diff --git a/src/configure.default b/src/configure.default index 531435b..374c51d 100644 --- a/src/configure.default +++ b/src/configure.default @@ -109,6 +109,7 @@ hostlist relay_from_hosts = localhost acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime # You should not change those settings until you understand how ACLs work. @@ -121,7 +122,7 @@ acl_smtp_data = acl_check_data # of what to set for other virus scanners. The second modification is in the # acl_check_data access control list (see below). -# av_scanner = clamd:/tmp/clamd +av_scanner = clamd:/var/run/clamd.exim/clamd.sock # For spam scanning, there is a similar option that defines the interface to @@ -431,7 +432,8 @@ acl_check_rcpt: accept local_parts = postmaster domains = +local_domains - # Deny unless the sender address can be verified. + # Deny unless the sender address can be routed. For proper verification of the + # address, read the documentation on callouts and add the /callout modifier. require verify = sender @@ -533,27 +535,63 @@ acl_check_data: # deny condition = ${if > {$max_received_linelength}{998}} + # Put simple tests first. A good one is to check for the presence of a + # Message-Id: header, which RFC2822 says SHOULD be present. Some broken + # or misconfigured mailer software occasionally omits this from genuine + # messages too, though -- although it's not hard for the offender to fix + # after they receive a bounce because of it. + # + # deny condition = ${if !def:h_Message-ID: {1}} + # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\ + # Most messages without it are spam, so your mail has been rejected. + # Deny if the message contains a virus. Before enabling this check, you # must install a virus scanner and set the av_scanner option above. # # deny malware = * # message = This message contains a virus ($malware_name). - # Add headers to a message if it is judged to be spam. Before enabling this, - # you must install SpamAssassin. You may also need to set the spamd_address - # option above. + # Bypass SpamAssassin checks if the message is too large. # - # warn spam = nobody - # add_header = X-Spam_score: $spam_score\n\ - # X-Spam_score_int: $spam_score_int\n\ - # X-Spam_bar: $spam_bar\n\ - # X-Spam_report: $spam_report + # accept condition = ${if >={$message_size}{100000} {1}} + # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size - # Accept the message. + # Run SpamAssassin, but allow for it to fail or time out. Add a warning message + # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA + # score exceeds the SA system threshold. + # + # warn spam = nobody/defer_ok + # add_header = X-Spam-Flag: YES + # + # accept condition = ${if !def:spam_score_int {1}} + # add_header = X-Spam-Note: SpamAssassin invocation failed + # + + # Unconditionally add score and report headers + # + # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\ + # X-Spam-Report: $spam_report + + # And reject if the SpamAssassin score is greater than ten + # + # deny condition = ${if >{$spam_score_int}{100} {1}} + # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\ + # $spam_report accept +acl_check_mime: + + # File extension filtering. + deny message = Blacklisted file extension detected + condition = ${if match \ + {${lc:$mime_filename}} \ + {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \ + {1}{0}} + + accept + ###################################################################### # ROUTERS CONFIGURATION #