-recipient hash lookup table
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all
soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>
5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>
5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i =>
5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i =>
5.0],
[qr'^(your_friend|greatoffers)@'i =>
5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i =>
5.0],
),
{ # a hash-type lookup table (associative array)
'cooperate at fjsinc.com' => -10.0,
'nobody at cert.org' => -3.0,
'cert-advisory at us-cert.gov' => -3.0,
'owner-alert at iss.net' => -3.0,
'slashdot at slashdot.org' => -3.0,
'securityfocus.com' => -3.0,
'ntbugtraq at listserv.ntbugtraq.com' => -3.0,
'security-alerts at linuxsecurity.com' => -3.0,
'mailman-announce-admin at python.org' => -3.0,
'amavis-user-admin at lists.sourceforge.net'=> -3.0,
'amavis-user-bounces at lists.sourceforge.net' => -3.0,
'spamassassin.apache.org' => -3.0,
'notification-return at lists.sophos.com' => -3.0,
'owner-postfix-users at postfix.org' => -3.0,
'owner-postfix-announce at postfix.org' => -3.0,
'owner-sendmail-announce at lists.sendmail.org' => -3.0,
'sendmail-announce-request at lists.sendmail.org' => -3.0,
'donotreply at sendmail.org' => -3.0,
'ca+envelope at sendmail.org' => -3.0,
'noreply at freshmeat.net' => -3.0,
'owner-technews at postel.acm.org' => -3.0,
'ietf-123-owner at loki.ietf.org' => -3.0,
'cvs-commits-list-admin at gnome.org' => -3.0,
'rt-users-admin at lists.fsck.com' => -3.0,
'clp-request at comp.nus.edu.sg' => -3.0,
'surveys-errors at lists.nua.ie' => -3.0,
'emailnews at genomeweb.com' => -5.0,
'yahoo-dev-null at yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews at linuxnetworx.com' => -3.0,
lc('lvs-users-admin at LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews at CNNIMAIL12.CNN.COM') => -5.0,
'sender at example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
@blacklist_sender_maps = ( new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
));
@whitelist_sender_maps = (
read_hash("/etc/amavis/whilelist_sender"), # a hash table read from a file
);
$smtpd_recipient_limit = 1100; # (default is 1100)
$MAXLEVELS = 5; # (default is undef, no limit)
$MAXFILES = 10; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced)
$MAX_EXPANSION_QUOTA = 100*1024*1024; # bytes (default undef, not
enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (default is 5)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (default is 500)
$virus_check_negative_ttl= 3*60; # time to remember that mail was not
infected
$virus_check_positive_ttl= 30*60; # time to remember that mail was infected
$spam_check_negative_ttl = 10*60; # time to remember that mail was not spam
$spam_check_positive_ttl = 30*60; # time to remember that mail was spam
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid
vulnerability
$dspam = 'dspam';
@decoders = (
['mail', \&do_mime_decode],
['asc', \&do_ascii],
['uue', \&do_ascii],
['hqx', \&do_ascii],
['ync', \&do_ascii],
['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
['gz', \&do_uncompress, 'gzip -d'],
['gz', \&do_gunzip],
['bz2', \&do_uncompress, 'bzip2 -d'],
['lzo', \&do_uncompress, 'lzop -d'],
['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_tar],
['deb', \&do_ar, 'ar'],
['zip', \&do_unzip],
['rar', \&do_unrar, ['rar','unrar'] ],
['arj', \&do_unarj, ['arj','unarj'] ],
['arc', \&do_arc, ['nomarch','arc'] ],
['zoo', \&do_zoo, ['zoo','unzoo'] ],
['lha', \&do_lha, 'lha'],
['cab', \&do_cabextract, 'cabextract'],
['tnef', \&do_tnef_ext, 'tnef'],
['tnef', \&do_tnef],
['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);
$sa_local_tests_only = 0; # only tests which do not require internet
access?
$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is
larger
$sa_tag_level_deflt = 0.0; # add spam info headers if at, or above that
level;
$sa_tag2_level_deflt = 3.0 ;# add 'spam detected' headers at that level to
$sa_kill_level_deflt = 3.5; # triggers spam evasive actions
$sa_dsn_cutoff_level = 5; # spam level beyond which a DSN is not sent,
@spam_dsn_cutoff_level_bysender_maps = (
{ # an associative array (hash) lookup table, use lowercase keys
'virgilio.it' => 7, 'mail.ru' => 7, '0451.com' => 7,
'yahoo.co.uk' => 7, 'yahoo.co.jp' => 7, 'nobody@' => 0,
'noreply@' => -20, 'no-reply@' => -20, 'donotreply@' => 0,
'newsletter@' => -10, 'news@' => -20,
'opt-in@' => 0, 'opt-out@' => 0, 'yahoo-dev-null@' => 0,
'.optin-out.com' => 0, 'daily at astrocenter.com' => 0, 'rr.com' => 10,
'spamadmin at fraunhofer.de'=> 7, # Sophos PureMessage spam bounces
},
\$sa_dsn_cutoff_level, # catchall default value
);
$sa_spam_subject_tag = ('**** SPAM **** Punkte _SCORE_ **** '); #
(defaults to undef, disabled)
$sa_spam_modifies_subj = 1; # in @spam_modifies_subj_maps, default is true
$sa_spam_level_char = '*'; # char for X-Spam-Level bar, defaults to '*';
$sa_spam_report_header = 1; # insert X-Spam-Report header field? default
false
@av_scanners = (
);
@av_scanners_backup = (
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
1; # insure a defined return
Mehr Informationen über die Mailingliste Postfixbuch-users