# # j-chkmail - (c) Ecole des Mines de Paris 2002 # # runtime configuration file template # # ##################################################################### # # j-chkmail configuration file version - don't modify this CF_VERSION 1.3 # ##################################################################### # # General Section # # ##################################################################### # Our domain name DOMAIN crapouille.fr # J_HOSTNAME # How to get hostname # Syntax # J_HOSTNAME SYSTEM | SENDMAIL | host.domain.fr # SYSTEM - value returned by gethostname() # SENDMAIL - sendmail $j macro value # host.domain.fr - fixed hostname # Default value : SYSTEM # #J_HOSTNAME SYSTEM # PRESENCE # Does j-chkmail add a header line to announce its presence ? # PRESENCE SHOW | HIDE # Default value : SHOW PRESENCE SHOW # USER and GROUP # User and group of j-chkmail process # USER smmsp GROUP smmsp # # --------------------------------------------------------------------- # Resources control & deny of service # --------------------------------------------------------------------- # # FILE DESCRIPTOR - How many file descriptor do you want to allocate # to j-chkmail # Syntax # FILE_DESCRIPTORS DEFAULT | MAX | nnn # where nnn is any value between 256 and the hard limit # You may use limit(1) to get soft and hard values for your # system. # Default value : MAX FILE_DESCRIPTORS MAX # FD_FREE_SOFT - When the number of available file descriptors is # less than FD_FREE_SOFT, incoming connections from hosts not listed # at LOCAL or DOMAIN ip networks will be refused # # Default value : 100 FD_FREE_SOFT 100 # FD_FREE_HARD - When the number of available file descriptors is # less than FD_FREE_HARD, all incoming connections will be refused # # Default value : 50 FD_FREE_HARD 50 # USE_SELECT_LIMIT - set this on if libmilter is using select(3socket) # calls - this is an experimental feature of libmilter 8.12.8 # Default value : YES # USE_SELECT_LIMIT YES # FILTER_THROTTLE - not used at the moment # Default value : 1000 # FILTER_THROTTLE 1000 # # --------------------------------------------------------------------- # Communication with sendmail # --------------------------------------------------------------------- # # Socket configuration # One and only one of this options can be configured # # You shall use only one of this options # # INET_SOCK - j-chkmail will listen at port nnn of localhost (only local # access) # # UNIX_SOCK - j-chkmail communicates by named pipes (only local access) # # # SOCKET - general libmilter syntax. The only situation you may need # this option is to set up a "filter server" : if you want # to have sendmail and j-chkmail running on different # machines. In this case, j-chkmail may serve more than # one mail server # # SOCKET # General syntax # # SOCKET inet:2000@localhost # or # SOCKET local:/var/jchkmail/j-chkmail.sock # AF_INET socket INET_SOCK 2000 # AF_UNIX socket #UNIX_SOCK /var/jchkmail/j-chkmail.sock # --------------------------------------------------------------------- # Warning behavior # --------------------------------------------------------------------- # When sending warning messages (messages replacing original ones) : # Note that you need to set up at least one of this options. If you don't # j-chkmail will consider WARN_SENDER is set to YES # Valid option values : NO | YES # Default value value : YES WARN_SENDER YES WARN_RCPT YES # When sending warning messages, you may want to change "From" Header # field to reflect the fact that the message was replaced by the filter # J_SENDER # From header field contents of warning messages # Syntax # J_SENDER email@mondomain.fr | SENDER # Default value : SENDER (no change) # J_SENDER postmaster@mondomaine.fr # When sending warning messages, you may want do change "Subject" header # field to reflect the fact that the message was replaced by filter # J_SUBJECT # Subject header field contents of warning messages # Syntax # J_SUBJECT SUBJECT | "Free text" # Default value SUBJECT (no change) # J_SUBJECT [NON DELIVERY NOTIFICATION] # Warning message content is defined in the file ERROR_MSG_FILE # # --------------------------------------------------------------------- # Log configuration # --------------------------------------------------------------------- # # # LOG_FACILITY local5 LOG_LEVEL 10 # Time interval which will be used to compute and dump internal counters # to text file, used by contrib scripts to generate web reports STATS_INTERVAL 300 # If this variable is set to YES, j-chkmail will create a file with # filtered attachments in order to do further analysis. LOG_ATTACHMENTS NO # DUMP_COUNTERS - Do periodical dump of counters to a file - you need # this if you use some tool (such as the contrib rrdtool scripts) to # to monitor filter behavior # # Default value : YES DUMP_COUNTERS YES # LOG_COUNTERS - To do periodical log of internal counters by syslog # # Default value : YES LOG_COUNTERS YES # # --------------------------------------------------------------------- # Cleanup of quarantine directory # --------------------------------------------------------------------- # # Cleanup of old quarantined files # Interval between cleanups (in seconds) # Default value : 21600 s (6 hours) CLEANUP_INTERVAL 21600 # delete quarantine files older than... # Default value : 86400 s (one day) QUARANTINE_MAX_AGE 86400 # --------------------------------------------------------------------- # Configuration files # --------------------------------------------------------------------- # Default configuration files # Warning messages templates ERROR_MSG_FILE /usr/pkg/etc/jchkmail/j-error-msg # Local intranet users USERS_FILE /usr/pkg/etc/jchkmail/j-local-users # Known IP networks (local, domain and friends) NETS_FILE /usr/pkg/etc/jchkmail/j-nets # Host access file 8-) HOST_ACCESS_FILE /usr/pkg/etc/jchkmail/j-host-access # User access file 8-)) USER_ACCESS_FILE /usr/pkg/etc/jchkmail/j-user-access # Regular expressions checked agains message contents REGEX_FILE /usr/pkg/etc/jchkmail/j-regex # sendmail class W file CW_FILE /etc/mail/local-host-names # AUTO_RELOAD_TABLES - set this to some value greater than 0, if you # want j-chkmail to periodically reload table data files # The value of this parameter is given in seconds # Default value : 0 - no auto reload. AUTO_RELOAD_TABLES 0 # AUTO_RELOAD_CONF - set this to some value greater than 0, if you # want j-chkmail to periodically reload ALL configuration files # The value of this parameter is given in seconds # Default value : 0 - no auto reload. AUTO_RELOAD_CONF 0 # IMPORTANT : # - only AUTO_RELOAD_TABLES option is activated in this version # # --------------------------------------------------------------------- # Work files and directories # --------------------------------------------------------------------- # Directory where j-chkmail will save temporary files and quarantined # messages SPOOLDIR /var/spool/jchkmail # j-chkmail working directory WORKDIR /var/jchkmail # j-chkmail pid file PID_FILE /var/jchkmail/j-chkmail.pid # j-chkmail stats file (periodical dump of internal counters in # text format to be used by real time monitoring tools STATS_FILE /var/jchkmail/j-stats # persistent state file STATE_FILE /var/jchkmail/j-state # attached files of blocked messages containing XFILES are logged here XFILES_LOG_FILE /var/jchkmail/j-files # messages rejected after content filtering are logged here # you shall activate DUMP_FOUND_REGEX option REGEX_LOG_FILE /var/jchkmail/j-regex # IMPORTANT # XFILES_LOG_FILE and REGEX_LOG_FILE shall be rotated regularly. Other # files have fixed size # HISTORY_ENTRIES - the number of entries (K entries, in fact) to # maintain in the connection history # default value : 32 (32768 entries) HISTORY_ENTRIES 32 # ##################################################################### # # Contents Filtering Section # # ##################################################################### # # Filtering actions may be the following : # OK - Accept messages and do nothing (transparent filtering) # REJECT - Reject message with an "SMTP 5.X.X error result" # WARN - Replace original message by an warning message whose # content is defined at ERROR_MSG_FILE and send it to # sender and recipients, as defined by options WARN_SENDER # and WARN_RCPT # DISCARD - silently discard message (Tssssssss....) # # # --------------------------------------------------------------------- # Internal Mail Scanner configuration - X-FILES # --------------------------------------------------------------------- # # What to do with X-Files # XFILES OK | REJECT | WARN | DISCARD XFILES WARN # Quarantine filtered messages ? XFILE_SAVE_MSG NO # Definition of what is X-Files by their extensions # You may use default values, or define your own extensions. In this # case, defined extensions will completely replace original extensions. # You may put many extensions in the same lines and you may declare # many lines. # Syntax : # FILE_EXT ext1 ext2 ext3 ... # Default values : #FILE_EXT ade adp bas bat bin btm chm cmd com #FILE_EXT cpl crt dll drv exe hlp hta inf ini #FILE_EXT ins isp je js jse lnk mdb mde msc #FILE_EXT msi msp mst pcd pif reg scr sct shb #FILE_EXT shs sys url vb vbe vbs vxd wsc wsf #FILE_EXT wsh # In addition to declaring X-files by their extension, you may # declare additionnal files to filter, by regular expressions # defining their name. # Regular expression filename # Syntax : # FILE_REGEX regular_expression # Example : # To reject all files ending with ".xls.pif" or ".doc.pif" #FILE_REGEX \.(xls|doc)\.pif$ # # --------------------------------------------------------------------- # Verifying message contents # --------------------------------------------------------------------- # # When options are active, contents are checked against regular # expressions declared at J_REGEX_FILE configuration file # # This filtering option is experimental # # Possible configuration values are NO (do nothing) and YES (check it) # Default value is NO (do nothing) # If content matches regular expressions, the message is refused with # a 5.X.X smtp error # Check content of all headers CHECK_HEADERS_CONTENT NO # Check content of subject header CHECK_SUBJECT_CONTENT NO # Check content of HELO command CHECK_HELO_CONTENT NO # Check message body content CHECK_BODY_CONTENT NO # Score needed to reject a message (sum of each score) # Valid option value : an integer > 0 #CONTENT_CHECK_SCORE 2 # This option tells if you want to check all messages or only messages # coming from unknown IP networks # #CONTENT_CHECK_ORIGIN ALL | UNKNOWN # CONTENT_CHECK_ORIGIN UNKNOWN # This option limits the max message size to check. As spam messages # are usually short messages, and the time to scan doesn't grows linearly # with message size, you may decide to check only messages # shorter than some limit. 100 Ko seems to be a good value. # CONTENT_CHECK_SIZE 100000 # activate logging of messages rejected after content checking # at file REGEX_FILE DUMP_FOUND_REGEX YES # # --------------------------------------------------------------------- # Verifying message headers, recipients and encoding # --------------------------------------------------------------------- # # --------------------------------------------------------------------- # Intranet Users # # CHECK_LOCAL_USERS : users listed in USERS_FILE can receive mail only # from IP adresses inside LOCAL DOMAIN and FRIEND nets listed at # NETS_FILE # # Valid option values : NO | YES # Default value value : NO CHECK_LOCAL_USERS YES # Local users are declared in the file USERS_FILE # See configuration files # # --------------------------------------------------------------------- # Limit the number of recipients in the same message # # Limits are based on the neighbourhood notion as defined in the # J_NETS configuration file # CHECK_NB_RCPT NO | YES CHECK_NB_RCPT NO MAX_RCPT_FROM_DOMAIN 200 MAX_RCPT_FROM_LOCAL 1000 MAX_RCPT_FROM_FRIEND 200 MAX_RCPT_FROM_OUTSIDE 25 # --------------------------------------------------------------------- # Message headers presence # # Valid option values : OK REJECT # Default option value : OK NO_TO_HEADERS OK NO_FROM_HEADERS OK NO_SUBJECT_HEADER OK NO_HEADERS OK # --------------------------------------------------------------------- # Entire body encoding (Content-transfer-encoding header contents) # # Valid option values : OK REJECT # Default option value : OK ENCODING_BASE64 