annotate xml/sample.conf @ 54:dca56b2de019

updates for 3.6, better documentation on removing content filtering, missing some files in cvs
author carl
date Wed, 08 Sep 2004 11:58:45 -0700
parents 6b79046b18c2
children 57607387263d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
1 # $Id$
0
96a9758165cd Initial revision
carl
parents:
diff changeset
2 #
96a9758165cd Initial revision
carl
parents:
diff changeset
3 # lines start with a command token, following by argument tokens
96a9758165cd Initial revision
carl
parents:
diff changeset
4 # tokens are separated by spaces or tabs
96a9758165cd Initial revision
carl
parents:
diff changeset
5 #
96a9758165cd Initial revision
carl
parents:
diff changeset
6 #
28
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
7 # tld:
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
8 # second token is the tld suffix - com, net, org, etc
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
9 #
20
948343c0cfdd add sample for content filtering
carl
parents: 14
diff changeset
10 # content:
948343c0cfdd add sample for content filtering
carl
parents: 14
diff changeset
11 # second token is the dns suffix used for the actual lookups
948343c0cfdd add sample for content filtering
carl
parents: 14
diff changeset
12 # third token? is a string enclosed in single quotes, so it
948343c0cfdd add sample for content filtering
carl
parents: 14
diff changeset
13 # is not really a token. This is the error message, with
948343c0cfdd add sample for content filtering
carl
parents: 14
diff changeset
14 # up to two %s parameters for the offending host name and
54
dca56b2de019 updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents: 44
diff changeset
15 # client ip address respectively. If this command is not
dca56b2de019 updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents: 44
diff changeset
16 # present, there is no body scanning for host names or bad
dca56b2de019 updates for 3.6, better documentation on removing content filtering, missing some files in cvs
carl
parents: 44
diff changeset
17 # html tags.
20
948343c0cfdd add sample for content filtering
carl
parents: 14
diff changeset
18 #
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
19 # host_limit:
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
20 # second token is the integer count of the number of host names
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
21 # or urls that are allowed in any one mail body. Zero is
44
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
22 # unlimited. If the actual number of host names in the message
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
23 # is larger than this limit, the message is rejected.
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
24 # third token? is a string enclosed in single quotes, so it
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
25 # is not really a token. This is the error message supplied
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
26 # to the smtp client.
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
27 #
44
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
28 # host_soft_limit:
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
29 # second token is the integer count of the number of host names
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
30 # or urls that are checked in any one mail body. Zero is
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
31 # unlimited. If the actual number of host names in the message
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
32 # is larger than this limit, only a random selection of them
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
33 # are checked against the dnsbl.
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
34 #
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
35 # html_limit:
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
36 # second token is the integer count of the number of bad html tags
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
37 # that are allowed in any one mail body. Zero is unlimited.
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
38 # third token? is a string enclosed in single quotes, so it
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
39 # is not really a token. This is the error message supplied
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
40 # to the smtp client.
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
41 #
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
42 # html_tag:
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
43 # second token is a valid html tag, that is added to the list
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
44 # of valid tags. Any html tag seen in the mail bodies that
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
45 # that is not in this list is presumed to be invalid.
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
46 #
0
96a9758165cd Initial revision
carl
parents:
diff changeset
47 # dnsbl:
96a9758165cd Initial revision
carl
parents:
diff changeset
48 # second token is the name of this dnsbl
96a9758165cd Initial revision
carl
parents:
diff changeset
49 # third token is the dns suffix used for the actual lookups
96a9758165cd Initial revision
carl
parents:
diff changeset
50 # fourth token? is a string enclosed in single quotes, so it
96a9758165cd Initial revision
carl
parents:
diff changeset
51 # is not really a token. This is the error message, with
96a9758165cd Initial revision
carl
parents:
diff changeset
52 # up to two %s parameters for the client ip address.
