# Amavisd-new Spamassassin problem [solved]

## unclefu

Hi, 

today i did an emerge world (showed to be a bad idea)

after the update to spamassassin 3.0 the clamav Vviruschecks works, but no Spamtags  :Sad: 

here the amavisd.conf :

can anybody see the mistake?

[quote]

use strict;

# Sample configuration file for amavisd-new (traditional style, chatty,

# you may prefer to start with the more concise supplied amavisd.conf)

#

# See amavisd.conf-default for a list of all variables with their defaults;

# for more details see documentation in INSTALL, README_FILES/*

# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html

# This software is licensed under the GNU General Public License (GPL).

# See comments at the start of amavisd-new for the whole license text.

#Sections:

# Section I    - Essential daemon and MTA settings

# Section II   - MTA specific

# Section III  - Logging

# Section IV   - Notifications/DSN, bounce/reject/discard/pass, quarantine

# Section V    - Per-recipient and per-sender handling, whitelisting, etc.

# Section VI   - Resource limits

# Section VII  - External programs, virus scanners, SpamAssassin

# Section VIII - Debugging

# Section IX   - Policy banks (dynamic policy switching)

#GENERAL NOTES:

#  This file is a normal Perl code, interpreted by Perl itself.

#  - make sure this file (or directory where it resides) is NOT WRITABLE

#    by mere mortals (not even vscan/amavis; best to make it owned by root),

#    otherwise it can represent a severe security risk!

#  - for values which are interpreted as booleans, it is recommended

#    to use 1 for true, and 0 or undef or '' for false.

#    THIS IS DIFFERENT FROM OLD AMAVIS VERSIONS where "no" also meant false,

#    now it means true, like any nonempty string does!

#  - Perl syntax applies. Most notably: strings in "" may include variables

#    (which start with $ or @); to include characters $ and @ and \ in double

#    quoted strings precede them by a backslash; in single-quoted strings

#    the $ and @ lose their special meaning, so it is usually easier to use

#    single quoted strings (or qw operator) for e-mail addresses.

#    In both types of quoting a backslash should to be doubled.

#  - variables with names starting with a '@' are lists, the values assigned

#    to them should be lists too, e.g. ('one@foo', $mydomain, "three");

#    note the comma-separation and parenthesis. If strings in the list

#    do not contain spaces nor variables, a Perl operator qw() may be used

#    as a shorthand to split its argument on whitespace and produce a list

#    of strings, e.g. qw( one@foo example.com three );  Note that the argument

#    to qw is quoted implicitly and no variable interpretation is done within

#    (no '$' variable evaluations). The #-initiated comments can NOT be used

#    within a string. In other words, $ and # lose their special meaning

#    within a qw argument, just like within '...' strings.

#  - all e-mail addresses in this file and as used internally by the daemon

#    are in their raw (rfc2821-unquoted and non-bracketed) form, i.e.

#    Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com

#    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.

#  - the term 'default value' in examples below refers to the value of a

#    variable pre-assigned to it by the program; any explicit assignment

#    to a variable in this configuration file overrides the default value;

#

# Section I - Essential daemon and MTA settings

#

# $MYHOME serves as a quick default for some other configuration settings.

# More refined control is available with each individual setting further down.

# $MYHOME is not used directly by the program. No trailing slash!

$MYHOME = '/var/amavis';   # (default is '/var/amavis')

# $mydomain serves as a quick default for some other configuration settings.

# More refined control is available with each individual setting further down.

# $mydomain is never used directly by the program.

$mydomain = 'unclefu.in-butter.de';      # (no useful default)

# $myhostname = 'host.example.com';  # fqdn of this host, default by uname(3)

# Set the user and group to which the daemon will change if started as root

# (otherwise just keeps the UID unchanged, and these settings have no effect):

$daemon_user  = 'amavis';   # (no default;  customary: vscan or amavis)

$daemon_group = 'amavis';   # (no default;  customary: vscan or amavis or sweep)

# Runtime working directory (cwd), and a place where

# temporary directories for unpacking mail are created.

# (no trailing slash, may be a scratch file system)

#$TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)

$TEMPBASE = "$MYHOME/tmp";      # prefer to keep home dir /var/amavis clean?

$db_home = "$MYHOME/db";	# DB databases directory, default "$MYHOME/db"

# $helpers_home sets environment variable HOME, and is passed as option

# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory

# on a normal persistent file system, not a scratch or temporary file system

$helpers_home = $MYHOME;	# (defaults to $MYHOME)

# Run the daemon in the specified chroot jail if nonempty:

#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)

#$pid_file  = "$MYHOME/amavisd.pid";  # (default is "$MYHOME/amavisd.pid")

#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")

# set environment variables if you want (no defaults):

$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory

#...

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)

$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,

# both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025'

# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4

# (set host and port number as required; host can be specified

# as an IP address or a DNS name (A or CNAME, but MX is ignored)

#$forward_method = 'smtp:[127.0.0.1]:10025';  # where to forward checked mail

#$notify_method = $forward_method;            # where to submit notifications

# To make it possible for several hosts to share one content checking daemon,

# the IP address and/or the port number in $forward_method and $notify_method

# may be spacified as an asterisk. An asterisk in the colon-separated

# second field (host) will be replaced by the SMTP client peer address,

# An asterisk in the third field (tcp port) will be replaced by the incoming

# SMTP/LMTP session port number plus one. This obsoletes the previously used

# less flexible configuration parameter $relayhost_is_client. An example:

#   $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587';

# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST

#       uncomment the appropriate settings below if using other setups!

# SENDMAIL MILTER, using amavis-milter.c helper program:

#$forward_method = undef;  # no explicit forwarding, sendmail does it by itself

# milter; option -odd is needed to avoid deadlocks

#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';

# just a thought: can we use use -Am instead of -odd ?

# SENDMAIL (old non-milter setup, as relay, deprecated):

#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';

#$notify_method = $forward_method;

# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, deprecated):

#$forward_method = undef;  # no explicit forwarding, amavis.c will call LDA

#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';

# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):

#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';

#$notify_method = $forward_method;

# prefer to collect mail for forwarding as BSMTP files?

#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";

#$notify_method = $forward_method;

# Net::Server pre-forking settings

# The $max_servers should match the width of your MTA pipe

# feeding amavisd, e.g. with Postfix the 'Max procs' field in the

# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp

#

$max_servers  =  4;   # number of pre-forked children          (default 2)

$max_requests = 20;   # retire a child after that many accepts (default 10)

