1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
use strict;
#
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
# $max_servers: num of pre-forked children (2..30 is common). It *must*
# match the number set in /etc/postfix/master.cf "maxproc" column for
# the amavisfeed service.
$max_servers = 2;
# list your internal networks
@mynetworks = qw( 127.0.0.0/8 172.16.0.1/32 );
# Always deliver messages (force *_lovers_maps to [1])
$final_virus_destiny = D_PASS;
$final_banned_destiny = D_PASS;
$final_unchecked_destiny = D_PASS;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
$final_destiny_by_ccat{&CC_OVERSIZED} = D_PASS;
%lovers_maps_by_ccat = (
CC_CATCHALL, 1,
);
# Disable quarantine (force *_quarantine_to_maps to [1]; don't forget to
# disable setting amavisSpamQuarantineCutoffLevel and amavisVirusQuarantine*To,
# also)
$QUARANTINEDIR = undef;
%quarantine_method_by_ccat = (
CC_CATCHALL, undef,
);
%admin_maps_by_ccat = (
CC_CATCHALL, undef,
);
undef $undecipherable_subject_tag;
# Defang virus only
%defang_maps_by_ccat = (
CC_VIRUS, 1,
CC_CATCHALL, undef,
);
# Never BCC / DSN; don't forget to disallow setting amavisSpamDsnCutoffLevel
# and amavis*Admin, also
%always_bcc_by_ccat = (
CC_CATCHALL, undef,
);
%dsn_bcc_by_ccat = (
CC_CATCHALL, undef,
);
# Never warn sender / recipient; don't forget to disallow setting
# amavisWarn*Recip, also
%warnsender_by_ccat = ( # deprecated use, except perhaps for CC_BADH
CC_CATCHALL, undef,
);
%warnrecip_maps_by_ccat = (
CC_CATCHALL, undef,
);
@message_size_limit_maps = (); # per-recipient limits
%banned_rules = (
'NO-MS-EXEC'=> new_RE( qr'^\.exe-ms$' ),
'PASSALL' => new_RE( [qr'^' => 0] ),
'ALLOW_EXE' => new_RE( qr'.\.(vbs|pif|scr|bat)$'i, [qr'^\.exe$' => 0] ),
'ALLOW_VBS' => new_RE( [qr'.\.vbs$' => 0] ),
);
$enable_ldap = 1;
$default_ldap = {
hostname => 'ldapi://',
sasl => 1,
sasl_mech => 'EXTERNAL',
deref => 'never',
timeout => 5,
scope => 'one',
base => 'fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org',
# XXX: ideally we would use %u in the base and the query_filter, but
# it's not supported as of amavis 2.7 (see the 'lookup_ldap'
# subroutine in /usr/sbin/amavisd-new)
query_filter => '(&(objectClass=amavisAccount)(ObjectClass=FripostVirtualUser)(fvl=%m))'
};
$recipient_delimiter = '+';
$enable_dkim_verification = 1; # enable DKIM signatures verification
# Per-recipient Bayes Database.
@sa_username_maps = (
new_RE ( [ qr'^(.+@[^@]+)$'i => '$1' ] ),
'amavis' # catch-all
);
# http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex
$inet_socket_port = 10041;
$interface_policy{'10041'} = 'INBOUND';
{% if 'MTA-out' in group_names %}
$notify_method = 'smtp:[127.0.0.1]:{{ postfix_instance["MTA-out"].port }}';
{% else %}
$notify_method = 'smtp:[outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}';
{% endif %}
$forward_method = 'lmtp:/var/run/dovecot/lmtp';
$requeue_method = $forward_method;
$sa_tag_level_deflt = undef;
$sa_tag2_level_deflt = 5;
$sa_kill_level_deflt = 5;
$sa_dsn_cutoff_level = undef;
$sa_quarantine_cutoff_level = undef;
$policy_bank{'INBOUND'} = {
originating => 0, # indicates a remote client, allows checking
smtpd_greeting_banner =>
'${helo-name} ${protocol} ${product} INBOUND service ready',
mynetworks_maps => [], # avoids loading MYNETS policy unnecessarily
};
#------------ Do not modify anything below this line -------------
1; # ensure a defined return
|
