105 lines
4.0 KiB
Diff
105 lines
4.0 KiB
Diff
diff --git a/src/configure.default b/src/configure.default
|
|
index 531435b..374c51d 100644
|
|
--- a/src/configure.default
|
|
+++ b/src/configure.default
|
|
@@ -109,6 +109,7 @@ hostlist relay_from_hosts = localhost
|
|
|
|
acl_smtp_rcpt = acl_check_rcpt
|
|
acl_smtp_data = acl_check_data
|
|
+acl_smtp_mime = acl_check_mime
|
|
|
|
# You should not change those settings until you understand how ACLs work.
|
|
|
|
@@ -121,7 +122,7 @@ acl_smtp_data = acl_check_data
|
|
# of what to set for other virus scanners. The second modification is in the
|
|
# acl_check_data access control list (see below).
|
|
|
|
-# av_scanner = clamd:/tmp/clamd
|
|
+av_scanner = clamd:/var/run/clamd.exim/clamd.sock
|
|
|
|
|
|
# For spam scanning, there is a similar option that defines the interface to
|
|
@@ -431,7 +432,8 @@ acl_check_rcpt:
|
|
accept local_parts = postmaster
|
|
domains = +local_domains
|
|
|
|
- # Deny unless the sender address can be verified.
|
|
+ # Deny unless the sender address can be routed. For proper verification of the
|
|
+ # address, read the documentation on callouts and add the /callout modifier.
|
|
|
|
require verify = sender
|
|
|
|
@@ -533,27 +535,63 @@ acl_check_data:
|
|
#
|
|
deny condition = ${if > {$max_received_linelength}{998}}
|
|
|
|
+ # Put simple tests first. A good one is to check for the presence of a
|
|
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
|
|
+ # or misconfigured mailer software occasionally omits this from genuine
|
|
+ # messages too, though -- although it's not hard for the offender to fix
|
|
+ # after they receive a bounce because of it.
|
|
+ #
|
|
+ # deny condition = ${if !def:h_Message-ID: {1}}
|
|
+ # message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
|
|
+ # Most messages without it are spam, so your mail has been rejected.
|
|
+
|
|
# Deny if the message contains a virus. Before enabling this check, you
|
|
# must install a virus scanner and set the av_scanner option above.
|
|
#
|
|
# deny malware = *
|
|
# message = This message contains a virus ($malware_name).
|
|
|
|
- # Add headers to a message if it is judged to be spam. Before enabling this,
|
|
- # you must install SpamAssassin. You may also need to set the spamd_address
|
|
- # option above.
|
|
+ # Bypass SpamAssassin checks if the message is too large.
|
|
#
|
|
- # warn spam = nobody
|
|
- # add_header = X-Spam_score: $spam_score\n\
|
|
- # X-Spam_score_int: $spam_score_int\n\
|
|
- # X-Spam_bar: $spam_bar\n\
|
|
- # X-Spam_report: $spam_report
|
|
+ # accept condition = ${if >={$message_size}{100000} {1}}
|
|
+ # add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
|
|
|
|
- # Accept the message.
|
|
+ # Run SpamAssassin, but allow for it to fail or time out. Add a warning message
|
|
+ # and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
|
|
+ # score exceeds the SA system threshold.
|
|
+ #
|
|
+ # warn spam = nobody/defer_ok
|
|
+ # add_header = X-Spam-Flag: YES
|
|
+ #
|
|
+ # accept condition = ${if !def:spam_score_int {1}}
|
|
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
|
|
+ #
|
|
+
|
|
+ # Unconditionally add score and report headers
|
|
+ #
|
|
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
|
+ # X-Spam-Report: $spam_report
|
|
+
|
|
+ # And reject if the SpamAssassin score is greater than ten
|
|
+ #
|
|
+ # deny condition = ${if >{$spam_score_int}{100} {1}}
|
|
+ # message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
|
|
+ # $spam_report
|
|
|
|
accept
|
|
|
|
|
|
+acl_check_mime:
|
|
+
|
|
+ # File extension filtering.
|
|
+ deny message = Blacklisted file extension detected
|
|
+ condition = ${if match \
|
|
+ {${lc:$mime_filename}} \
|
|
+ {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
|
|
+ {1}{0}}
|
|
+
|
|
+ accept
|
|
+
|
|
|
|
######################################################################
|
|
# ROUTERS CONFIGURATION #
|