96a9758165cd Initial revision
carl
parents:
diff changeset
53 #
96a9758165cd Initial revision
carl
parents:
diff changeset
54 # dnsbl_list:
96a9758165cd Initial revision
carl
parents:
diff changeset
55 # second token is the name of this list of dnsbls
96a9758165cd Initial revision
carl
parents:
diff changeset
56 # subsequent tokes are the names of the previously defined dnsbls
96a9758165cd Initial revision
carl
parents:
diff changeset
57 #
96a9758165cd Initial revision
carl
parents:
diff changeset
58 # env_from:
96a9758165cd Initial revision
carl
parents:
diff changeset
59 # second token is the name of this envelope-from-map. There will
96a9758165cd Initial revision
carl
parents:
diff changeset
60 # generally be multiple lines with the same name.
96a9758165cd Initial revision
carl
parents:
diff changeset
61 # third token is the envelope from value from the smtp conversation,
96a9758165cd Initial revision
carl
parents:
diff changeset
62 # or just the domain part that follows the @ symbol.
96a9758165cd Initial revision
carl
parents:
diff changeset
63 # fourth token is BLACK, WHITE, or the name of a previously defined
96a9758165cd Initial revision
carl
parents:
diff changeset
64 # envelope-from-map. BLACK causes mail from this sender to be
96a9758165cd Initial revision
carl
parents:
diff changeset
65 # rejected with "no such user". WHITE causes mail to be accepted
96a9758165cd Initial revision
carl
parents:
diff changeset
66 # and the dns based lists are ignored. DEFAULT may be used to override
96a9758165cd Initial revision
carl
parents:
diff changeset
67 # the contents of other maps that are copied into this map, and
96a9758165cd Initial revision
carl
parents:
diff changeset
68 # set that sender back to the default (not white or black listed,
96a9758165cd Initial revision
carl
parents:
diff changeset
69 # and subject to dnsbl lookups).
96a9758165cd Initial revision
carl
parents:
diff changeset
70 #
96a9758165cd Initial revision
carl
parents:
diff changeset
71 # env_to:
96a9758165cd Initial revision
carl
parents:
diff changeset
72 # second token is the envelope recipient value from the smtp conversation,
96a9758165cd Initial revision
carl
parents:
diff changeset
73 # or just the domain part that follows the @ symbol.
96a9758165cd Initial revision
carl
parents:
diff changeset
74 # third token is the name of a dnsbl-list, or WHITE or BLACK.
96a9758165cd Initial revision
carl
parents:
diff changeset
75 # fourth token is the name of an envelope-from-map, or WHITE or BLACK.
96a9758165cd Initial revision
carl
parents:
diff changeset
76 #
96a9758165cd Initial revision
carl
parents:
diff changeset
77 # If either one is BLACK, mail to this recipient is rejected with
96a9758165cd Initial revision
carl
parents:
diff changeset
78 # "no such user", and the dns lists are not checked.
96a9758165cd Initial revision
carl
parents:
diff changeset
79 #
96a9758165cd Initial revision
carl
parents:
diff changeset
80 # If the envelope-from-map name is WHITE, mail to this recipient is accepted
96a9758165cd Initial revision
carl
parents:
diff changeset
81 # and the dns lists are not checked.
96a9758165cd Initial revision
carl
parents:
diff changeset
82 #
96a9758165cd Initial revision
carl
parents:
diff changeset
83 # If the envelope-from-map exists, the map is checked for the presence
96a9758165cd Initial revision
carl
parents:
diff changeset
84 # of the sender. A WHITE or BLACK answer is definitive and the dns lists
96a9758165cd Initial revision
carl
parents:
diff changeset
85 # are not checked.
96a9758165cd Initial revision
carl
parents:
diff changeset
86 #
96a9758165cd Initial revision
carl
parents:
diff changeset
87 # If the dnsbl-list name is WHITE, the dns lists are not checked and the
96a9758165cd Initial revision
carl
parents:
diff changeset
88 # mail is accepted. Otherwise, the dns lists are checked and the mail
96a9758165cd Initial revision
carl
parents:
diff changeset
89 # is rejected if any list has an A record for the standard dns based
96a9758165cd Initial revision
carl
parents:
diff changeset
90 # lookup scheme (reversed octets of the client followed by the dns suffix).
