diff options
Diffstat (limited to 'testing/rmilter/rmilter.conf')
| -rw-r--r-- | testing/rmilter/rmilter.conf | 259 |
1 files changed, 7 insertions, 252 deletions
diff --git a/testing/rmilter/rmilter.conf b/testing/rmilter/rmilter.conf index 6250474ef3..f1a4b17b2c 100644 --- a/testing/rmilter/rmilter.conf +++ b/testing/rmilter/rmilter.conf @@ -1,265 +1,20 @@ # .include - directive to include other config file -#.include ./rmilter-grey.conf +.include /etc/rmilter/rmilter.conf.common # pidfile - path to pid file -# Default: pidfile = /run/rmilter/rmilter.pid - +# Default: no defaults pidfile = /run/rmilter/rmilter.pid; # bind_socket - socket credits for local bind: # unix:/path/to/file - bind to local socket # inet:port@host - bind to inet socket -# Default: bind_socket = unix:/var/rmilter/rmilter.sock; - +# Default: no defaults bind_socket = unix:/run/rmilter/rmilter.sock; # tempdir - path to directory that contains temporary files -# Default: $TMPDIR - +# Default: $TMPDIR tempdir = /tmp; -# tempfiles_mode - set permission for temp files -# Default: 00600 - -tempfiles_mode = 00600; - -# max_size - maximum size of scanned mail with clamav and dcc -# Default: 0 (no limit) - -max_size = 10M; - -# strict_auth - strict checks for mails from authenticated senders -# Default: no - -strict_auth = no; - -# spf_domains - path to file that contains hash of spf domains -# Default: empty - -#spf_domains = example.com; - -# use_dcc - whether use or not dcc system -# Default: no - -use_dcc = no; - -use_redis = yes; - -# .include - directive to include other config file -#.include ./rmilter-grey.conf - -clamav { - # servers - clamav socket definitions in format: - # /path/to/file - # host[:port] - # sockets are separated by ',' - # Default: empty - #servers = /run/clamav/clamd.sock; - # connect_timeout - timeout in miliseconds for connecting to clamav - # Default: 1s - connect_timeout = 1s; - - # port_timeout - timeout in miliseconds for waiting for clamav port response - # Default: 4s - port_timeout = 4s; - - # results_timeout - timeout in miliseconds for waiting for clamav response - # Default: 20s - results_timeout = 20s; - - # error_time - time in seconds during which we are counting errors - # Default: 10 - error_time = 10; - - # dead_time - time in seconds during which we are thinking that server is down - # Default: 300 - dead_time = 300; - - # maxerrors - maximum number of errors that can occur during error_time to make us thinking that - # this upstream is dead - # Default: 10 - maxerrors = 10; -}; - -spamd { - # servers - spamd socket definitions in format: - # /path/to/file - # host[:port] - # sockets are separated by ',' - # is server name is prefixed with r: it is rspamd server - # Default: empty - servers = r:localhost:11333; - - # also_check - extra spamd servers to check - #also_check = r:spam.example.com; - - # diff_dir - path where to write messages that have different results from main and extra checks - #diff_dir = /var/run/rmilter/diffmsg; - - # connect_timeout - timeout in milliseconds for connecting to spamd - # Default: 1s - connect_timeout = 1s; - - # results_timeout - timeout in milliseconds for waiting for spamd response - # Default: 20s - results_timeout = 20s; - - # error_time - time in seconds during which we are counting errors - # Default: 10 - error_time = 10; - - # dead_time - time in seconds during which we are thinking that server is down - # Default: 300 - dead_time = 300; - - # maxerrors - maximum number of errors that can occur during error_time to make us thinking that - # this upstream is dead - # Default: 10 - maxerrors = 10; - - # reject_message - reject message for spam - # Default: "Spam message rejected; If this is not spam contact abuse" - reject_message = "Spam message rejected; If this is not spam contact abuse"; - - # whitelist - list of ips or nets that should be not checked with spamd - # Default: empty - whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128; - - # rspamd_metric - metric