informatique:reseau:messagerie:amavis

Ceci est une ancienne révision du document !

Exemple de fichier de configuration : //50-user//

use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

# GENERAL
$MYHOME = '/var/lib/amavis';   # (default is '/var/amavis')
$mydomain = 'test.com';      # (no useful default)
#$myhostname = //;
$daemon_user  = 'amavis';       # (no default (undef))
$daemon_group = 'amavis';       # (no default (undef))
$TEMPBASE = $MYHOME;           # (must be set if other config vars use is)
#$helpers_home = $MYHOME;      # (defaults to $MYHOME)
$pid_file  = "/var/run/amavis/amavisd.pid";  # (default: "$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
$max_servers  =  2;   # number of pre-forked children          (default 2)
$max_requests = 10;   # retire a child after that many accepts (default 10)
$child_timeout=5*60;  # abort child if it does not complete each task in n sec
                      # (default: 8*60 seconds)
read_hash(\%local_domains, '/etc/amavis/local_domains');
#...

@local_domains_acl = ( ".test.com" );

# LOGGING AND DEBUGGING
$DO_SYSLOG = 1;                 # (defaults to false)
#$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')

#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 0;         # (defaults to 0)

# MTA INTERFACE - INPUT
$inet_socket_port = 10024;        # accept SMTP on this local TCP port
$inet_socket_bind = '127.0.0.1';  # limit socket bind to loopback interface
@inet_acl = qw( 127.0.0.1 [::1]);      # allow SMTP access only from localhost IP
$insert_received_line = 1;
$unix_socketname = undef;         # disable listening on a unix socket

# MTA INTERFACE - OUTPUT

# Mail Forwarding
$forward_method = 'smtp:[127.0.0.1]:10025';  # where to forward checked mail


# NOTIFICATIONS
$notify_method = $forward_method;          # where to submit notifications
#$mailfrom_notify_admin     = "virusalert\@$mydomain";
#$mailfrom_notify_recip     = "virusalert\@$mydomain";
#$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
$warn_offsite = undef;    # (defaults to false (undef), i.e. only notify locals)

# BAD HEADER
$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested
$bad_header_quarantine_to = undef;
$warnbadhsender = undef;    # (defaults to false (undef))

# ANTI-VIRUS AND INVALID/FORBIDDEN CONTENTS CONTROLS
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_virus_checks_acl =  map ( {'!'.$_} keys(%local_domains));
push(@bypass_virus_checks_acl,'.');

$final_virus_destiny      = D_BOUNCE; # (defaults to D_BOUNCE)
$virus_quarantine_to  = 'virus@test.com';
$first_infected_stops_scan = 1;  # default is false, all scanners are called
$X_HEADER_TAG = 'X-Virus-Scanned';      # (default: undef)
$remove_existing_x_scanned_headers = undef; # leave existing X-Virus-Scanned alone
$replace_existing_extension = 1;        # (default is false)
$localpart_is_case_sensitive = undef;   # (default is false)
$warnvirussender = 1;       # (defaults to false (undef))
$warnvirusrecip = 1;        # (defaults to false (undef))
$virus_admin = "postmaster\@$mydomain";         # due to D_DISCARD default

# BANNING
$final_banned_destiny     = D_PASS;  # (defaults to D_BOUNCE)
$banned_quarantine_to     = undef;
$warnbannedrecip = 1;       # (defaults to false (undef))
$warnbannedsender = 1;      # (defaults to false (undef))
#$banned_filename_re = new_RE(
##  qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
#   qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # some double extensions
#   qr'[{}]',     # curly braces in names (serve as Class ID extensions - CLSID)
##  qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i,           # banned extension - basic
##  qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
##         jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
##         vbe|vbs|wsc|wsf|wsh)$'ix,                  # banned extension - long
##  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
##  qr'^\.(zip|lha|tnef|cab)$'i,                      # banned file(1) types
##  qr'^\.exe$'i,                                     # banned file(1) types
##  qr'^application/x-msdownload$'i,                  # banned MIME types
##  qr'^application/x-msdos-program$'i,
#   qr'^message/partial$'i,  # rfc2046. this one is deadly for Outcrook
##  qr'^message/external-body$'i, # block rfc2046
#);

# ANTI-SPAM CONTROLS
@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
@bypass_spam_checks_acl =  map ( {'!'.$_} keys(%local_domains));
push(@bypass_spam_checks_acl,'.');

$final_spam_destiny  = D_BOUNCE;  # (defaults to D_REJECT)
$sa_local_tests_only = undef;   # (default: false)
$sa_auto_whitelist = undef;   # defaults to undef
$sa_tag_level_deflt  = -10000; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 12; # triggers spam evasive actions
$sa_dsn_cutoff_level = undef;  # spam level beyond which a DSN is not sent,
                            # effectively turning D_BOUNCE into D_DISCARD;
                            # undef disables this feature and is a default;
$sa_spam_subject_tag = '***SPAM*** ';   # (defaults to undef, disabled)
$sa_spam_modifies_subj = 0; # may be a ref to a lookup table, default is true
$remove_existing_spam_headers  = 0;     # remove existing spam headers if
$spam_quarantine_to = "spam\@test.com";
$warnspamsender = 1;        # (defaults to false (undef))

#------------ Do not modify anything below this line -------------
1;  # insure a defined return

# vim: filetype=perl

Signification D_PASS, D_REJECT, D_BOUNCE, D_DISCARD

  • D_PASS :
    • Le message sera distribué aux destinataires.
    • A utiliser en général pour le marquage de spam.
  • D_BOUNCE :
    • Le message sera stoppé et une notification généré par AMAVIS sera envoyé.
  • D_DISCARD :
    • Le message sera stoppé de façon discrète et aucune notification ne sera envoyé.
  • D_REJECT :
    • Le message sera stoppé et une notification SMTP (non-delivery) sera envoyé.

Pyzor

pyzor discover
pyzor ping

Remarques :

  • Firewalling : le port 24441 UDP doit être ouvert vers l'extérieur.
  • Si le discover pause problème. Ouvrir le fichier ~/.pyzor/servers et mettre dans le fichier :
82.94.255.100:24441

Razor

su - amavis
razor-admin -discover
razor-admin -create
razor-admin -register -user postmaster@test.com
razor-admin -discover

Remarque :

  • Firewalling : le port 2703 TCP doit être ouvert vers l'extérieur.

Références

  • informatique/reseau/messagerie/amavis.1266419711.txt.gz
  • Dernière modification : 2011/06/21 12:48
  • (modification externe)