96a9758165cd Initial revision
carl
parents:
diff changeset
91 #
96a9758165cd Initial revision
carl
parents:
diff changeset
92 #
4
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
93 # include:
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
94 # second token is the path name of the dnsbl milter config file to be
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
95 # included.
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
96 #
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
97 #
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
98 # include_dcc:
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
99 # second token is the name of an envelope-from-map (EMAP below).
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
100 # third token is the path name of the dcc whiteclnt config file to be
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
101 # included.
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
102 # entries from the dcc config are mapped as:
14
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
103 # ok -> WHITE
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
104 # many -> BLACK
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
105 # env_from -> env_from EMAP xxx
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
106 # env_to -> env_to
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
107 # substitute mail_host -> env_from EMAP xxx
4
15a7e942adec updates to use dcc conf files
carl
parents: 0
diff changeset
108 #
0
96a9758165cd Initial revision
carl
parents:
diff changeset
109 #
96a9758165cd Initial revision
carl
parents:
diff changeset
110 #
96a9758165cd Initial revision
carl
parents:
diff changeset
111 ##############################################
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
112 # content scanning parameters
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
113 #
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
114 content sbl-xbl.spamhaus.org 'Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
115 host_limit 20 'Mail containing too many host names rejected'
44
6b79046b18c2 changes for 3.2
carl
parents: 28
diff changeset
116 host_soft_limit 20
27
43a4f6b3e668 add configurable host name limit and bad html tag limits.
carl
parents: 24
diff changeset
117 html_limit 20 'Mail containing excessive bad html tags rejected'
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
118 include html-tags.conf
28
33e1e3910506 add configurable list of tlds
carl
parents: 27
diff changeset
119 include tld.conf
24
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
120
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
121
2e23b7184d2b start coding for bad html tag detection
carl
parents: 20
diff changeset
122 ##############################################
0
96a9758165cd Initial revision
carl
parents:
diff changeset
123 # define the dnsbls to use
96a9758165cd Initial revision
carl
parents:
diff changeset
124 #
96a9758165cd Initial revision
carl
parents:
diff changeset
125 dnsbl LOCAL blackholes.five-ten-sg.com 'Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s'
96a9758165cd Initial revision
carl
parents:
diff changeset
126 dnsbl SPEWS blackholes.spews.org 'Mail from %s rejected - spews; see http://www.spews.org/ask.cgi?x=%s'
96a9758165cd Initial revision
carl
parents:
diff changeset
127 dnsbl SBL sbl-xbl.spamhaus.org 'Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s'
96a9758165cd Initial revision
carl
parents:
diff changeset
128
96a9758165cd Initial revision
carl
parents:
diff changeset
129
96a9758165cd Initial revision
carl
parents:
diff changeset
130 ##############################################
96a9758165cd Initial revision
carl
parents:
diff changeset
131 # define the (default and other) lists of dnsbls to use
96a9758165cd Initial revision
carl
parents:
diff changeset
132 #
96a9758165cd Initial revision
carl
parents:
diff changeset
133 dnsbl_list DEFAULT LOCAL SPEWS SBL
96a9758165cd Initial revision
carl
parents:
diff changeset
134 dnsbl_list SIMPLE SBL
96a9758165cd Initial revision
carl
parents:
diff changeset
135 dnsbl_list CUST1 SBL
96a9758165cd Initial revision
