Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 6 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 magnus 1
# Options for spamassassin running in exim's local_scan (SA Exim)
2
# By Marc MERLIN <marc_soft@merlins.org> - Initial version: April 2002
3
# Sander Smeenk <ssmeenk@freshdot.net> - Improvements: March 2004
4
#
5
# Sample file version 1.16 for SA-Exim 4.1 - 2005/01/10
6
#
7
# The parse routine is minimalistic. It expects "option: value" (exactly
8
# one space after the colon, and none before). You should put long lines
9
# on one line. The parser isn't capable of parsing multiline values.
10
#
11
# SA threshold values are parsed as floats and other numerical options
12
# are ints. String options have to be set. To unset them, comment out the
13
# variable, don't set it to nothing.
14
#
15
# READ THIS:
16
# ---------
17
# Watch your logs, you will get errors and your messages will get
18
# temporarily bounced if expansions fail. Watch your logs!
19
#
20
# If you are afraid that spammers might use a header that is used here
21
# as a default, have exim set it to another value than 'Yes' and check
22
# here for that other value.
23
#
24
# For every expansion, anything that doesn't expand to "" or "0"
25
# (without quotes) will be considered true. If you set the string to 1,
26
# it will be true without going through exim's condition evaluator (and
27
# if you leave it unset, it will default to 0)
28
#
29
# You should not put double quotes around expressions!
30
# --- snip ---
31
 
32
# Enable basic verbose output by default. Watch your logs!
33
SAEximDebug: 1
34
 
35
 
36
# Default path is /usr/bin/spamc, but you can change it here
37
SAspamcpath: /usr/bin/spamc
38
 
39
# Which characters are retained from a Message-Id header (for safety, we
40
# remove characters that might cause problems with shell parsing)
41
# Change the default at your own risk (you also have to change this in
42
# the SA greylisting patch if you use that)
43
#SAsafemesgidchars: !#%( )*+,-.0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{|}~
44
 
45
# If SAspamcSockPath is set spamc uses socket to connect to spamd,
46
# use --socketpath pathname as argument to spamd (new in SA 2.60).
47
# Leave it unset if you want spamc to connect(AF_INET) to spamd at
48
# 127.0.0.1 (this is the default shown in the options below), but if
49
# you set it, it will override the two TCP connect options below
50
#SAspamcSockPath: /var/run/spamd.sock
51
 
52
# SAspamcHost / SAspamcPort: TCP socket where your spamd is listening
53
# Shown below are the defaults:
54
SAspamcHost: 127.0.0.1
55
SAspamcPort: 783
56
 
13 magnus 57
# SAspamcUser: The username passed to spamc. Some tricks are needed to
58
# decide on one user when there are many recipients. This string is of
59
# course expanded. If unset or empty, spamc will use the user Exim
60
# runs as. We suggest that you decide what username to use in the ACLs
61
# and set an ACL variable.
62
#SAspamcUser: $acl_m2
1 magnus 63
 
64
# Exim configuration string to run before running SA against the message
65
# This decides whether SA gets run against the message or not.  This
66
# default will not reject messages if the message had SA headers but
67
# they weren't added by us.
6 magnus 68
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{::1}}}}
69
# If you want more detailed control over when to run SA, it's recommended
70
# that you set an ACL variable indicating this from the acl section of
71
# your Exim configuration file. The current maintainer sets acl_m0 to
72
# "noscan" if the sending host is localhost or has authenticated.
73
#SAEximRunCond: ${if !eq{$acl_m0}{noscan}}
74
# (This means exactly the same as ${if !eq{$acl_m0}{noscan} {true}{}},
75
# where the empty string is considered false.)
76
 
77
#----------------------------------------------------------------------
78
# Remove or comment out the following line to enable sa-exim
1 magnus 79
SAEximRunCond: 0
6 magnus 80
#----------------------------------------------------------------------
1 magnus 81
 
82
# If and only if SAEximRunCond was true, and we did run SA, this
83
# expression decides whether we actually consider acting upon SAdevnull,
84
# SApermreject, and SAtempreject if you have them set.
85
#
86
# Use this to tag messages that you shouldn't reject (messages sent to
87
# abuse or postmaster for instance).
88
#
6 magnus 89
# As an example, set acl_m0 to "canreject" if a recipient other than
90
# postmaster or abuse is encountered (and the sender isn't local). That
91
# way, spammers can't circumvent blocking by sending to postmaster and
92
# 99 other recipients. (If acl_m0 is taken, you'll of course have to use
93
# a different variable.
94
#SAEximRejCond: ${if eq{$acl_m0}{canreject}}
1 magnus 95
 
