# pidfile - path to pid file pidfile = /run/rmilter.pid; # bind_socket - socket credits for local bind: bind_socket = inet:9900 # tempdir - path to directory that contains temporary files tempdir = /tmp; # tempfiles_mode - set permission for temp files tempfiles_mode = 00600; # max_size - maximum size of scanned mail with clamav and dcc max_size = 10M; # strict_auth - strict checks for mails from authenticated senders strict_auth = no; # use_dcc - whether use or not dcc system use_dcc = no; use_redis = yes; clamav { # servers - clamav socket definitions in format: servers = antivirus:3310; # connect_timeout - timeout in miliseconds for connecting to clamav connect_timeout = 1s; # port_timeout - timeout in miliseconds for waiting for clamav port response port_timeout = 4s; # results_timeout - timeout in miliseconds for waiting for clamav response results_timeout = 20s; # error_time - time in seconds during which we are counting errors error_time = 10; # dead_time - time in seconds during which we are thinking that server is down dead_time = 300; # maxerrors - maximum number of errors that can occur during error_time to make us thinking that # Default: 10 maxerrors = 10; }; spamd { # servers - spamd socket definitions in format: servers = r:antispam:11333; # connect_timeout - timeout in milliseconds for connecting to spamd connect_timeout = 1s; # results_timeout - timeout in milliseconds for waiting for spamd response results_timeout = 20s; # error_time - time in seconds during which we are counting errors error_time = 10; # dead_time - time in seconds during which we are thinking that server is down dead_time = 300; # maxerrors - maximum number of errors that can occur during error_time to make us thinking that maxerrors = 10; # reject_message - reject message for spam reject_message = "Spam message rejected; If this is not spam contact abuse"; # whitelist - list of ips or nets that should be not checked with spamd whitelist = 127.0.0.1/32, [::1]/128, {{ WHITELIST }}; # rspamd_metric - metric for using with rspamd rspamd_metric = "default"; # Do not reject, add header spamd_never_reject = yes; # Add extended spam headers extended_spam_headers = yes; }; redis { # servers_grey - redis servers for greylisting in format: servers_grey = redis:6379; # servers_white - redis servers for whitelisting in format similar to that is used servers_white = redis:6379; # servers_limits - redis servers used for limits storing, can not be mirrored servers_limits = redis:6379; # servers_id - redis servers used for message id storing, can not be mirrored servers_id = redis:6379; # id_prefix - prefix for extracting message ids from redis id_prefix = "message_id."; # grey_prefix - prefix for extracting greylisted records from redis grey_prefix = "grey."; # id_prefix - prefix for extracting whitelisted records from redis white_prefix = "white."; # connect_timeout - timeout in miliseconds for waiting for redis connect_timeout = 1s; # error_time - time in seconds during which we are counting errors error_time = 10; # dead_time - time in seconds during which we are thinking that server is down dead_time = 300; # maxerrors - maximum number of errors that can occur during error_time to make us thinking that maxerrors = 10; }; # limits section limits { # Whitelisted ip or networks limit_whitelist = 127.0.0.1, [::1]/128, {{ WHITELIST }}; # Whitelisted recipients limit_whitelist_rcpt = postmaster, mailer-daemon; # Addrs for bounce checks limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon; # Limit for bounce mail limit_bounce_to = 5:0.000277778; # Limit for bounce mail per one source ip limit_bounce_to_ip = 5:0.000277778; # Limit for all mail per recipient limit_to = 20:0.016666667; # Limit for all mail per one source ip limit_to_ip = 30:0.025; # Limit for all mail per one source ip and from address limit_to_ip_from = 100:0.033333333; }; greylisting { timeout = 300s; expire = 3d; whitelist = 127.0.0.1, [::1]/128, {{ WHITELIST }}; }; dkim { domain { key = /dkim; domain = "*"; selector = "dkim"; }; header_canon = relaxed; body_canon = relaxed; sign_alg = sha256; auth_only = yes; sign_networks = 127.0.0.1, [::1]/128, {{ WHITELIST }}; }; .try_include /overrides/rmilter.conf