$child_timeout=5*60;  # abort child if it does not complete each task in

                      # approximately n sec (default: 8*60 seconds)

# Here is a QUICK WAY to completely DISABLE some sections of code

# that WE DO NOT WANT (it won't even be compiled-in).

# For more refined controls leave the following two lines commented out,

# and see further down what these two lookup lists really mean.

#

# @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code

# @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code

#

# Any setting can be changed with a new assignment, so make sure

# you do not unintentionally override these settings further down!

# Check also the settings of @av_scanners at the end if you want to use

# virus scanners. If not, you may want to delete the whole long assignment

# to the variable @av_scanners and @av_scanners_backup, which will also

# remove the virus checking code (e.g. if you only want to do spam scanning).

# Lookup list of local domains (see README.lookups for syntax details)

#

# @local_domains_maps list of lookup tables are used in deciding whether a

# recipient is local or not, or in other words, if the message is outgoing

# or not. This affects inserting spam-related headers for local recipients,

# limiting recipient virus notifications (if enabled) to local recipients,

# in deciding if address extension may be appended, and in SQL lookups

# for non-fqdn addresses. Set it up correctly if you need features

# that rely on this setting (or just leave empty otherwise).

#

# With Postfix (2.0) a quick hint on what local domains normally are:

# a union of domains specified in: mydestination, virtual_alias_domains,

# virtual_mailbox_domains, and relay_domains.

@local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains

# @local_domains_maps = (); # default is empty list, no recip. considered local

# @local_domains_maps =  # using ACL lookup table

#   ( [ ".$mydomain", 'sub.example.net', '.example.com' ] );

# @local_domains_maps =  # similar, split list elements on whitespace

#   ( [qw( .example.com !host.sub.example.net .sub.example.net )] );

# @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) );   # using regexp

# @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash

#   perhaps combined with Postfix: mydestination = /var/amavis/local_domains

# for debugging purposes: dump_hash($local_domains_maps[0]);

#

# Section II - MTA specific (defaults should be ok)

#

$insert_received_line = 1;       # behave like MTA: insert 'Received:' header

			          # (does not apply to sendmail/milter)

			          # (default is true)

# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)

#   (used with amavis helper clients like amavis-milter.c and amavis.c,

#   NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.

$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket

#$unix_socketname = undef;        # disable listening on a unix socket

                                  # (default is undef, i.e. disabled)

                                  # (usual setting is $MYHOME/amavisd.sock)

# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)

#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)

$inet_socket_port = 10024;        # accept SMTP on this local TCP port

                                  # (default is undef, i.e. disabled)

# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];

# SMTP SERVER (INPUT) access control

# - do not allow free access to the amavisd SMTP port !!!

#

# when MTA is at the same host, use the following (one or the other or both):

#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface

                                  # (default is '127.0.0.1')

@inet_acl = qw(127.0.0.1 [::1]);  # allow SMTP access only from localhost IP

                                  # (default is qw(127.0.0.1 [::1]) )

# when MTA (one or more) is on a different host, use the following:

#@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2);  # adjust list as needed

#$inet_socket_bind = undef;       # bind to all IP interfaces if undef

#

# Example1:

# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );

# permit only SMTP access from loopback and rfc1918 private address space

#

# Example2:

# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0

#		  127.0.0.1 10/8 172.16/12 192.168/16 );

# matches loopback and rfc1918 private address space except host 192.168.1.12

# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)

#

# Example3:

# @inet_acl = qw( 127/8

#		  !172.16.3.0   !172.16.3.127 172.16.3.0/25

#		  !172.16.3.128 !172.16.3.255 172.16.3.128/25 );

# matches loopback and both halves of the 172.16.3/24 C-class,

# split into two subnets, except all four broadcast addresses

# for these subnets

# @mynetworks is an IP access list which determines if the original SMTP client

# IP address belongs to our internal networks, i.e. mail is coming from inside.

# It is much like the Postfix parameter 'mynetworks' in semantics and similar

# in syntax, and its value should normally match the Postfix counterpart.

# It only affects the value of a macro %l (=sender-is-local),

# and the loading of policy 'MYNETS' if present (see below).

# Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart)

# must be enabled in the Postfix service that feeds amavisd, otherwise

# client IP address is not available to amavisd-new.

#

# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10

#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );  # default

#

# A list of networks can also be read from a file, either as an IP acl in

# CIDR notation, one address per line (comments and empty lines are allowed):

#   @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks);

#

# or less flexibly (but provides faster lookups for large lists) by reading

# into a hash lookup table, which only allows for full addresses or classful

# IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13,

# one address per line (comments and empty lines are allowed):

#   @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);

# See README.lookups for details on specifying access control lists.

#

# Section III - Logging

#

# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file

$DO_SYSLOG = 1;                   # (defaults to 0)

#$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')

# Log file (if not using syslog)

#$LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)

#NOTE: levels are not strictly observed and are somewhat arbitrary

# 0: startup/exit/failure messages, viruses detected

# 1: args passed from client, some more interesting messages

# 2: virus scanner output, timing

# 3: server, client

# 4: decompose parts

# 5: more debug details

$log_level = 3;		  # (defaults to 0)

# Customizable template for the most interesting log file entry (e.g. with

# $log_level=0) (take care to properly quote Perl special characters like '\')

# For a list of available macros see README.customize .

# $log_templ = undef;      # undef disables by-message level-0 log entries

$log_recip_templ = undef;  # undef disables by-recipient level-0 log entries

# log both infected and noninfected messages (new default):

# $log_templ = '

# [?%#D||Passed #

# [? [?%#V|1] |INFECTED (%V)|#

# [? [?%#F|1] |BANNED (%F)|#

# [? [? %2|1] |SPAM|#

# [? [?%#X|1] |BAD-HEADER|CLEAN]]]]#

# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ]<%o> -> [%D|,]#

# [? %q ||, quarantine: %i]#

# [? %m ||, Message-ID: %m]#

# [? %r ||, Resent-Message-ID: %r]#

# , Hits: %c#

# #, size: %z#

# #[? %j ||, Subject: "%j"]#

# #[? %#T ||, tests=[%T|,]]#

# ]

# [?%#O||Blocked #

# [? [?%#V|1] |INFECTED (%V)|#

# [? [?%#F|1] |BANNED (%F)|#

# [? [? %2|1] |SPAM|#

# [? [?%#X|1] |BAD-HEADER|CLEAN]]]]#

# , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ]<%o> -> [%O|,]#

# [? %q ||, quarantine: %i]#

# [? %m ||, Message-ID: %m]#

# [? %r ||, Resent-Message-ID: %r]#

# , Hits: %c#

# #, size: %z#

# #[? %j ||, Subject: "%j"]#

# #[? %#T ||, tests=[%T|,]]#

# ]';

# log template compatible with amavisd-new-20030616-p10:

# $log_recip_templ = undef;

# $log_templ = '

# [? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #

# <%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';

#

# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine

#

# Select notifications text encoding when Unicode-aware Perl is converting

# text from internal character representation to external encoding (charset

# in MIME terminology). Used as argument to Perl Encode::encode subroutine.

#

#   to be used in RFC 2047-encoded header field bodies, e.g. in Subject:

#$hdr_encoding = 'iso-8859-1';  # MIME charset (default: 'iso-8859-1')

#$hdr_encoding_qb = 'Q';        # MIME encoding: quoted-printable (default)

#$hdr_encoding_qb = 'B';        # MIME encoding: base64

#

#   to be used in notification body text: its encoding and Content-type.charset

#$bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')

# Default template texts for notifications may be overruled by directly

# assigning new text to template variables, or by reading template text

# from files. A second argument may be specified in a call to read_text(),

# specifying character encoding layer to be used when reading from the

# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.

