github/rmilter
2
0
Fork 0
mirror of https://github.com/donl/rmilter.git synced 2026-06-04 22:07:19 -06:00
Code Issues Projects Packages Wiki Activity Actions
rmilter/rmilter.conf.sample
Vsevolod Stakhov 8c0f545205 Fix default configurations to the inet sockets.
2015-09-14 14:40:50 +01:00

263 lines
7.2 KiB
Text
Raw Permalink Blame History

# Sample config file for rmilter
# $Id$
#
# .include - directive to include other config file
#.include ./rmilter-grey.conf
# pidfile - path to pid file
# Default: pidfile = /var/run/rmilter.pid
pidfile = /var/run/rmilter.pid;
clamav {
# servers - clamav socket definitions in format:
# /path/to/file
# host[:port]
# sockets are separated by ','
# Default: empty
servers = clam1.example.com, clam2.example.com;
# connect_timeout - timeout in miliseconds for connecting to clamav
# Default: 1s
connect_timeout = 1s;
# port_timeout - timeout in miliseconds for waiting for clamav port response
# Default: 4s
port_timeout = 4s;
# results_timeout - timeout in miliseconds for waiting for clamav response
# Default: 20s
results_timeout = 20s;
# error_time - time in seconds during which we are counting errors
# Default: 10
error_time = 10;
# dead_time - time in seconds during which we are thinking that server is down
# Default: 300
dead_time = 300;
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
# this upstream is dead
# Default: 10
maxerrors = 10;
};
spamd {
# servers - spamd socket definitions in format:
# /path/to/file
# host[:port]
# sockets are separated by ','
# is server name is prefixed with r: it is rspamd server
# Default: empty
servers = clam5.example.com, clam6.example.com, clam8.example.com;
# also_check - extra spamd servers to check
#also_check = r:clam10.example.com;
# diff_dir - path where to write messages that have different results from main and extra checks
#diff_dir = /var/run/rmilter/diffmsg;
# connect_timeout - timeout in miliseconds for connecting to spamd
# Default: 1s
connect_timeout = 1s;
# results_timeout - timeout in miliseconds for waiting for spamd response
# Default: 20s
results_timeout = 20s;
# error_time - time in seconds during which we are counting errors
# Default: 10
error_time = 10;
# dead_time - time in seconds during which we are thinking that server is down
# Default: 300
dead_time = 300;
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
# this upstream is dead
# Default: 10
maxerrors = 10;
# reject_message - reject message for spam
# Default: "Spam message rejected; If this is not spam contact abuse team"
reject_message = "Spam message rejected; If this is not spam contact abuse at example.com";
# whitelist - list of ips or nets that should be not checked with spamd
# Default: empty
whitelist = 127.0.0.1/32, 192.168.0.0/16;
# rspamd_metric - metric for using with rspamd
# Default: "default"
rspamd_metric = "default";
};
memcached {
# servers_grey - memcached servers for greylisting in format:
# host[:port][, host[:port]]
# It is possible to make memcached mirroring, its syntax is {server1, server2}
servers_grey = {localhost, memc1.example.com}, memc2.example.com:11211;
# servers_white - memcached servers for whitelisting in format similar to that is used
# in servers_grey
# servers_white = {localhost, memc.example.com}, memc.example.com:11211;
# servers_limits - memcached servers used for limits storing, can not be mirrored
servers_limits = memc1.example.com, memc2.example.com:11211;
# servers_id - memcached servers used for message id storing, can not be mirrored
servers_id = memc1.example.com, memc2.example.com:11211;
# id_prefix - prefix for extracting message ids from memcached
# Default: empty (no prefix is prepended to key)
id_prefix = "message_id.";
# grey_prefix - prefix for extracting greylisted records from memcached
# Default: empty (no prefix is prepended to key)
grey_prefix = "grey.";
# id_prefix - prefix for extracting whitelisted records from memcached
# Default: empty (no prefix is prepended to key)
white_prefix = "white.";
# connect_timeout - timeout in miliseconds for waiting for memcached
# Default: 1s
connect_timeout = 1s;
# error_time - time in seconds during which we are counting errors
# Default: 10
error_time = 10;
# dead_time - time in seconds during which we are thinking that server is down
# Default: 300
dead_time = 300;
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
# this upstream is dead
# Default: 10
maxerrors = 10;
# protocol - protocol that is using for connecting to memcached (tcp or udp)
# Default: udp
protocol = tcp;
};
# bind_socket - socket credits for local bind:
# unix:/path/to/file - bind to local socket
# inet:port@host - bind to inet socket
# Default: bind_socket = unix:/var/tmp/rmilter.sock;
bind_socket = inet:11332@localhost;
# tempdir - path to directory that contains temporary files
# Default: $TMPDIR
tempdir = /tmp;
# max_size - maximum size of scanned mail with clamav and dcc
# Default: 0 (no limit)
max_size = 10M;
# strict_auth - strict checks for mails from authenticated senders
# Default: no
strict_auth = no;
# spf_domains - path to file that contains hash of spf domains
# Default: empty
spf_domains = example.com, mail.ru;
# use_dcc - whether use or not dcc system
# Default: no
use_dcc = yes;
# rule definition:
# rule {
# accept|discard|reject|tempfail|quarantine "[message]"; <- action definition
# [not] connect <regexp> <regexp>; <- conditions
# helo <regexp>;
# envfrom <regexp>;
# envrcpt <regexp>;
# header <regexp> <regexp>;
# body <regexp>;
# };
# limits section
limits {
# Whitelisted ip or networks
#limit_whitelist = 194.67.45.4/32;
# Whitelisted recipients
limit_whitelist_rcpt = postmaster, mailer-daemon;
# Addrs for bounce checks
limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon;
# Limit for bounce mail
limit_bounce_to = 5:0.000277778;
# Limit for bounce mail per one source ip
limit_bounce_to_ip = 5:0.000277778;
# Limit for all mail per recipient
limit_to = 20:0.016666667;
# Limit for all mail per one source ip
limit_to_ip = 30:0.025;
# Limit for all mail per one source ip and from address
limit_to_ip_from = 100:0.033333333;
};
beanstalk {
# List of beanstalk servers, random selected
#servers = bot01.example.com:3132;
# Address of server to which rmilter should send all messages copies
#copy_server = somehost:13333;
# Address of server to which rmilter should send spam messages copies
#spam_server = otherhost:13333;
# Beanstalk protocol
protocol = tcp;
# Time to live for task in seconds
lifetime = 172800;
# Regexp that define for which messages we should put the whole message to beanstalk
# now only In-Reply-To headers are checked
id_regexp = "/^SomeID.*$/";
# Flags for sending beanstalk copies
send_beanstalk_headers = yes;
send_beanstalk_copy = yes;
send_beanstalk_spam = yes;
};
greylisting {
timeout = 300s;
expire = 3d;
whitelist = 127.0.0.1,
192.168.1.1,
192.168.2.0/24;
awl_enable = yes;
awl_pool = 10M;
awl_hits = 10;
awl_ttl = 3600s;
};
dkim {
domain {
key = /usr/local/etc/dkim_example.key;
domain = "example.com";
selector = "dkim";
};
domain {
key = /usr/local/etc/dkim_test.key;
domain = "test.com";
selector = "dkim";
};
header_canon = relaxed;
body_canon = relaxed;
sign_alg = sha256;
};
# Order of checks at EOM:
#
# SPF -> DCC -> CLAMAV
Reference in a new issue View git blame Copy permalink