# .include - directive to include other config file
#.include ./rmilter-grey.conf

# pidfile - path to pid file
# Default: pidfile = /run/rmilter/rmilter.pid

pidfile = /run/rmilter/rmilter.pid;

# bind_socket - socket credits for local bind:
# unix:/path/to/file - bind to local socket
# inet:port@host - bind to inet socket
# Default: bind_socket = unix:/var/rmilter/rmilter.sock;

bind_socket = unix:/run/rmilter/rmilter.sock;

# tempdir - path to directory that contains temporary files
# Default: $TMPDIR

tempdir = /tmp;

# tempfiles_mode - set permission for temp files
# Default: 00600

tempfiles_mode = 00600;

# max_size - maximum size of scanned mail with clamav and dcc
# Default: 0 (no limit)

max_size = 10M;

# strict_auth - strict checks for mails from authenticated senders
# Default: no

strict_auth = no;

# spf_domains - path to file that contains hash of spf domains
# Default: empty

#spf_domains = example.com;

# use_dcc - whether use or not dcc system
# Default: no

use_dcc = no;

use_redis = yes;

# .include - directive to include other config file
#.include ./rmilter-grey.conf

clamav {
	# servers - clamav socket definitions in format:
	# /path/to/file
	# host[:port]
	# sockets are separated by ','
	# Default: empty
	#servers = /run/clamav/clamd.sock;
	# connect_timeout - timeout in miliseconds for connecting to clamav
	# Default: 1s
	connect_timeout = 1s;

	# port_timeout - timeout in miliseconds for waiting for clamav port response
	# Default: 4s
	port_timeout = 4s;

	# results_timeout - timeout in miliseconds for waiting for clamav response
	# Default: 20s
	results_timeout = 20s;

	# error_time - time in seconds during which we are counting errors
	# Default: 10
	error_time = 10;

	# dead_time - time in seconds during which we are thinking that server is down
	# Default: 300
	dead_time = 300;

	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
	# this upstream is dead
	# Default: 10
	maxerrors = 10;
};

spamd {
	# servers - spamd socket definitions in format:
	# /path/to/file
	# host[:port]
	# sockets are separated by ','
	# is server name is prefixed with r: it is rspamd server
	# Default: empty
	servers = r:localhost:11333;

	# also_check - extra spamd servers to check
	#also_check = r:spam.example.com;

	# diff_dir - path where to write messages that have different results from main and extra checks
	#diff_dir = /var/run/rmilter/diffmsg;

	# connect_timeout - timeout in milliseconds for connecting to spamd
	# Default: 1s
	connect_timeout = 1s;

	# results_timeout - timeout in milliseconds for waiting for spamd response
	# Default: 20s
	results_timeout = 20s;

	# error_time - time in seconds during which we are counting errors
	# Default: 10
	error_time = 10;

	# dead_time - time in seconds during which we are thinking that server is down
	# Default: 300
	dead_time = 300;

	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
	# this upstream is dead
	# Default: 10
	maxerrors = 10;

	# reject_message - reject message for spam
	# Default: "Spam message rejected; If this is not spam contact abuse"
	reject_message = "Spam message rejected; If this is not spam contact abuse";

	# whitelist - list of ips or nets that should be not checked with spamd
	# Default: empty
	whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128;

	# rspamd_metric - metric for using with rspamd
	# Default: "default"
	rspamd_metric = "default";
};

redis {
	# servers_grey - redis servers for greylisting in format:
	# host[:port][, host[:port]]
	servers_grey = localhost;

	# servers_white - redis servers for whitelisting in format similar to that is used
	# in servers_grey
	# servers_white = redis.example.com:6379;

	# servers_limits - redis servers used for limits storing, can not be mirrored
	servers_limits = localhost;

	# servers_id - redis servers used for message id storing, can not be mirrored
	servers_id = localhost;

	# id_prefix - prefix for extracting message ids from redis
	# Default: empty (no prefix is prepended to key)
	id_prefix = "message_id.";

	# grey_prefix - prefix for extracting greylisted records from redis
	# Default: empty (no prefix is prepended to key)
	grey_prefix = "grey.";

	# id_prefix - prefix for extracting whitelisted records from redis
	# Default: empty (no prefix is prepended to key)
	white_prefix = "white.";

	# connect_timeout - timeout in miliseconds for waiting for redis
	# Default: 1s
	connect_timeout = 1s;

	# error_time - time in seconds during which we are counting errors
	# Default: 10
	error_time = 10;

	# dead_time - time in seconds during which we are thinking that server is down
	# Default: 300
	dead_time = 300;

	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
	# this upstream is dead
	# Default: 10
	maxerrors = 10;
};

# rule definition:
# rule {
#	accept|discard|reject|tempfail|quarantine "[message]"; <- action definition
#	[not] connect <regexp> <regexp>; <- conditions
#	helo <regexp>;
#	envfrom <regexp>;
#	envrcpt <regexp>;
#	header <regexp> <regexp>;
#	body <regexp>;
# };

# limits section
limits {
	# Whitelisted ip or networks
	#limit_whitelist = 194.67.45.4/32;
	# Whitelisted recipients
	limit_whitelist_rcpt =  postmaster, mailer-daemon;
	# Addrs for bounce checks
	limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon;
	# Limit for bounce mail
	limit_bounce_to = 5:0.000277778;
	# Limit for bounce mail per one source ip
	limit_bounce_to_ip = 5:0.000277778;
	# Limit for all mail per recipient
	limit_to = 20:0.016666667;
	# Limit for all mail per one source ip
	limit_to_ip = 30:0.025;
	# Limit for all mail per one source ip and from address
	limit_to_ip_from = 100:0.033333333;
};

beanstalk {
	# List of beanstalk servers, random selected
	#servers = bot01.example.com:3132;

	# Address of server to which rmilter should send all messages copies
	#copy_server = somehost:13333;

	# Address of server to which rmilter should send spam messages copies
	#spam_server = otherhost:13333;
	
	# Time to live for task in seconds
	lifetime = 172800;
	# Regexp that define for which messages we should put the whole message to beanstalk
	# now only In-Reply-To headers are checked
	id_regexp = "/^SomeID.*$/";
	# Flags for sending beanstalk copies
	send_beanstalk_headers = yes;
	send_beanstalk_copy = yes;
	send_beanstalk_spam = yes;
};

greylisting {
	timeout = 300s;
	expire = 3d;
	whitelist = 127.0.0.1, 192.168.1.1, 192.168.2.0/24;
	awl_enable = yes;
	awl_pool = 10M;
	awl_hits = 10;
	awl_ttl = 3600s;
};

dkim {
	# Sample for dkim specific keys
	# domain {
	#   key = /etc/mail/dkim/dkim_example.key;
	#   domain = "example.com";
	#	selector = "dkim";
	# };
	# domain {
	#   key = /etc/mail/dkim/dkim_test.key;
	#   domain = "test.com";
	#	selector = "dkim";
	# };
	# Universal selector, keys will be checked for pattern /etc/mail/dkim/<domain>.<selector>.key
    domain {
		key = /etc/mail/dkim;
		domain = "*";
		selector = "dkim";
	};
    header_canon = relaxed;
    body_canon = relaxed;
    sign_alg = sha256;
};

# Order of checks at EOM:
#
# SPF -> DCC -> CLAMAV