use strict; use Socket; ############### # General ############### $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $max_servers = 2; $daemon_user = 'amavis'; $daemon_group = 'amavis'; $mydomain = $ENV{DOMAIN}; $myhostname = $ENV{HOSTNAME}; $MYHOME = '/var/amavis'; $TEMPBASE = "$MYHOME/tmp"; $ENV{TMPDIR} = $TEMPBASE; $QUARANTINEDIR = '/var/amavis/quarantine'; $log_level = 2; $do_syslog = 1; $enable_db = 1; $nanny_details_level = 2; $enable_dkim_verification = 1; @local_domains_maps = ( [".$mydomain"] ); @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); @inet_acl = @mynetworks; $unix_socketname = "$MYHOME/amavisd.sock"; $inet_socket_port = 2525; $inet_socket_bind = undef; $forward_method = 'lmtp:lmtp:25'; ############### # Policies ############### $interface_policy{'2525'} = 'EXT'; $policy_bank{'EXT'} = { }; ############### # Notifications ############### $virus_admin = "$ENV{POSTMASTER}\@$mydomain"; $mailfrom_notify_admin = "$ENV{POSTMASTER}\@$mydomain"; $mailfrom_notify_recip = "$ENV{POSTMASTER}\@$mydomain"; $mailfrom_notify_spamadmin = "$ENV{POSTMASTER}\@$mydomain"; $mailfrom_to_quarantine = ''; @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $recipient_delimiter = '+'; ############### # Antispam ############### $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $sa_spam_subject_tag = ''; ############### # Antivirus ############### $MAXLEVELS = 14; $MAXFILES = 3000; $MIN_EXPANSION_QUOTA = 100*1024; $MAX_EXPANSION_QUOTA = 500*1024*1024; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{CC_BADH.",6"} = 1; # header field syntax error @av_scanners = ( ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", inet_ntoa(inet_aton("clamav")).":3310"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ); @av_scanners_backup = (); ############### # Maps and fine-tuning ############### @score_sender_maps = ({ '.' => [], }); @keep_decoded_original_maps = (new_RE( qr'^MAIL$', # let virus scanner see full original message qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, )); $banned_filename_re = new_RE( # BLOCKED ANYWHERE qr'^\.(exe|lha|cab|dll)$', qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: [ qr'^\.(gz|bz2)$' => 0 ], [ qr'^\.(rpm|cpio|tar)$' => 0 ], qr'.\.(pif|scr)$'i, # BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], qr'^application/x-msdownload$'i, qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # Block certain double extensions in filenames qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, ); @decoders = ( ['mail', \&do_mime_decode], ['F', \&do_uncompress, ['unfreeze', 'freeze -d', 'melt', 'fcat'] ], ['Z', \&do_uncompress, ['uncompress', 'gzip -d', 'zcat'] ], ['gz', \&do_uncompress, 'gzip -d'], ['gz', \&do_gunzip], ['bz2', \&do_uncompress, 'bzip2 -d'], ['xz', \&do_uncompress, ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ], ['lzma', \&do_uncompress, ['lzmadec', 'xz -dc --format=lzma', 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], ['lrz', \&do_uncompress, ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], ['lzo', \&do_uncompress, 'lzop -d'], ['lz4', \&do_uncompress, ['lz4c -d'] ], [['cpio','tar'], \&do_pax_cpio, ['pax', 'gcpio', 'cpio'] ], ['deb', \&do_ar, 'ar'], ['rar', \&do_unrar, ['unrar', 'rar'] ], ['arj', \&do_unarj, ['unarj', 'arj'] ], ['arc', \&do_arc, ['nomarch', 'arc'] ], ['zoo', \&do_zoo, ['zoo', 'unzoo'] ], ['doc', \&do_ole, 'ripole'], ['cab', \&do_cabextract, 'cabextract'], ['tnef', \&do_tnef_ext, 'tnef'], ['tnef', \&do_tnef], [['zip','kmz'], \&do_7zip, ['7za', '7z'] ], [['zip','kmz'], \&do_unzip], ['7z', \&do_7zip, ['7zr', '7za', '7z'] ], [[qw(gz bz2 Z tar)], \&do_7zip, ['7za', '7z'] ], [[qw(xz lzma jar cpio arj rar swf lha iso cab deb rpm)], \&do_7zip, '7z' ], ['exe', \&do_executable, ['unrar','rar'], 'lha', ['unarj','arj'] ], ); 1; # insure a defined return value