# .include - directive to include other config file #.include ./rmilter-grey.conf # pidfile - path to pid file # Default: pidfile = /run/rmilter/rmilter.pid pidfile = /run/rmilter/rmilter.pid; # bind_socket - socket credits for local bind: # unix:/path/to/file - bind to local socket # inet:port@host - bind to inet socket # Default: bind_socket = unix:/var/rmilter/rmilter.sock; bind_socket = unix:/run/rmilter/rmilter.sock; # tempdir - path to directory that contains temporary files # Default: $TMPDIR tempdir = /tmp; # tempfiles_mode - set permission for temp files # Default: 00600 tempfiles_mode = 00600; # max_size - maximum size of scanned mail with clamav and dcc # Default: 0 (no limit) max_size = 10M; # strict_auth - strict checks for mails from authenticated senders # Default: no strict_auth = no; # spf_domains - path to file that contains hash of spf domains # Default: empty #spf_domains = example.com; # use_dcc - whether use or not dcc system # Default: no use_dcc = no; use_redis = yes; # .include - directive to include other config file #.include ./rmilter-grey.conf clamav { # servers - clamav socket definitions in format: # /path/to/file # host[:port] # sockets are separated by ',' # Default: empty #servers = /run/clamav/clamd.sock; # connect_timeout - timeout in miliseconds for connecting to clamav # Default: 1s connect_timeout = 1s; # port_timeout - timeout in miliseconds for waiting for clamav port response # Default: 4s port_timeout = 4s; # results_timeout - timeout in miliseconds for waiting for clamav response # Default: 20s results_timeout = 20s; # error_time - time in seconds during which we are counting errors # Default: 10 error_time = 10; # dead_time - time in seconds during which we are thinking that server is down # Default: 300 dead_time = 300; # maxerrors - maximum number of errors that can occur during error_time to make us thinking that # this upstream is dead # Default: 10 maxerrors = 10; }; spamd { # servers - spamd socket definitions in format: # /path/to/file # host[:port] # sockets are separated by ',' # is server name is prefixed with r: it is rspamd server # Default: empty servers = r:localhost:11333; # also_check - extra spamd servers to check #also_check = r:spam.example.com; # diff_dir - path where to write messages that have different results from main and extra checks #diff_dir = /var/run/rmilter/diffmsg; # connect_timeout - timeout in milliseconds for connecting to spamd # Default: 1s connect_timeout = 1s; # results_timeout - timeout in milliseconds for waiting for spamd response # Default: 20s results_timeout = 20s; # error_time - time in seconds during which we are counting errors # Default: 10 error_time = 10; # dead_time - time in seconds during which we are thinking that server is down # Default: 300 dead_time = 300; # maxerrors - maximum number of errors that can occur during error_time to make us thinking that # this upstream is dead # Default: 10 maxerrors = 10; # reject_message - reject message for spam # Default: "Spam message rejected; If this is not spam contact abuse" reject_message = "Spam message rejected; If this is not spam contact abuse"; # whitelist - list of ips or nets that should be not checked with spamd # Default: empty whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128; # rspamd_metric - metric for using with rspamd # Default: "default" rspamd_metric = "default"; }; redis { # servers_grey - redis servers for greylisting in format: # host[:port][, host[:port]] servers_grey = localhost; # servers_white - redis servers for whitelisting in format similar to that is used # in servers_grey # servers_white = redis.example.com:6379; # servers_limits - redis servers used for limits storing, can not be mirrored servers_limits = localhost; # servers_id - redis servers used for message id storing, can not be mirrored servers_id = localhost; # id_prefix - prefix for extracting message ids from redis # Default: empty (no prefix is prepended to key) id_prefix = "message_id."; # grey_prefix - prefix for extracting greylisted records from redis # Default: empty (no prefix is prepended to key) grey_prefix = "grey."; # id_prefix - prefix for extracting whitelisted records from redis # Default: empty (no prefix is prepended to key) white_prefix = "white."; # connect_timeout - timeout in miliseconds for waiting for redis # Default: 1s connect_timeout = 1s; # error_time - time in seconds during which we are counting errors # Default: 10 error_time = 10; # dead_time - time in seconds during which we are thinking that server is down # Default: 300 dead_time = 300; # maxerrors - maximum number of errors that can occur during error_time to make us thinking that # this upstream is dead # Default: 10 maxerrors = 10; }; # rule definition: # rule { # accept|discard|reject|tempfail|quarantine "[message]"; <- action definition # [not] connect ; <- conditions # helo ; # envfrom ; # envrcpt ; # header ; # body ; # }; # limits section limits { # Whitelisted ip or networks #limit_whitelist = 194.67.45.4/32; # Whitelisted recipients limit_whitelist_rcpt = postmaster, mailer-daemon; # Addrs for bounce checks limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon; # Limit for bounce mail limit_bounce_to = 5:0.000277778; # Limit for bounce mail per one source ip limit_bounce_to_ip = 5:0.000277778; # Limit for all mail per recipient limit_to = 20:0.016666667; # Limit for all mail per one source ip limit_to_ip = 30:0.025; # Limit for all mail per one source ip and from address limit_to_ip_from = 100:0.033333333; }; beanstalk { # List of beanstalk servers, random selected #servers = bot01.example.com:3132; # Address of server to which rmilter should send all messages copies #copy_server = somehost:13333; # Address of server to which rmilter should send spam messages copies #spam_server = otherhost:13333; # Time to live for task in seconds lifetime = 172800; # Regexp that define for which messages we should put the whole message to beanstalk # now only In-Reply-To headers are checked id_regexp = "/^SomeID.*$/"; # Flags for sending beanstalk copies send_beanstalk_headers = yes; send_beanstalk_copy = yes; send_beanstalk_spam = yes; }; greylisting { timeout = 300s; expire = 3d; whitelist = 127.0.0.1, 192.168.1.1, 192.168.2.0/24; awl_enable = yes; awl_pool = 10M; awl_hits = 10; awl_ttl = 3600s; }; dkim { # Sample for dkim specific keys # domain { # key = /etc/mail/dkim/dkim_example.key; # domain = "example.com"; # selector = "dkim"; # }; # domain { # key = /etc/mail/dkim/dkim_test.key; # domain = "test.com"; # selector = "dkim"; # }; # Universal selector, keys will be checked for pattern /etc/mail/dkim/..key domain { key = /etc/mail/dkim; domain = "*"; selector = "dkim"; }; header_canon = relaxed; body_canon = relaxed; sign_alg = sha256; }; # Order of checks at EOM: # # SPF -> DCC -> CLAMAV