carl
parents:
diff changeset
136 dnsbl_list CUST2 SPEWS SBL
96a9758165cd Initial revision
carl
parents:
diff changeset
137
96a9758165cd Initial revision
carl
parents:
diff changeset
138
96a9758165cd Initial revision
carl
parents:
diff changeset
139 ##############################################
96a9758165cd Initial revision
carl
parents:
diff changeset
140 # define the (default and other) env_from maps
96a9758165cd Initial revision
carl
parents:
diff changeset
141 #
96a9758165cd Initial revision
carl
parents:
diff changeset
142 env_from DEFAULT spammer@example.com BLACK
96a9758165cd Initial revision
carl
parents:
diff changeset
143 env_from DEFAULT yahoo.com BLACK
96a9758165cd Initial revision
carl
parents:
diff changeset
144
96a9758165cd Initial revision
carl
parents:
diff changeset
145 # special list for the vp
96a9758165cd Initial revision
carl
parents:
diff changeset
146 env_from TEST dummy-token DEFAULT # inherit the currently defined DEFAULT env_from mapping
96a9758165cd Initial revision
carl
parents:
diff changeset
147 env_from TEST nai.com BLACK # the vp does not like nai
14
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
148 env_from TEST yahoo.com DEFAULT #
0
96a9758165cd Initial revision
carl
parents:
diff changeset
149 env_from TEST mother@spammyisp.com WHITE # suppresses dnsbl checking
96a9758165cd Initial revision
carl
parents:
diff changeset
150
96a9758165cd Initial revision
carl
parents:
diff changeset
151
96a9758165cd Initial revision
carl
parents:
diff changeset
152 ##############################################
96a9758165cd Initial revision
carl
parents:
diff changeset
153 # specify dnsbl_lists and env_from maps to use for specific recipients
96a9758165cd Initial revision
carl
parents:
diff changeset
154 #
96a9758165cd Initial revision
carl
parents:
diff changeset
155 env_to abuse@mydomain.com WHITE WHITE # no dnsbl, no env_from map
96a9758165cd Initial revision
carl
parents:
diff changeset
156 env_to sales@mydomain.com SIMPLE NULL # sbl only, no env_from map
96a9758165cd Initial revision
carl
parents:
diff changeset
157 env_to vp@mydomain.com DEFAULT TEST # allow mail from mom
96a9758165cd Initial revision
carl
parents:
diff changeset
158 env_to old-emp@mydomain.com BLACK BLACK # return no such user even from backup mx machines
96a9758165cd Initial revision
carl
parents:
diff changeset
159
96a9758165cd Initial revision
carl
parents:
diff changeset
160 ##############################################
96a9758165cd Initial revision
carl
parents:
diff changeset
161 # specify dnsbl_lists and env_from maps to use for clients domains
96a9758165cd Initial revision
carl
parents:
diff changeset
162 #
96a9758165cd Initial revision
carl
parents:
diff changeset
163 env_to mydomain.com DEFAULT DEFAULT
14
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
164 env_to customer1.com CUST1 DEFAULT # all customer 1 domains use just sbl
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
165 env_to customer1a.com CUST1 DEFAULT
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
166 env_to customer1b.com CUST1 DEFAULT
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
167 env_to customer2.com CUST2 DEFAULT # all customer 2 domains use spews and sbl
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
168 env_to customer2a.com CUST2 DEFAULT
0
96a9758165cd Initial revision
carl
parents:
diff changeset
169
96a9758165cd Initial revision
carl
parents:
diff changeset
170
96a9758165cd Initial revision
carl
parents:
diff changeset
171 ##############################################
96a9758165cd Initial revision
carl
parents:
diff changeset
172 # you can also include nested config files
96a9758165cd Initial revision
carl
parents:
diff changeset
173 # file names are single tokens, no embedded blanks
96a9758165cd Initial revision
carl
parents:
diff changeset
174 #
96a9758165cd Initial revision
carl
parents:
diff changeset
175 include dnsbl.conf # this will generate a recursive include file syslog error message
14
443aa0e8c6fa changes suggested by Nigel Horne
carl
parents: 10
diff changeset
176 include_dcc DEFAULT /var/dcc/whitecommon # this includes the default dcc whitelist file