OK ENCODING_QUOTED_PRINTABLE OK ENCODING_BINARY OK # # --------------------------------------------------------------------- # External mail scanner configuration # --------------------------------------------------------------------- # # By design, external scanner isn't handled by the mail j-chkmail # process. So, you may define : # - an inet communication port between main j-chkmail process and # scanner server # - the number of pre-forked scanning processes # What to do with filtered messages # #AV_ACTION OK | REJECT | WARN | DISCARD AV_ACTION OK # Quarantine filtered messages ? AV_SAVE_MSG YES # # Communication port between main j-chkmail process and scanner # server. Default port is 2001 AV_PORT 2001 # Number of fre-forked servers at start-up # any number between 2 and 50 - 5 shall be a good value # AV_NB_SERVERS 5 # Time to wait (in seconds) for an answer from external filter AV_TIMEOUT 30 # Does every message shall be scanned or only messages with # attachments ? # AV_SCOPE ALL | ATTACHMENTS AV_SCOPE ALL # The following three options define how to call and handle external # scanner # AV_TYPE - the type of external scanner # Possible values : USER - user defined scanner (see examples # inside contrib/user-filter) # UVSCAN - uvscan from mcafee scanner # TREND - vscan from Trendmicro # (very experimental) # AV_PATH - absolute path to filter # AV_ARGS - command line arguments to pass to scanner AV_TYPE USER AV_PATH /usr/local/bin/my-filter #AV_ARGS #AV_TYPE UVSCAN #AV_PATH /usr/local/uvscan/uvscan #AV_ARGS --mime --secure -rv --summary --noboot #AV_TYPE TREND #AV_PATH /opt/trend/ISBASE/IScan.BASE/vscan #AV_ARGS -a # ##################################################################### # # Gateway behavior section # # ##################################################################### # # --------------------------------------------------------------------- # Filtering by the gateway connection rate and number of recipients rate # --------------------------------------------------------------------- # # obsolete, left here for compatibility only. Use CHECK_THROTTLE_CONN # and CHECK_THROTTLE_RCPT # Setting this option to YES is equivalent to set both options bellow # to YES CHECK_THROTTLE NO # Check gateway connection rate over 10 minutes CHECK_THROTTLE_CONN NO # check gateway recipient rate over 10 minutes CHECK_THROTTLE_RCPT NO # What to do when throttle limit is reached : # Possible values are OK | TEMPFAIL | REJECT # Default value is TEMPFAIL RES_THROTTLE_FROM_LOCAL TEMPFAIL RES_THROTTLE_FROM_DOMAIN TEMPFAIL RES_THROTTLE_FROM_FRIEND TEMPFAIL RES_THROTTLE_FROM_OUTSIDE TEMPFAIL # limits defined bellow uses the neighbourhood notion defined at # J_NETS_FILE configuration file # # Values are for 10 minutes # CONN_THROTTLE_FROM_LOCAL 200 CONN_THROTTLE_FROM_DOMAIN 200 CONN_THROTTLE_FROM_FRIEND 30 CONN_THROTTLE_FROM_OUTSIDE 10 RCPT_THROTTLE_FROM_LOCAL 1000 RCPT_THROTTLE_FROM_DOMAIN 1000 RCPT_THROTTLE_FROM_FRIEND 200 RCPT_THROTTLE_FROM_OUTSIDE 100 # # --------------------------------------------------------------------- # Filtering by the gateway DNS resolution # --------------------------------------------------------------------- # Valid option values : OK REJECT # Default option value : OK RESOLVE_FORGED OK RESOLVE_FAIL OK # In order to allow minimal communication, you may accept a number of # connections coming from gateways having bad DNS declarations # Otherwise, you may declare known gateways having bad DNS declarations # in the J_HOST_ACCESS_FILE # # RESOLVE_ACCEPT_06H 2 RESOLVE_ACCEPT_12H 3 RESOLVE_ACCEPT_18H 4 RESOLVE_ACCEPT_24H 4 # ##################################################################### # # "Others" Section # # ##################################################################### # --------------------------------------------------------------------- # Mail filter configuration - X-Mailer header contents # --------------------------------------------------------------------- # There are some j-chkmail users hating Microsoft... 8-) # Valid option values : OK REJECT # Default option value : OK OUTLOOK OK OUTLOOK_LOCAL OK OUTLOOK_FRIEND OK OUTLOOK_DOMAIN OK