96
 
97
# How much of the body we feed to spamassassin (in bytes)
98
# Default is 250KB
99
SAmaxbody: 256000
100
 
101
# Do you want to feed SAmaxbody's worth of the message body if it is too big?
102
# Either, you skip messages that are too big and not scan them, or you can
103
# truncate the body and feed that to SA.
104
# Note that SA will sometimes raise the spam score if it can't parse
105
# the message correctly (since the end is missing, decoding will fail)
106
# Default is 0: do not scan messages that are too big
107
# (note that this is parsed as a condition)
108
SATruncBodyCond: 0
109
 
110
# If you want SA to report_safe you need sa-exim to rewrite the body of
111
# the message since SA encapsulates the spam as a mime attachment.
112
# You probably want SATruncBodyCond to be 0 or else you'll end up with a
113
# partial message if it's larger than SAmaxbody and it's spam
114
#
115
# Also note that if you enable this option, any saved message will be saved
116
# after the body has been modified by SA.
117
# (this is not a condition as SA's report_safe is not conditional)
118
SARewriteBody: 0
119
 
120
# Prepend saved messages with an fake From-header to make the file look like a
121
# valid mbox file
122
SAPrependArchiveWithFrom: 1
123
 
124
# If you are archiving messages that are rejected, how much do you want
125
# to archive? Default is 20MB.
126
SAmaxarchivebody: 20971520
127
 
128
# On errors, if you are saving messages, you probably want the entire message
129
# Default size saved (if you are saving errors) is 1GB
130
SAerrmaxarchivebody: 1073741824
131
 
132
# You can have SA-Exim add a X-SA-Exim-Rcpt-To header, which will list all
133
# the recipients for the Email, unless the list gets bigger than
134
# SAmaxrcptlistlength bytes.
135
# The default value of 0 disables the header for privacy reasons (the header
136
# exposes Bcced recipients)
137
# Any value bigger than 8000 will be ignored because there is a limit on the
138
# size of headers that you can have and exim's string_sprintf
139
# Note that if you are planning to use greylisting, you should set this
140
# value to 8000 since SA's greylisting code needs the recipients.
141
SAmaxrcptlistlength: 0
142
 
143
# Add X-SA-Exim-Rcpt-To and X-SA-Exim-Mail-From headers before SA scans
144
# the message.
145
# If this option is enabled, SARewiteBody is true, and safe_mode is
146
# enabled in SA, you end up with the X-SA-Exim-Rcpt-To/X-SA-Exim-Mail-From in
147
# the attatched message as well without the ability to remove them later in an
148
# exim transport (think privacy).
149
# In real life this is usually not a problem because the message is spam anyway,
150
# and if you turn this off, you lose the option to use those headers to score
151
# the message with SA.
152
SAaddSAEheaderBeforeSA: 1
153
 
154
# How many seconds you want to allow spamc to run. Exim 4.04 and better will
155
# kill us after a default of 5 minutes. This however is not great, because the
156
# mail gets temporarily rejected
157
# You should set this and have SA Exim handle the timeout itself and accept the
158
# message if spamc takes too long (instead of timing out)
159
# A value of 0 means no timeout, and we run until exim stops us.
160
# I know of at least one mail server (nanog's merit.edu) that will not
161
# wait a full 5mn (which causes tempreject and resends), so the default is 4mn
162
#SAtimeout: 240
163
 
164
# Do you want to save mails that were accepted because spamc timed out?
165
# Specify a directory to enable the feature.
166
# SA-Exim will try to create the directory if it has the permissions to do so,
167
# check your maillog for failures (or create the directory yourself and make it
168
# writeable by exim)
169
SAtimeoutsave: /var/spool/exim/SAtimeoutsave
170
 
171
# You can optionally save or not save messages that matched the above rule
172
SAtimeoutSavCond: 1
173
 
174
 
175
# You should really create this directory for local_scan to save messages that
176
# created an error. If you don't want this, comment out this variable
177
# Make sure all these directories are owned by the exim user
178
# SA-Exim will try to  create the directory if it has  the permissions to do
179
# so, check your maillog for failures  (or create the directory yourself and
180
# make it writeable by exim)
181
SAerrorsave: /var/spool/exim/SAerrorsave
182
 
