# Sample config file for rmilter
# $Id$
#
# .include - directive to include other config file
#.include ./rmilter-grey.conf
clamav {
# servers - clamav socket definitions in format:
# /path/to/file
# host[:port]
# sockets are separated by ','
# Default: empty
#servers = localhost;
# connect_timeout - timeout in miliseconds for connecting to clamav
# Default: 1s
connect_timeout = 1s;
# port_timeout - timeout in miliseconds for waiting for clamav port response
# Default: 4s
port_timeout = 4s;
# results_timeout - timeout in miliseconds for waiting for clamav response
# Default: 20s
results_timeout = 20s;
# error_time - time in seconds during which we are counting errors
# Default: 10
error_time = 10;
# dead_time - time in seconds during which we are thinking that server is down
# Default: 300
dead_time = 300;
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
# this upstream is dead
# Default: 10
maxerrors = 10;
};
spamd {
servers = r:localhost:11333;
connect_timeout = 1s;
results_timeout = 20s;
error_time = 10;
dead_time = 300;
maxerrors = 10;
reject_message = "Spam? No way!";
whitelist = 127.0.0.1/32;
rspamd_metric = "default";
};
redis {
# servers_grey - redis servers for greylisting in format:
# host[:port][, host[:port]]
servers_grey = localhost;
# servers_white - redis servers for whitelisting in format similar to that is used
# in servers_grey
# servers_white = redis.example.com:6379;
# servers_limits - redis servers used for limits storing, can not be mirrored
servers_limits = localhost;
# servers_id - redis servers used for message id storing, can not be mirrored
servers_id = localhost;
# id_prefix - prefix for extracting message ids from redis
# Default: empty (no prefix is prepended to key)
id_prefix = "message_id.";
# grey_prefix - prefix for extracting greylisted records from redis
# Default: empty (no prefix is prepended to key)
grey_prefix = "grey.";
# id_prefix - prefix for extracting whitelisted records from redis
# Default: empty (no prefix is prepended to key)
white_prefix = "white.";
# connect_timeout - timeout in miliseconds for waiting for redis
# Default: 1s
connect_timeout = 1s;
# error_time - time in seconds during which we are counting errors
# Default: 10
error_time = 10;
# dead_time - time in seconds during which we are thinking that server is down
# Default: 300
dead_time = 300;
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
# this upstream is dead
# Default: 10
maxerrors = 10;
};
# bind_socket - socket credits for local bind:
# unix:/path/to/file - bind to local socket
# inet:port@host - bind to inet socket
# Default: bind_socket = unix:/var/tmp/rmilter.sock;
#bind_socket = unix:/run/rmilter/rmilter.sock;
# tempdir - path to directory that contains temporary files
# Default: $TMPDIR
tempdir = /tmp;
# tempfiles_mode - set permission for temp files
# Default: 00600
tempfiles_mode = 00600;
# max_size - maximum size of scanned mail with clamav and dcc
# Default: 0 (no limit)
max_size = 10M;
# strict_auth - strict checks for mails from authenticated senders
# Default: no
strict_auth = no;
# spf_domains - path to file that contains hash of spf domains
# Default: empty
#spf_domains = example.com;
# use_dcc - whether use or not dcc system
# Default: no
use_dcc = no;
# rule definition:
# rule {
# accept|discard|reject|tempfail|quarantine "[message]"; <- action definition
# [not] connect <regexp> <regexp>; <- conditions
# helo <regexp>;
# envfrom <regexp>;
# envrcpt <regexp>;
# header <regexp> <regexp>;
# body <regexp>;
# };
# limits section
limits {
# Whitelisted ip or networks
#limit_whitelist = 194.67.45.4/32;
# Whitelisted recipients
limit_whitelist_rcpt = postmaster, mailer-daemon;
# Addrs for bounce checks
limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon;
# Limit for bounce mail
limit_bounce_to = 5:0.000277778;
# Limit for bounce mail per one source ip
limit_bounce_to_ip = 5:0.000277778;
# Limit for all mail per recipient
limit_to = 20:0.016666667;
# Limit for all mail per one source ip
limit_to_ip = 30:0.025;
# Limit for all mail per one source ip and from address
limit_to_ip_from = 100:0.033333333;
};
greylisting {
timeout = 300s;
expire = 3d;
whitelist = 127.0.0.1,
192.168.1.1,
192.168.2.0/24;
};
dkim {
# Sample for dkim specific keys
# domain {
# key = /etc/dkim/dkim_example.key;
# domain = "example.com";
# selector = "dkim";
# };
# domain {
# key = /etc/dkim/dkim_test.key;
# domain = "test.com";
# selector = "dkim";
# };
# Universal selector, keys will be checked for pattern /etc/dkim/<domain>.<selector>.key
domain {
key = /etc/dkim;
domain = "*";
selector = "dkim";
};
header_canon = relaxed;
body_canon = relaxed;
sign_alg = sha256;
};
# Order of checks at EOM:
#
# SPF -> DCC -> CLAMAV