# Text will be converted to internal character representation by Perl 5.8.0

# or later; second argument is ignored otherwise. See PerlIO::encoding,

# Encode::PerlIO and perluniintro man pages.

#

# $notify_sender_templ      = read_text("$MYHOME/notify_sender.txt");

# $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt");

# $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt");

# $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt");

# $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");

# $notify_spam_admin_templ  = read_text("$MYHOME/notify_spam_admin.txt");

# If notification template files are collectively available in some directory,

# one may call read_l10n_templates which invokes read_text for each known

# template. This is primarily a Debian-specific feature, but was incorporated

# into base code to facilitate porting.

#

#   read_l10n_templates('/etc/amavis/en_US');

#

# If read_l10n_templates is called, a localization template directory must

# contain the following files:

#   charset                       this file should contain a one-line name

#                                 of the character set used in the template

#                                 files (e.g. utf8, iso-8859-2, ...) and is

#                                 passed as the second argument to read_text;

#   template-dsn.txt              content fills the $notify_sender_templ

#   template-virus-sender.txt     content fills the $notify_virus_sender_templ

#   template-virus-admin.txt      content fills the $notify_virus_admin_templ

#   template-virus-recipient.txt  content fills the $notify_virus_recips_templ

#   template-spam-sender.txt      content fills the $notify_spam_sender_templ

#   template-spam-admin.txt       content fills the $notify_spam_admin_templ

# Here is an overall picture (sequence of events) of how pieces fit together

#

#   bypass_virus_checks set for all recipients? ==> PASS

#   no viruses?   ==> PASS

#   log virus     if $log_templ is nonempty

#   quarantine    if $virus_quarantine_to is nonempty

#   notify admin  if $virus_admin (lookup) nonempty

#   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)

#   add address extensions for local recipients (when enabled)

#   send (non-)delivery notifications

#      to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))

#   virus_lovers or final_destiny==D_PASS  ==> PASS

#   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)

#

# Equivalent flow diagram applies for spam checks.

# If a virus is detected, spam checking is skipped entirely.

# The following symbolic constants can be used in *_destiny settings:

#

# D_PASS     mail will pass to recipients, regardless of bad contents;

#

# D_DISCARD  mail will not be delivered to its recipients, sender will NOT be

#            notified. Effectively we lose mail (but will be quarantined

#            unless disabled). Losing mail is not decent for a mailer,

#            but might be desired.

#

# D_BOUNCE   mail will not be delivered to its recipients, a non-delivery

#            notification (bounce) will be sent to the sender by amavisd-new;

#            Exception: bounce (DSN) will not be sent if a virus name matches

#            $viruses_that_fake_sender_re, or to messages from mailing lists

#            (Precedence: bulk|list|junk), or for spam level that exceeds

#            the $sa_dsn_cutoff_level.

#

# D_REJECT   mail will not be delivered to its recipients, sender should

#            preferably get a reject, e.g. SMTP permanent reject response

#            (e.g. with milter), or non-delivery notification from MTA

#            (e.g. Postfix). If this is not possible (e.g. different recipients

#            have different tolerances to bad mail contents and not using LMTP)

#            amavisd-new sends a bounce by itself (same as D_BOUNCE).

#            Not to be used with Postfix or dual-MTA setups!

#

# Notes:

#   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible

#            for informing the sender about non-delivery, and how informative

#            the notification can be (amavisd-new knows more than MTA);

#   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status

#            notification, colloquially called 'bounce') - depending on MTA;

#            Best suited for sendmail milter, especially for spam.

#   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the

#            reason for mail non-delivery or even suppress DSN, but unable

#            to reject the original SMTP session). Best suited to reporting

#            viruses, and for Postfix and other dual-MTA setups, which can't

#            reject original client SMTP session, as the mail has already

#            been enqueued.

########

#

# Please think about what you are doing when you set these options.

# If necessary, question your origanization's e-mail policies:

#

# D_BOUNCE contributes to the overall spread of virii and spam on the

# internet. Both the envelope and header from addresses can be forged

# accurately with no effort.

# 

# D_DISCARD breaks internet mail specifications. However, with a

# properly implemented Quaratine system, the concern for breaking the

# specification is addressed to some extent.

#

# D_PASS is the safest way to handle e-mails. You must implement

# client-side filtering to handle this method.

#

# -Cory Visi <merlin@gentoo.org> 07/28/04

#

#######

$final_virus_destiny      = D_PASS;  # (defaults to D_DISCARD)

$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)

$final_spam_destiny       = D_PASS;  # (defaults to D_BOUNCE)

$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested

# Alternatives to consider for spam:

# - use D_PASS if clients will do filtering based on inserted

#   mail headers or added address extensions ('plus-addressing');

# - use D_DISCARD, if kill_level is set comfortably high;

#

# D_BOUNCE is preferred for viruses, but consider:

# - use D_PASS (or virus_lovers) to deliver viruses;

# - use D_REJECT instead of D_BOUNCE if using milter and under heavy

#   virus storm;

#

# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped

# to D_BOUNCE.

#

# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD

# and D_PASS made settings $warnvirussender and $warnspamsender only still

# marginally useful with D_PASS.

# The following $warn*sender settings are ONLY used when mail is

# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).