for using with rspamd - # Default: "default" - rspamd_metric = "default"; -}; - -redis { - # servers_grey - redis servers for greylisting in format: - # host[:port][, host[:port]] - servers_grey = localhost; - - # servers_white - redis servers for whitelisting in format similar to that is used - # in servers_grey - # servers_white = redis.example.com:6379; - - # servers_limits - redis servers used for limits storing, can not be mirrored - servers_limits = localhost; - - # servers_id - redis servers used for message id storing, can not be mirrored - servers_id = localhost; - - # id_prefix - prefix for extracting message ids from redis - # Default: empty (no prefix is prepended to key) - id_prefix = "message_id."; - - # grey_prefix - prefix for extracting greylisted records from redis - # Default: empty (no prefix is prepended to key) - grey_prefix = "grey."; - - # id_prefix - prefix for extracting whitelisted records from redis - # Default: empty (no prefix is prepended to key) - white_prefix = "white."; - - # connect_timeout - timeout in miliseconds for waiting for redis - # Default: 1s - connect_timeout = 1s; - - # error_time - time in seconds during which we are counting errors - # Default: 10 - error_time = 10; - - # dead_time - time in seconds during which we are thinking that server is down - # Default: 300 - dead_time = 300; - - # maxerrors - maximum number of errors that can occur during error_time to make us thinking that - # this upstream is dead - # Default: 10 - maxerrors = 10; -}; - -# rule definition: -# rule { -# accept|discard|reject|tempfail|quarantine "[message]"; <- action definition -# [not] connect <regexp> <regexp>; <- conditions -# helo <regexp>; -# envfrom <regexp>; -# envrcpt <regexp>; -# header <regexp> <regexp>; -# body <regexp>; -# }; - -# limits section -limits { - # Whitelisted ip or networks - #limit_whitelist = 194.67.45.4/32; - # Whitelisted recipients - limit_whitelist_rcpt = postmaster, mailer-daemon; - # Addrs for bounce checks - limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon; - # Limit for bounce mail - limit_bounce_to = 5:0.000277778; - # Limit for bounce mail per one source ip - limit_bounce_to_ip = 5:0.000277778; - # Limit for all mail per recipient - limit_to = 20:0.016666667; - # Limit for all mail per one source ip - limit_to_ip = 30:0.025; - # Limit for all mail per one source ip and from address - limit_to_ip_from = 100:0.033333333; -}; - -beanstalk { - # List of beanstalk servers, random selected - #servers = bot01.example.com:3132; - - # Address of server to which rmilter should send all messages copies - #copy_server = somehost:13333; - - # Address of server to which rmilter should send spam messages copies - #spam_server = otherhost:13333; - - # Time to live for task in seconds - lifetime = 172800; - # Regexp that define for which messages we should put the whole message to beanstalk - # now only In-Reply-To headers are checked - id_regexp = "/^SomeID.*$/"; - # Flags for sending beanstalk copies - send_beanstalk_headers = yes; - send_beanstalk_copy = yes; - send_beanstalk_spam = yes; -}; - -greylisting { - timeout = 300s; - expire = 3d; - whitelist = 127.0.0.1, 192.168.1.1, 192.168.2.0/24; - awl_enable = yes; - awl_pool = 10M; - awl_hits = 10; - awl_ttl = 3600s; -}; - -dkim { - # Sample for dkim specific keys - # domain { - # key = /etc/mail/dkim/dkim_example.key; - # domain = "example.com"; - # selector = "dkim"; - # }; - # domain { - # key = /etc/mail/dkim/dkim_test.key; - # domain = "test.com"; - # selector = "dkim"; - # }; - # Universal selector, keys will be checked for pattern /etc/mail/dkim/<domain>.<selector>.key - domain { - key = /etc/mail/dkim; - domain = "*"; - selector = "dkim"; - }; - header_canon = relaxed; - body_canon = relaxed; - sign_alg = sha256; -}; - -# Order of checks at EOM: -# -# SPF -> DCC -> CLAMAV +# include user's configuration, replace this with full path +.try_include /etc/rmilter/rmilter.conf.local +.try_include /etc/rmilter/conf.d/*.conf |