183
# You can optionally save or not save messages that matched the above rule
184
# You should not put double quotes around the expression
185
SAerrorSavCond: 1
186
 
187
# If you set to 1, SA will temporarily reject messages that generated an error
188
# while they were processed (they'll still be saved if SAerrorsave is set).
189
# Otherwise (0 = false), the messages are just accepted, which seems like a
190
# more sensible default
191
SAtemprejectonerror: 0
192
 
193
 
194
###############################################################################
195
# NOTE: Spamd needs to tell sa-exim that the message SA-Exim gave spamd
196
# is spam before sa-exim will consider the SA tresholds.
197
# In other words, you cannot reject mails on SA scores if you set that
198
# threshold to a lower threshold than SA's required_hits value.
199
# The one exception to this rule is SAtempreject (in order to let you
200
# temporarily reject mail when you are doing greylisting, see
201
# README.greylisting in the documentation for details)
202
###############################################################################
203
 
204
# SA score when you start stalling the sender by sending many continuation
205
# lines for up to SAteergrubetime
206
# This is now a string (without quotes) that gets evaluated at runtime by exim
207
# but you can still assign a simple float value to it
208
# Note that this is an obvious abuse of SMTP, but eh, they started it :-)
209
# Of course, this means that each incoming spam with the right score threshold
210
# will keep an exim process busy on your machine. Make sure you can afford it.
211
# Default value is 2^20, which should disable the behavior
212
 
213
# Please, don't teergrube people who relay for you or your own MXes :-)
214
# This option is left behind for backward compatibility, but you can now
215
# get the same result by putting a condition string in SAteergrube
216
# The trick is to list your score if the condition succeeds, and a really
217
# high score otherwise.
218
#SAteergrube: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {25}{1048576}}
219
 
220
# SAteergrubecond is deprecated (replaced by SAteergrube)
221
# You used to be say whether you would apply the teergrubing score with this
222
# condition, but now that scores are conditions, it is obsolete
223
#SAteergrubecond: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {1}{0}}
224
 
225
# How long do you want to stall the sender (in seconds)
226
# If you set the value too high, you might get too many exim processes running
227
# and run out of process slots
228
# Remember, don't come crying if playing with this "feature" causes your mail
229
# server to catch fire :-)
230
SAteergrubetime: 900
231
 
232
# You can optionally save or not save messages that matched the above rule
233
SAteergrubeSavCond: 1
234
 
235
# Do you want to save mails that you stalled for later analysis?
236
# Specify a directory to enable the feature.
237
# SA-Exim will try to create the directory if it has the permissions to do so,
238
# check your maillog for failures (or create the directory yourself and make it
239
# writeable by exim)
240
SAteergrubesave: /var/spool/exim/SAteergrube
241
 
242
# When you stall the sender, you will probably get the mail again.
243
# By default, we'll  only save messages by message ID so  that we don't save
244
# multiple copies every time the sender tries again.
245
# Of course, this means someone could fake someone else's message ID to
246
# overwrite the saved copy of another spam. Such is life :-)
247
SAteergrubeoverwrite: 1
248
 
249
 
250
 
251
# If you reach this score, the mail is accepted and tossed (/dev/nulled).
252
# The default value is 2^20 which should ensure this never happens.
253
# This is now a string (without quotes) that gets evaluated at runtime by exim
254
# but you can still assign a simple float value to it
255
# You should be really sure that the message is spam because the sender will
256
# get no notification
257
#SAdevnull: 20.0
258
 
259
# You can optionally save or not save messages that matched the above rule
260
SAdevnullSavCond: 1
261
 
262
# Do you want to save mails that are tossed?
263
# Specify a directory to enable the feature.
264
# This is just in case you do want to keep a copy of the alledge spams somewhere
265
# Messages are saved by unixdate_Message-Id or just unix date if there is no
266
# Message-Id.
267
# SA-Exim will try to create the directory if it has the permissions to do so,
268
# check your maillog for failures (or create the directory yourself and make it
269
# writeable by exim)
270
SAdevnullsave: /var/spool/exim/SAdevnull
271
 
272
 
273
 
274
# SA score when you start rejecting Emails (this is better than the above as
275
# it can notify the sender in case you reject non-spam by mistake)
276
# This is now a string (without quotes) that gets evaluated at runtime by exim
277
# but you can still assign a simple float value to it
278
# Default value is 2^20, which should disable the behavior if you comment out
279
# the line below
280
SApermreject: 12.0
281
 