# Bounces or rejects produce non-delivery status notification regardless.

# Notify virus sender?

#$warnvirussender = 1;	# (defaults to false (undef))

# Notify spam sender?

#$warnspamsender = 1;	# (defaults to false (undef))

# Notify sender of banned files?

#$warnbannedsender = 1;	# (defaults to false (undef))

# Notify sender of syntactically invalid header containing non-ASCII characters?

#$warnbadhsender = 1;	# (defaults to false (undef))

# Notify virus (or banned files or bad headers) RECIPIENT?

#  (not very useful, but some policies demand it)

$warnvirusrecip = 1;	# (defaults to false (undef))

$warnbannedrecip = 1;	# (defaults to false (undef))

$warnbadhrecip = 1;	# (defaults to false (undef))

# Notify also non-local virus/banned recipients if $warn*recip is true?

#  (including those not matching local_domains*)

#$warn_offsite = 1;	# (defaults to false (undef), i.e. only notify locals)

# Treat envelope sender address as unreliable and don't send sender

# notification / bounces if name(s) of detected virus(es) match the list.

# Note that virus names are supplied by external virus scanner(s) and are

# not standardized, so virus names may need to be adjusted.

# See README.lookups for syntax, check also README.policy-on-notifications.

# If the intention is to treat all viruses as faking the sender address, it

# is equivalent but more efficient to just set $final_virus_destiny=D_DISCARD;

#

@viruses_that_fake_sender_maps = (new_RE(

  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,

  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,

  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,

  qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,

  qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan

  qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc

# [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],

# [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],

  [qr/^/ => 1],   # true by default  (remove or comment-out if undesired)

));

# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)

# - the administrator envelope address may be a simple fixed e-mail address

#   (a scalar), or may depend on the RECIPIENT address (e.g. its domain).

#

#   Empty or undef lookup disables virus admin notifications.

$virus_admin = "virusalert\@$mydomain";

# $virus_admin = 'virus-admin@example.com';

# $virus_admin = undef;   # do not send virus admin notifications (default)

#

#@virus_admin_maps = (    # by-recipient maps

#  {'not.example.com' => '',

#   '.' => 'virusalert@example.com'},

#  $virus_admin,   # the usual default

#);

# equivalent to $virus_admin, but for spam admin notifications:

# $spam_admin = "spamalert\@$mydomain";

# $spam_admin = undef;    # do not send spam admin notifications (default)

#@spam_admin_maps = (     # by-recipient maps

#  {'not.example.com' => '',

#   '.' => 'spamalert@example.com'},

#  $spam_admin,   # the usual default

#);

#advanced example, using a hash lookup table and a scalar default,

#lookup key is a recipient envelope address:

#@virus_admin_maps = (    # by-recipient maps

#  { 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com',

#    '.sub1.example.com'  => 'virusalert@sub1.example.com',

#    '.sub2.example.com'  => '',               # don't send admin notifications

#    'a.sub3.example.com' => 'abuse@sub3.example.com',

#    '.sub3.example.com'  => 'virusalert@sub3.example.com',

#    '.example.com'       => 'noc@example.com', # default for our virus senders

#  },

#  'virusalert@hq.example.com',  # catchall for the rest

#);

# sender envelope address, from which notification reports are sent from;

# may be a null reverse path, or a fully qualified address:

#   (admin and recip sender addresses default to a null return path).

#   If using strings in double quotes, don't forget to quote @, i.e. \@

#

$mailfrom_notify_admin     = "virusalert\@$mydomain";

$mailfrom_notify_recip     = "virusalert\@$mydomain";

$mailfrom_notify_spamadmin = "spam.police\@$mydomain";

# 'From' HEADER FIELD for sender and admin notifications.

# This should be a replyable address, see rfc1894. Not to be confused

# with $mailfrom_notify_sender, which is the envelope return address

# and can be empty (null reverse path) according to rfc2821.

#

# The syntax of the 'From' header field is specified in rfc2822, section

# '3.4. Address Specification'. Note in particular that display-name must be

# a quoted-string if it contains any special characters like spaces and dots.

#

# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";

# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';

# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';

# $hdrfrom_notify_admin = $mailfrom_notify_admin;

# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;

#   (default: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>")

# whom quarantined messages appear to be sent from (envelope sender);

# keeps original sender if undef, or set it explicitly, default is undef

$mailfrom_to_quarantine = '';   # override sender address with null return path

# Location to put infected mail into: (applies to 'local:' quarantine method)

#   empty for not quarantining, may be a file (Unix-style mailbox),

#   or a directory (no trailing slash)

#   (the default value is undef, meaning no quarantine)

#

$QUARANTINEDIR = "$MYHOME/quarantine";

#$quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine

#$virus_quarantine_method          = 'local:virus-%m';     # default

#$spam_quarantine_method           = 'local:spam-%m.gz';   # default

#$banned_files_quarantine_method   = 'local:banned-%m';    # default

#$bad_header_quarantine_method     = 'local:badh-%m';      # default

# Separate quarantine subdirectories virus, spam, banned and badh within

# the directory $QUARANTINEDIR may be specified by the following settings

# (the subdirectories need to exist - must be created manually):

#$virus_quarantine_method          = 'local:virus/virus-%m';

#$spam_quarantine_method           = 'local:spam/spam-%m.gz';

#$banned_files_quarantine_method   = 'local:banned/banned-%m';

#$bad_header_quarantine_method     = 'local:badh/badh-%m';

#

#use the 'bsmtp:' method as an alternative to the default 'local:'

#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%m.bsmtp";

#$spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%m.bsmtp";

#

#using the 'pipe:' method might be useful for some special purpose:

#$mailfrom_to_quarantine = undef;  # pass on the original sender address

#$spam_quarantine_method = 'pipe:argv=/usr/bin/myscript.sh spam-%b ${sender}';

#

#using the 'sql:' method to store quarantined message to a SQL database:

#$virus_quarantine_method = $spam_quarantine_method =

#  $banned_files_quarantine_method = $bad_header_quarantine_method = 'sql:';

# When using the 'local:' quarantine method (default), the following applies:

#

# A finer control of quarantining is available through

# variables $virus_quarantine_method/$spam_quarantine_method/

# $banned_files_quarantine_method/$bad_header_quarantine_method.

#

# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a

# per-recipient lookup result from lookup tables @virus_quarantine_to_maps)

# is/are interpreted as follows:

#

# VARIANT 1:

#   empty or undef disables quarantine;

#

# VARIANT 2:

#   a string NOT containing an '@';

# amavisd will behave as a local delivery agent (LDA) and will quarantine

# viruses to local files according to hash %local_delivery_aliases (pseudo

# aliases map) - see subroutine mail_to_local_mailbox() for details.

# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.

# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:

#

# * if $QUARANTINEDIR is a directory, each quarantined virus will go

#   to a separate file in the $QUARANTINEDIR directory (traditional

#   amavis style, similar to maildir mailbox format);

#

# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style

#   mailbox. All quarantined messages will be appended to this file.

#   Amavisd child process must obtain an exclusive lock on the file during

#   delivery, so this may be less efficient than using individual files

#   or forwarding to MTA, and it may not work across NFS or other non-local

#   file systems (but may be handy for pickup of quarantined files via IMAP

#   for example);

#

# VARIANT 3:

#   any email address (must contain '@').

# The e-mail messages to be quarantined will be handed to MTA

# for delivery to the specified address. If a recipient address local to MTA

# is desired, you may leave the domain part empty, e.g. 'infected@', but the

# '@' character must nevertheless be included to distinguish it from variant 2.

#

# This variant enables more refined delivery control made available by MTA

# (e.g. its aliases file, other local delivery agents, dealing with

# privileges and file locking when delivering to user's mailbox, nonlocal

# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined

# will not be handed back to amavisd for checking, as this will cause a loop

# (hopefully broken at some stage)! If this can be assured, notifications

# will benefit too from not being unnecessarily virus-scanned.

#

# By default this is safe to do with Postfix and Exim v4 and dual-sendmail

# setup, but probably not safe with sendmail milter interface without tricks.

# (default values are: virus-quarantine, banned-quarantine, spam-quarantine)

$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine

#$virus_quarantine_to = 'infected@';           # forward to MTA for delivery

#$virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar

#$virus_quarantine_to = 'virus-quarantine@example.com';  # similar

#$virus_quarantine_to = undef;                 # no quarantine

#

# lookup key is envelope recipient address:

#@virus_quarantine_to_maps = (   # per-recip multiple quarantines

#  new_RE( [qr'^user@example\.com$'i => 'infected@'],

#          [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],

#          [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'] ),

#  $virus_quarantine_to,  # the usual default

#);

# similar for banned names and bad headers and spam (set to undef to disable)

$banned_quarantine_to     = 'banned-quarantine';     # local quarantine

$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine

$spam_quarantine_to       = 'spam-quarantine';       # local quarantine

# or to a mailbox:

#$spam_quarantine_to = "spam-quarantine\@$mydomain";

#

#@spam_quarantine_to_maps = (    # per-recip multiple quarantines

#  new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ),

#  $spam_quarantine_to,  # the usual default

#);

# In addition to per-recip quarantine, a by-sender lookup is possible.

# It is similar to $spam_quarantine_to, but the lookup key is the

# envelope sender address:

#$spam_quarantine_bysender_to = undef;   # dflt: no by-sender spam quarantine

# Add X-Virus-Scanned header field to mail?

$X_HEADER_TAG = 'X-Virus-Scanned';	# (default: 'X-Virus-Scanned')

# Set to empty to add no header field	# (dflt "$myproduct_name at $mydomain")

# $X_HEADER_LINE = "$myproduct_name at $mydomain";

# $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain";

# $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at $mydomain";

# a string to prepend to Subject (for local recipients only) if mail could

# not be decoded or checked entirely, e.g. due to password-protected archives

$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it

# MIME defanging wraps the entire original mail in a MIME container of type

# 'Content-type: multipart/mixed', where the first part is a text/plain with

# a short explanation, and the second part is a complete original mail,

# enclosed in a 'Content-type: message/rfc822' MIME part.

# Defanging is only done when enabled (selectively by malware type),

# and mail is considered malware (virus/spam/...), and the malware is allowed

# to pass (*_lovers or *_destiny=D_PASS)

#

$defang_virus  = 1;  # default is false: don't modify mail body

$defang_banned = 1;  # default is false: don't modify mail body

# $defang_bad_header     = 1;  # default is false: don't modify mail body

$defang_undecipherable = 1;  # default is false: don't modify mail body

# $defang_spam = 1;  # default is false: don't modify mail body

$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone

#$remove_existing_x_scanned_headers= 1; # remove existing headers

					# (defaults to false)

#$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone

$remove_existing_spam_headers  = 1;     # remove existing spam headers if

					# spam scanning is enabled (default)

# set $bypass_decode_parts to true if you only do spam scanning, or if you

# have a good virus scanner that can deal with compression and recursively

# unpacking archives by itself, and save amavisd the trouble.

# Disabling decoding also causes banned_files checking to only see

# MIME names and MIME content types, not the content classification types

# as provided by the file(1) utility.

# It is a double-edged sword, make sure you know what you are doing!

#

#$bypass_decode_parts = 1;		# (defaults to false)

# don't trust this file type or corresponding unpacker for this file type,

# keep both the original and the unpacked file for a virus checker to see

# (lookup key is what file(1) utility returned):

#

@keep_decoded_original_maps = (new_RE(

# qr'^MAIL$',   # retain full original message for virus checking (can be slow)

  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables

  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,

# qr'^Zip archive data',      # don't trust Archive::Zip

));

# Checking for banned MIME types and names. If any mail part matches,

# the whole mail is rejected. Object $banned_filename_re provides a list

# of Perl regular expressions to be matched against each part's:

#

#  * Content-Type value (both declared and effective mime-type),

#    such as the possible security-risk content types

#    'message/partial' and 'message/external-body', as specified in rfc2046

#    or 'application/x-msdownload' and 'application/x-msdos-program';

#

#  * declared (recommended) file names as specified by MIME subfields

#    Content-Disposition.filename and Content-Type.name, both in their

#    raw (encoded) form and in rfc2047-decoded form if applicable

#    as well as (recommended) file names specified in archives;

#

#  * file content type as guessed by 'file(1)' utility, mapped

#    (by @map_full_type_to_short_type_maps) into short type names such as

#    .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always

#    starts with a dot. These short types are available unless

#    $bypass_decode_parts is true.

#

# All nodes (mail parts) of the fully recursively decoded mail and embedded

# archives are checked, each node independently from remaining nodes.

#

# For each node all its ancestor nodes including itself are checked against

# $banned_filename_re lookup list, top-down. The search for a node stops

# at the first match, the right-hand side of the matching key determines

# the result (true or false, absent right-hand side implies true, as explained

# in README.lookups).

#

# Although repeatedly re-checking ancestor nodes may seem excessive, it gives

# the opportunity to specify rules which make a particular node hide its

# descendents, e.g. allow any name or file type within a .zip, even though

# .exe files may otherwise not be allowed.

#

# Leave $banned_filename_re undefined to disable these checks

# (giving an empty list to new_RE() will also always return false)

$banned_filename_re = new_RE(

# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name

  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i,  # Class ID extensions - CLSID

  qr'^application/x-msdownload$'i,                  # block these MIME types

  qr'^application/x-msdos-program$'i,

  qr'^application/hta$'i,

# qr'^message/partial$'i,                           # rfc2046 MIME type

# qr'^message/external-body$'i,                     # rfc2046 MIME type

#    (btw, note that allowing 'message/external-body' is probably no worse

#    than allowing mail with HTML and/or allowing a user to browse the web)

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed

  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives

# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives

  qr'.\.(vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic

# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|

#        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|

#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|

#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.

