use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

# $max_servers: num of pre-forked children (2..30 is common). It *must*
# match the number set in /etc/postfix/master.cf "maxproc" column for
# the amavisfeed service.
$max_servers = 2;

# list your internal networks
@mynetworks = qw( 127.0.0.0/8 172.16.0.1/32 );


# Always deliver messages (force *_lovers_maps to [1])
$final_virus_destiny                  = D_PASS;
$final_banned_destiny                 = D_PASS;
$final_unchecked_destiny              = D_PASS;
$final_spam_destiny                   = D_PASS;
$final_bad_header_destiny             = D_PASS;
$final_destiny_by_ccat{&CC_OVERSIZED} = D_PASS;

%lovers_maps_by_ccat = (
  CC_CATCHALL, 1,
);


# Disable quarantine (force *_quarantine_to_maps to [1]; don't forget to
# disable setting amavisSpamQuarantineCutoffLevel and amavisVirusQuarantine*To,
# also)
$QUARANTINEDIR = undef;
%quarantine_method_by_ccat = (
  CC_CATCHALL, undef,
);
%admin_maps_by_ccat = (
  CC_CATCHALL, undef,
);

undef $undecipherable_subject_tag;

# Defang virus only
%defang_maps_by_ccat = (
  CC_VIRUS,    1,
  CC_CATCHALL, undef,
);

# Never BCC / DSN; don't forget to disallow setting amavisSpamDsnCutoffLevel
# and amavis*Admin, also
%always_bcc_by_ccat = (
  CC_CATCHALL, undef,
);
%dsn_bcc_by_ccat = (
  CC_CATCHALL, undef,
);

# Never warn sender / recipient; don't forget to disallow setting
# amavisWarn*Recip, also
%warnsender_by_ccat = (  # deprecated use, except perhaps for CC_BADH
  CC_CATCHALL, undef,
);
%warnrecip_maps_by_ccat = (
  CC_CATCHALL, undef,
);

@message_size_limit_maps = (); # per-recipient limits


%banned_rules = (
  'NO-MS-EXEC'=> new_RE( qr'^\.exe-ms$' ),
  'PASSALL'   => new_RE( [qr'^' => 0] ),
  'ALLOW_EXE' => new_RE( qr'.\.(vbs|pif|scr|bat)$'i, [qr'^\.exe$' => 0] ),
  'ALLOW_VBS' => new_RE( [qr'.\.vbs$' => 0] ),
);


$enable_ldap  = 1;
$default_ldap = {
    hostname      => 'ldapi://',
    sasl          => 1,
    sasl_mech     => 'EXTERNAL',
    deref         => 'never',
    timeout       => 5,
    scope         => 'one',
    base          => 'fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org',
    # XXX: ideally we would use %u in the base and the query_filter, but
    # it's not supported as of amavis 2.7 (see the 'lookup_ldap'
    # subroutine in /usr/sbin/amavisd-new)
    query_filter  => '(&(objectClass=amavisAccount)(ObjectClass=FripostVirtualUser)(fvl=%m))'
};


$recipient_delimiter = '+';
$enable_dkim_verification = 1;    # enable DKIM signatures verification


# Per-recipient Bayes Database.
@sa_username_maps = (
  new_RE ( [ qr'^(.+@[^@]+)$'i => '$1' ] ),
  'amavis' # catch-all
);

# http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex

$inet_socket_port = 10041;

$interface_policy{'10041'} = 'INBOUND';

{% if 'MTA-out' in group_names %}
$notify_method  = 'smtp:[127.0.0.1]:{{ MTA_out.port }}';
{% else %}
$notify_method  = 'smtp:[{{ MTA_out.host }}]:{{ MTA_out.port }}';
{% endif %}
$forward_method = 'lmtp:/var/run/dovecot/lmtp';
$requeue_method = $forward_method;

$sa_tag_level_deflt         = undef;
$sa_tag2_level_deflt        = 5;
$sa_kill_level_deflt        = 5;
$sa_dsn_cutoff_level        = undef;
$sa_quarantine_cutoff_level = undef;

$policy_bank{'INBOUND'} = {
  originating           => 0,  # indicates a remote client, allows checking
  smtpd_greeting_banner =>
    '${helo-name} ${protocol} ${product} INBOUND service ready',
  mynetworks_maps       => [],  # avoids loading MYNETS policy unnecessarily
};

#------------ Do not modify anything below this line -------------
1;  # ensure a defined return