diff --git a/src/configure.default b/src/configure.default index f1198b1..8f88a3b 100644 --- a/src/configure.default +++ b/src/configure.default @@ -124,6 +124,7 @@ acl_smtp_rcpt = acl_check_rcpt acl_smtp_data_prdr = acl_check_prdr .endif acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime # You should not change those settings until you understand how ACLs work. @@ -136,7 +137,7 @@ acl_smtp_data = acl_check_data # of what to set for other virus scanners. The second modification is in the # acl_check_data access control list (see below). -# av_scanner = clamd:/tmp/clamd +av_scanner = clamd:/var/run/clamd.exim/clamd.sock # For spam scanning, there is a similar option that defines the interface to @@ -458,7 +459,8 @@ acl_check_rcpt: accept local_parts = postmaster domains = +local_domains - # Deny unless the sender address can be verified. + # Deny unless the sender address can be routed. For proper verification of the + # address, read the documentation on callouts and add the /callout modifier. require verify = sender @@ -601,21 +603,26 @@ acl_check_data: message = header syntax log_message = header syntax ($acl_verify_message) + # Put simple tests first. A good one is to check for the presence of a + # Message-Id: header, which RFC2822 says SHOULD be present. Some broken + # or misconfigured mailer software occasionally omits this from genuine + # messages too, though -- although it's not hard for the offender to fix + # after they receive a bounce because of it. + # + # deny condition = ${if !def:h_Message-ID: {1}} + # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\ + # Most messages without it are spam, so your mail has been rejected. + # Deny if the message contains a virus. Before enabling this check, you # must install a virus scanner and set the av_scanner option above. # # deny malware = * # message = This message contains a virus ($malware_name). - # Add headers to a message if it is judged to be spam. Before enabling this, - # you must install SpamAssassin. You may also need to set the spamd_address - # option above. + # Bypass SpamAssassin checks if the message is too large. # - # warn spam = nobody - # add_header = X-Spam_score: $spam_score\n\ - # X-Spam_score_int: $spam_score_int\n\ - # X-Spam_bar: $spam_bar\n\ - # X-Spam_report: $spam_report + # accept condition = ${if >={$message_size}{100000} {1}} + # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size ############################################################################# # No more tests if PRDR was actively used. @@ -629,11 +636,40 @@ acl_check_data: # condition = ... ############################################################################# + # Run SpamAssassin, but allow for it to fail or time out. Add a warning message + # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA + # score exceeds the SA system threshold. + # + # warn spam = nobody/defer_ok + # add_header = X-Spam-Flag: YES + # + # accept condition = ${if !def:spam_score_int {1}} + # add_header = X-Spam-Note: SpamAssassin invocation failed + # - # Accept the message. + # Unconditionally add score and report headers + # + # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\ + # X-Spam-Report: $spam_report + + # And reject if the SpamAssassin score is greater than ten + # + # deny condition = ${if >{$spam_score_int}{100} {1}} + # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\ + # $spam_report accept +acl_check_mime: + + # File extension filtering. + deny message = Blacklisted file extension detected + condition = ${if match \ + {${lc:$mime_filename}} \ + {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \ + {1}{0}} + + accept ######################################################################