  qr'^\.(exe-ms)$',                       # banned file(1) types

# qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types

);

# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631

# and http://www.cknow.com/vtutor/vtextensions.htm

# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',

# as well as any file name which happens to end with .exe. If only matching

# a file name is desired, but not the short type, a pattern qr'.\.exe$'i

# or similar may be used, which requires that at least one character precedes

# the '.exe', and so it will never match short file types which always start

# with a dot.

# the syntax of these Perl regular expressions is a bit awkward if not

# familiar with them, so please do follow examples and stick to the idioms:

#   \A        ... at the beginning of the first component

#   \z        ... at the end of the the last (leaf) component

#   ^         ... at the beginning of each component in the path

#   $         ... at the end of each component in the path

#   (.*\t)?   ... at the beginning of a field

#   (\t.*)?   ... at the end of a field

#   \t(.*\t)* ... separating fields

#   [^\t\n]   ... any single character, but don't escape from this field

#   (.*\n)+   ... one or more levels down

#   (?#...)   ... a comment within a regexp

# new-style of banned lookup table

$banned_namepath_re = new_RE(

  # block these MIME types

  qr'(?#NO X-MSDOWNLOAD)   ^(.*\t)? M=application/x-msdownload   (\t.*)? $'xmi,

  qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,

  qr'(?#NO HTA)            ^(.*\t)? M=application/hta            (\t.*)? $'xmi,

# # block rfc2046 MIME types

# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/partial       (\t.*)? $'xmi,

# qr'(?# BLOCK RFC2046 ) ^ (.*\t)? M=message/external-body (\t.*)? $'xmi,

# # within traditional Unix compressions allow any name and type

# [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2)     (\t.*)? $'xmi => 0 ],  # allow

  # within traditional Unix archives allow any name and type

  [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ],  # allow

# # block anything within a zip

# qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi,

  # block certain double extensions in filenames

  qr'(?# BLOCK DOUBLE-EXTENSIONS )

     ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.

                  (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,

# # block Class ID (CLSID) extensions in filenames

# qr'(?# BLOCK CLSID-EXTENSIONS )

#    ^ (.*\t)? N= [^\t\n]* \{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}? [^\t\n]* (\t.*)? $'xmi,

# # banned declared names with three or more consecutive spaces

# qr'(?# BLOCK NAMES WITH SPACES )

#    ^ (.*\t)? N= [^\t\n]*  [ ]{3,} 'xmi,

# # within PC archives allow any types or names at any depth

# [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 ],  # ok

# # within certain archives allow leaf members at any depth if crypted

# [ qr'(?# ALLOW ENCRYPTED )

#      ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],

# # allow crypted leaf members regardless of their name or type

# [ qr'(?# ALLOW IF ENCRYPTED )    ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],

# # block if any component can not be decoded (is encrypted or bad archive)

# qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi,

# [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES)

#      \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2)

#         \t(.*\t)* N=example\d+[^\t\n]*

#         (\t.*)? $'xmi => 0 ],

  # banned filename extensions (in declared names) anywhere - basic

  qr'(?# BLOCK COMMON NAME EXENSIONS )

     ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,

# # banned filename extensions (in declared names) anywhere - long

# qr'(?# BLOCK MORE NAME EXTENSIONS )

#    ^ (.*\t)? N= [^\t\n]* \. (

#    ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|

#    inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|

#    ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|

#    wmf|wsc|wsf|wsh) (\t.*)? $'xmi,

# # banned filename extensions anywhere - WinZip vulnerability (pre-V9)

# qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS )

#    ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi,

  [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )

       ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi

    => 'DISCARD' ],

# [ qr'(?# BLOCK EMPTY MIME PARTS )

#      ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ],

  qr'(?# BLOCK Microsoft EXECUTABLES )

     ^ (.*\t)? T=exe-ms (\t.*)? $'xm,              # banned file(1) type

# qr'(?# BLOCK ANY EXECUTABLE )

#    ^ (.*\t)? T=exe (\t.*)? $'xm,                 # banned file(1) type

# qr'(?# BLOCK THESE TYPES )

#    ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm,  # banned file(1) types

);