282
# You can optionally save or not save messages that matched the above rule
283
SApermrejectSavCond: 1
284
 
285
# Do you want to save mails that are rejected?
286
# Specify a directory to enable the feature.
287
# SA-Exim will try to create the directory if it has the permissions to do so,
288
# check your maillog for failures (or create the directory yourself and make it
289
# writeable by exim)
290
SApermrejectsave: /var/spool/exim/SApermreject
291
 
292
 
293
 
294
# SA score when you start returning a temporary reject.
295
# There are few reasons to use this, except if you're reading your tempreject
296
# save folder (see below) and ajusting scores on the fly, or if you are using
297
# greylisting
298
# This is now a string (without quotes) that gets evaluated at runtime by exim
299
# but you can still assign a simple float value to it
300
# Default value is 2^20, which should disable the behavior
4 magnus 301
#SAtempreject: 9.0
1 magnus 302
 
303
# You can optionally save or not save messages that matched the above rule
304
SAtemprejectSavCond: 1
305
 
306
# Do you want to save mails that are temporarily rejected?
307
# Specify a directory to enable the feature.
308
# You could use this to analyse what SA is bouncing and adding an allow rule
309
# to accept the mail next time it is sent back to you
310
# SA-Exim will try to create the directory if it has the permissions to do so,
311
# check your maillog for failures (or create the directory yourself and make it
312
# writeable by exim)
313
SAtemprejectsave: /var/spool/exim/SAtempreject
314
 
315
# When you send back a temp reject code, you will get the mail again.
316
# By default, we'll only save messages by message ID so that we don't save
317
# multiple copies every time the sender tries again.
318
# Of course, this means someone could fake someone else's message ID to
319
# overwrite the saved copy of another spam. Such is life :-)
320
SAtemprejectoverwrite: 1
321
 
322
# See README.greylisting in the documentation for the following options
323
# This is the string that SpamAssassin adds if the message is whitelisted
324
# We use this to optionally increase the score needed for a tempreject
325
# (in order to let a message through when it would otherwise have been
326
# temprejected)
327
# Default value is "GREYLIST_ISWHITE" (as used in the patch provided by SA-Exim)
328
SAgreylistiswhitestr: GREYLIST_ISWHITE
329
 
330
# By how much do we temporarly raise tempreject to allow a mail in when it
331
# would otherwise have been temp rejected (because SA flagged it was whitelisted
332
# by the greylisting code provided as a patch to SA in the SA-Exim distro)
333
# Note that greylisting will not work in until you patch SA with the greylist
334
# function
335
# Note that you most likely want
336
# SAtempreject + SAgreylistraisetempreject <= SApermreject
337
# Default value is 3.0 but you'd probably to lower the tempreject score and
338
# increase this one (see README.greylisting)
339
SAgreylistraisetempreject: 3.0
340
 
341
 
342
# Do you want to save mails that are flagged as spam by SA, but not rejected by
343
# any of the above thresholds?  Specify a directory to enable the feature.
344
# That's one way to track mails thare are going through even though they were
345
# flagged by SA (note that you could also save them in exim's system_filter,
346
# although copies saved here happen before exim makes modification to the
347
# message like rewriting)
348
# SA-Exim will try to create the directory if it has the permissions to do so,
349
# check your maillog for failures (or create the directory yourself and make it
350
# writeable by exim)
351
SAspamacceptsave: /var/spool/exim/SAspamaccept
352
 
353
# You can control which messages you want saved if you only want a subset
354
SAspamacceptSavCond: 0
355
 
356
 
357
# Do you want to save mails that are not flagged as spam by SA
358
# Specify a directory to enable the feature.
359
# This is only here for completeness, if you want to save all messages not
360
# flagged as spam by SA (you could also do this in system_filter)
361
# SA-Exim will try to create the directory if it has the permissions to do so,
362
# check your maillog for failures (or create the directory yourself and make it
363
# writeable by exim)
364
SAnotspamsave: /var/spool/exim/SAnotspam
365
 
366
# You can control which messages you want saved if you only want a subset
367
SAnotspamSavCond: 0
368
 
369
# All the following strings can take one '%s' which will be replaced by
370
# spamstatus: "SA score, trigger score"
371
SAmsgteergrubewait: Wait for more output
372
SAmsgteergruberej: Please try again later
373
SAmsgpermrej: Rejected
374
SAmsgtemprej: Please try again later
375
# This string is a static string, do not include "%s"
376
SAmsgerror: Temporary local error while processing message, please contact postmaster.