# use old or new style of banned lookup table; not both to avoid confusion

#

# @banned_filename_maps = ();   # to disable old-style

  $banned_namepath_re = undef;  # to disable new-style

#

# Section V - Per-recipient and per-sender handling, whitelisting, etc.

#

# @virus_lovers_maps list of lookup tables:

#   (this should be considered a policy option, is does not disable checks,

#   see bypass*checks for that!)

#

# Exclude certain RECIPIENTS from virus filtering by adding their (lower-cased)

# envelope e-mail address (or domain only) to one of the lookup tables in

# the @virus_lovers_maps list - see README.lookups and examples.

# Make sure the appropriate form (e.g. external/internal) of address

# is used in case of virtual domains, or when mapping external to internal

# addresses, etc. - this is MTA-specific.

#

# Notifications would still be generated however (see the overall

# picture above), and infected mail (if passed) gets additional header:

#   X-AMaViS-Alert: INFECTED, message contains virus: ...

# (header not inserted with milter interface!)

#

# NOTE (milter interface only): in case of multiple recipients,

# it is only possible to drop or accept the message in its entirety - for all

# recipients. If all of them are virus lovers, we'll accept mail, but if

# at least one recipient is not a virus lover, we'll discard the message.

# @bypass_virus_checks_maps list of lookup tables:

#   (this is mainly a time-saving option, unlike virus_lovers* !)

#

# Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps

# is used to skip entirely the decoding, unpacking and virus checking,

# but only if ALL recipients match the lookup.

#

# @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be checked

# for viruses - this may still happen when there is more than one recipient

# for a message and not all of them match these lookup tables, or when

# check result was cached (i.e. the same contents was recently sent to other

# recipients). To guarantee virus delivery, a recipient must also match

# @virus_lovers_maps lookups (but see milter limitations above),

# NOTE: it would not be clever to base enabling of virus checks on SENDER

# address, since there are no guarantees that it is genuine. Many viruses

# and spam messages fake sender address. To achieve selective filtering

# based on the source of the mail (e.g. IP address, MTA port number, ...),

# use mechanisms provided by MTA if available, possibly combined with policy

# banks feature.

# Similar to lists of lookup tables controlling virus checking, there are

# counterparts for spam scanning, banned names/types, and headers_checks

# control:

#   @spam_lovers_maps,

#   @banned_files_lovers_maps,

#   @bad_header_lovers_maps

# and:

#   @bypass_spam_checks_maps,

#   @bypass_banned_checks_maps,

#   @bypass_header_checks_maps

# Example:

#   @bypass_header_checks_maps = ( [qw( user@example.com )] );

#   @bad_header_lovers_maps    = ( [qw( user@example.com )] );

# The following example disables spam checking altogether,

# since it matches any recipient e-mail address.

#   @bypass_spam_checks_maps = (1);

# See README.lookups for further detail, and examples below.

# In the following example a list of lookup tables @virus_lovers_maps

# contains three elements, the first is a reference to an ACL lookup table

# (brackets in Perl indicate a ref to a list), the second is a reference

# to a hash lookup table (curly braces in Perl indicate a ref to a hash),

# the third is a regexp lookup table, indicated by the type of object

# created by new_RE() :

#

#@virus_lovers_maps = (

# [ qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ) ],

# { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation

#   'postmaster@example.com'=> 1, # in single quotes the '@' need not be quoted

#   'abuse@example.com'=> 1,

#   'some.user@'       => 1,  # this recipient, regardless of domain

#   'boss@example.com' => 0,  # never, even if domain matches

#   'example.com'      => 1,  # this domain, but not its subdomains

#   '.example.com'     => 1,  # this domain, including its subdomains

# },

# new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ),

#);

#@spam_lovers_maps = (

# ["postmaster\@$mydomain", 'postmaster@example.com', 'abuse@example.com'],

#);

#@bad_header_lovers_maps = (

# ["postmaster\@", "abuse\@$mydomain"],

#);

# to save some typing of quotes and commas, a Perl operator qw can be used

# to split its argument on whitespace and to quote resulting elements:

#@bypass_spam_checks_maps = (

#  [ qw( some.ddd !butnot.example.com .example.com ) ],

#);

# don't run spam check for these RECIPIENT domains:

#   @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] );

# or the other way around (bypass check for all BUT these):

#   @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] );

# a practical application: don't check outgoing mail for spam:

#   @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] );

# or calculated (negated) from the %local_domains:

#   @bypass_spam_checks_maps =

#     ( {map {$_ => !$local_domains{$_}} keys %local_domains}, 1);

# (a downside of which is that such mail will not count as ham in SA bayes db)

#

# Note that 'outgoing' is not the same as 'originating from inside'.

# The internal-to-internal mail is not outgoing, but is originating from

# inside. To base rules on 'originating from inside', the use of policy bank

# MYNETS is needed, in conjunction with XFORWARD Postfix extension to SMTP.

# Where to find SQL server(s) and database to support SQL lookups?

# A list of triples: (dsn,user,passw).   (dsn = data source name)

# More than one entry may be specified for multiple (backup) SQL servers.

# See 'man DBI', 'man DBD::mysql', 'man DBD: :Razz: g', ... for details.

# When chroot-ed, accessing SQL server over inet socket may be more convenient.

#

# @lookup_sql_dsn =

#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],

#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],

#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );

# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database

#

# ('mail' in the example is the database name, choose what you like)

# With PostgreSQL the dsn (first element of the triple) may look like:

#      'DBI:Pg:host=host1;dbname=mail'

# The SQL select clause to fetch per-recipient policy settings.

# The %k will be replaced by a comma-separated list of query addresses

# (e.g. full address, domain only (stripped level by level), and a catchall).

# Use ORDER if there is a chance that multiple records will match - the first

# match wins. If field names are not unique (e.g. 'id'), the later field

# overwrites the earlier in a hash returned by lookup, which is why we use

# '*,users.id' instead of just '*'. No need to uncomment the following

# assignment if the default is ok.

#   $sql_select_policy = 'SELECT *,users.id FROM users,policy'.

#     ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.

#     ' ORDER BY users.priority DESC';

#

# The SQL select clause to check sender in per-recipient whitelist/blacklist

# The first SELECT argument '?' will be users.id from recipient SQL lookup,

# the %k will be sender addresses (e.g. full address, domain only, catchall).

# The default value is:

#   $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.

#     ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.

#     '   AND (mailaddr.email IN (%k))'.

#     ' ORDER BY mailaddr.priority DESC';

#

# To disable SQL white/black list, set to undef (otherwise comment-out

# the following statement, leaving it at the default value):

$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting

# If passing malware to certain recipients ($final_*_destiny=D_PASS or

# *_lovers), the recipient-based lookup tables @addr_extension_*_maps may

# return a string, which (if nonempty) will be added as an address extension

# to the local-part of the recipient's address. This extension may be used

# by the final local delivery agent (LDA) to place such mail into different

# subfolders (the extension is usually interpreted as a folder name).

# This is sometimes known as the 'plus addressing'. Appending address

# extensions is prevented when:

# - recipient does not match lookup tables @local_domains_maps;

# - lookup into corresponding @addr_extension_*_maps results

#   in an empty string or undef;

# - $recipient_delimiter is empty (see below)

# LDAs usually default to stripping away address extension if no special

# handling is specified or if a named subfolder or alias does not exist,

# so adding address extensions normally does no harm.

# @addr_extension_virus_maps  = ('virus');     # defaults to empty

# @addr_extension_spam_maps   = ('spam');      # defaults to empty

# @addr_extension_banned_maps = ('banned');    # defaults to empty

# @addr_extension_bad_header_maps = ('badh');  # defaults to empty

#

# A more complex example:

# @addr_extension_virus_maps = (

#   {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' );

# Delimiter between local part of the envelope recipient address and address

# extension (which can optionally be added, see @addr_extension_*_maps. E.g.

# recipient address <user@example.com> is changed to <user+virus@example.com>.

#

# Delimiter must match the equivalent (final) MTA delimiter setting.

# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)

# Setting it to an empty string or to undef disables adding extensions

# regardless of $addr_extension_*_maps.

# $recipient_delimiter = '+';		# (default is undef, i.e. disabled)

# true: replace extension;  false: append extension

# $replace_existing_extension = 1;	# (default is true)

# Affects matching of localpart of e-mail addresses (left of '@')

# in lookups: true = case sensitive, false = case insensitive

$localpart_is_case_sensitive = 0;	# (default is false)

# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

# Instead of hard black- or whitelisting, a softer approach is to add

# score points (penalties) to the SA score for mail from certain senders.

# Positive points lean towards blacklisting, negative towards whitelisting.

# This is much like adding SA rules or using its white/blacklisting, except

# that here only envelope sender addresses are considered (not addresses

# in a mail header), and that score points can be assigned per-recipient

# (or globally), and the assigned penalties are customarily much lower

# than the default SA white/blacklisting score.

#

# The table structure is similar to $per_recip_blacklist_sender_lookup_tables

# i.e. the first level key is recipient, pointing to by-sender lookup tables.

# The essential difference is that scores from _all_ matching by-recipient

# lookups (not just the first that matches) are summed to give the final

# score boost. That means that both the site and domain administrators,

# as well as the recipient can have a say on the final score.

#

# NOTE: keep hash keys in lowercase, either manually or by using function lc

@score_sender_maps = ({  # a by-recipient hash lookup table

# # per-recipient personal tables  (NOTE: positive: black, negative: white)

# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],

# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],

# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,

#                           '.cleargreen.com'           => -5.0}],

  # site-wide opinions about senders (the '.' matches any recipient)

  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist

    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],

    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],

    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],

    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],

    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],

    [qr'^(your_friend|greatoffers)@'i                                => 5.0],

    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],

   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)

     'nobody@cert.org'                        => -3.0,

     'cert-advisory@us-cert.gov'              => -3.0,

     'owner-alert@iss.net'                    => -3.0,

     'slashdot@slashdot.org'                  => -3.0,

     'bugtraq@securityfocus.com'              => -3.0,

     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,

     'security-alerts@linuxsecurity.com'      => -3.0,

     'mailman-announce-admin@python.org'      => -3.0,

     'amavis-user-admin@lists.sourceforge.net'=> -3.0,

     'notification-return@lists.sophos.com'   => -3.0,

     'owner-postfix-users@postfix.org'        => -3.0,

     'owner-postfix-announce@postfix.org'     => -3.0,

     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,

     'sendmail-announce-request@lists.sendmail.org' => -3.0,

     'donotreply@sendmail.org'                => -3.0,

     'ca+envelope@sendmail.org'               => -3.0,

     'noreply@freshmeat.net'                  => -3.0,

     'owner-technews@postel.acm.org'          => -3.0,

     'ietf-123-owner@loki.ietf.org'           => -3.0,

     'cvs-commits-list-admin@gnome.org'       => -3.0,

     'rt-users-admin@lists.fsck.com'          => -3.0,

     'clp-request@comp.nus.edu.sg'            => -3.0,

     'surveys-errors@lists.nua.ie'            => -3.0,

     'emailnews@genomeweb.com'                => -5.0,

     'yahoo-dev-null@yahoo-inc.com'           => -3.0,

     'returns.groups.yahoo.com'               => -3.0,

     'clusternews@linuxnetworx.com'           => -3.0,

     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,

     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)

     'sender@example.net'                     =>  3.0,

     '.example.net'                           =>  1.0,

   },

  ],  # end of site-wide tables

});

# ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT)

# (affects spam checking only, has no effect on virus and other checks)

# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted

# senders even if the message would be recognized as spam. Effectively, for

# the specified senders, message recipients temporarily become 'spam_lovers'.

# To avoid surprises, whitelisted sender also suppresses inserting/editing

# the tag2-level header fields (X-Spam-*, Subject), appending spam address

# extension, and quarantining.

#

# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.

# Effectively, for messages from blacklisted envelope sender addresses, spam

# level is artificially pushed high, and the normal spam processing applies,

# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual

# reactions to spam, including possible rejection. If the message nevertheless

# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED

# in the 'X-Spam-Status' header field, but the reported spam value and

# set of tests in this report header field (if available from SpamAssassin,

# which may or may not have been called) is not adjusted.

#

# A sender may be both white- and blacklisted at the same time, settings

# are independent. For example, being both white- and blacklisted, message

# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;

# X-Spam-Status: No, ...), but the reported spam level (if computed) may

# still indicate high spam score.

#

# If ALL recipients of the message either white- or blacklist the sender,

# spam scanning (calling the SpamAssassin) is bypassed, saving on time.

#

# The following variables (lists of lookup tables) are available,

# with the semantics and syntax as specified in README.lookups:

# @whitelist_sender_maps, @blacklist_sender_maps

# SOME EXAMPLES:

#

#ACL:

# @whitelist_sender_maps = ( ['.example.org', '.example.net'] );

# @whitelist_sender_maps = ( [qw(.example.org  .example.net)] );  # same thing

#

# @whitelist_sender_maps = ( [".$mydomain"] );  # $mydomain and its subdomains

# NOTE: This is not a reliable way of turning off spam checks for

#   locally-originating mail, as sender address can easily be faked.

#   To reliably avoid spam-scanning outgoing mail, use @bypass_spam_checks_maps

#   for nonlocal recipients. To reliably avoid spam scanning for locally

#   originating mail (including internal-to-internal mail), recognized by

#   the original SMTP client IP address matching @mynetworks, use policy bank

#   MYNETS, adjust @mynetworks, and turn on XFORWARD in the Postfix smtp client

#   service feeding amavisd.

#with regexps:

# @whitelist_sender_maps = ( new_RE(

#   qr'^postmaster@.*\bexample\.com$'i,

#   qr'^owner-[^@]*@'i,  qr'-request@'i,

#   qr'\.example\.com$'i

# ));

# illustrates the use of regexp lookup table:

@blacklist_sender_maps = ( new_RE(

    qr'^(bulkmail|oLast edited by unclefu on Sun Jul 17, 2005 8:12 am; edited 1 time in total

----------

## TheRAt

cannot see the following section in your config file:

```
# SpamAssassin settings

# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value

# of the option local_tests_only. See Mail::SpamAssassin man page.

# If set to 1, no SA tests that require internet access will be performed.

#

$sa_local_tests_only = 0;   # (default: false)

$sa_auto_whitelist = 1;    # turn on AWL in SA 2.63 or older (irrelevant

                            # for SA 3.0, its cf option is use_auto_whitelist)

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger

                # (less than 1% of spam is > 64k)

                # default: undef, no limitations

# default values, customarily used in the @spam_*_level_maps as the last entry

$sa_tag_level_deflt  = 2.0; # add spam info headers if at, or above that level;

                # undef is interpreted as lower than any spam level

$sa_tag2_level_deflt = 6.31;# add 'spam detected' headers at that level to

                            # passed mail (e.g. when $final_spam_destiny=D_PASS

                            # or for spam_lovers or when below kill_level)

$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions

                # at or above that level: bounce/reject/drop,

                # quarantine, and adding mail address extension

$sa_dsn_cutoff_level = 40;  # spam level beyond which a DSN is not sent,

                            # effectively turning D_BOUNCE into D_DISCARD;

                            # undef disables this feature and is a default;
```

----------

## unclefu

Oops seems it has been to big, here is the section:

 *Quote:*   

> 
> 
> # SpamAssassin settings
> 
> # $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
> ...

 

----------

## unclefu

The my domain switch     wsa worng·..  :Sad: 

----------

