|
MailScanner.conf − Main configuration for MailScanner |
|
none |
|
MailScanner is configured using the file MailScanner.conf. The location of this file varies from operating system to operating system: |
|
Linux: |
/etc/MailScanner |
|
FreeBSD: /usr/local/etc/MailScanner Blank lines are ignored, as are leading and trailing spaces. Comments start at a ’#’ character and extend to the end of the line. All options are expressed in the form option = value Many of the options can also be the filename of a ruleset, which can be used to control features depending on the addresses of the message, and/or the IP address where the message came from. You will find some examples of rulesets and an explanation of them in the "rules" directories within the MailScanner installation and in the section "RULESETS" later in this manpage. The options are best listed in a few categories. This is also the order in which you will find them in the MailScanner.conf file. If this list looks very large then don’t worry, the supplied MailScanner.conf file (or MailScanner.conf.sample) contains sensible defaults for all the values. You will probably only need to change a very few of them to start with. |
|
Max Children |
|
Default: 5 MailScanner uses your server efficiently by running several identical processes at the same time, all processing mail. This is the number of these processes to run at once. Turning this figure will optimise the performance of your system if you process a lot of mail. A good figure to start with is 5 children per CPU. So if you have 4 CPUs in your server, start by setting this to 20. |
|
Run as User |
|
Default: not to change user Provided for Exim users (and anyone not running sendmail as root), this changes the user under which MailScanner runs. |
|
Run as Group |
|
Default: not to change group Provided for Exim users (and anyone not running sendmail as root), this changes the group under which MailScanner runs. |
|
Queue Scan Interval |
|
Default: 5 How often (in seconds) should each process check the incoming mail queue for new messages? If you have a quiet mail server, you might want to increase this value so it causes less load on your server, at the cost of slightly increasing the time taken for an average message to be processed. |
|
Incoming Queue Dir |
|
Default: /var/spool/mqueue.in Directory in which MailScanner should find e−mail messages for scanning. This can be any of the following: 1. a directory name. Example: /var/spool/mqueue.in 2. a wildcard giving directory names. Example: /var/spool/mqueue.in/* 3. the name of a file containing a list of directory names, which can in turn contain wildcards. Example: /usr/local/etc/MailScanner/mqueue.in.list.conf |
|
Outgoing Queue Dir |
|
Default: /var/spool/mqueue Directory in which MailScanner should place scanned e−mail messages. This can also be the filename of a ruleset. |
|
Incoming work dir |
|
Default: /opt/MailScanner/var/incoming Directory in which to temporarily store unpacked MIME messages during scanning process. |
|
Quarantine Dir |
|
Default: /opt/MailScanner/var/quarantine Set where to store infected messages and attachments (if they are kept). This can also be the filename of a ruleset. |
|
PID file |
|
Default: /opt/MailScanner/var/MailScanner.pid Set where to store the process id number so you can stop MailScanner. In the FreeBSD port this should remain /var/run/MailScanner.pid in order for the start/stop script to work. |
|
Restart Every |
|
Default: 14400 To avoid resource leaks the MailScanner parent process stops and restarts its child processes from time to time. Set the amount of seconds each child process is supposed to live here. |
|
MTA |
Default: sendmail |
|
MailScanner works with sendmail and exim. Since the queue handling differs a bit, you have to tell MailScanner which MTA you are using. Valid options are sendmail and exim. |
|
Sendmail |
|
Default: /usr/lib/sendmail Set how to invoke MTA when sending messages MailScanner has created (e.g. to sender/recipient saying "found a virus in your message"). This can also be the filename of a ruleset. |
|
Sendmail2 |
|
Default: same value as the Sendmail setting Sendmail2 is provided for exim users. It is the command used to attempt
delivery of outgoing cleaned/disinfected messages. This is not usually
required for sendmail. |
|
Max Unscanned Bytes Per Scan |
|
Default: 100000000 MailScanner handles messages in batches for efficiency. Messages are gathered (in strict date order) from the incoming queue directory, one at a time, until this or one of the following three limits is reached or the queue is empty. This setting limits the total size of messages per batch for which no scanning is done (i.e. Virus Scanning = no). |
|
Max Unsafe Bytes per Scan |
|
Default: 50000000 This setting limits the total size of messages per batch for which scanning is done (i.e. Virus Scanning = yes). |
|
Max Unscanned Messages Per Scan |
|
Default: 100 This setting limits the total number of messages per batch for which no scanning is done (i.e. Virus Scanning = no). |
|
Max Unsafe Messages per Scan |
|
Default: 100 This setting limits the total number of messages per batch for which scanning is done (i.e. Virus Scanning = yes). |
|
Expand TNEF |
|
Default: yes TNEF is primarily used by Microsoft programs such as Outlook and Outlook Express when mails are formatted/sent in Rich−Text−Format. Attachments are all put together in one WINMAIL.DAT file. Should we use a TNEF decoder (external or Perl module)? This should be "yes" unless the scanner you are using (Sophos, McAfee) has the facility built−in. However, if you set it to "no", then the filenames within the TNEF attachment will not be checked against the filename rules. |
|
Deliver Unparsable TNEF |
|
Default: no Rich Text format attachments produced by some versions of Microsoft Outlook cannot be completely decoded at present. Setting this option to yes allows compatibility with the behaviour of earlier versions where these attachments were still delivered. This would introduce the slight chance of a virus getting through in the segment of the attachment that could not be decoded, but the setting may be necessary if you have a large number of Microsoft Outlook users who are troubled by the new behaviour. |
|
TNEF Expander |
|
Default: /opt/MailScanner/bin/tnef Full pathname giving location of the MS−TNEF expander/decoder program, or the keyword internal which will force use of the optional Perl Convert::TNEF module instead of the external program. |
|
TNEF Timeout |
|
Default: 120 The maximum length of time (in seconds) the TNEF Expander is allowed to run for diassembling one attachment. |
|
Block Encrypted Messages |
|
Default: no This is inteded for use with a ruleset to ensure that none of your users is covertly mailing sites with which you would not normally communicate (e.g. your competitors). If this is set to yes (or the ruleset evaluates to yes) encrypted messages are blocked. |
|
Block Unencrypted Messages |
|
Default: no This is intended for use with a ruleset to ensure that mail is always encrypted before being sent. This could be used to ensure that mail to your business partners is sent securely. |
|
Virus Scanning |
|
Default: yes Do you want to scan email for viruses? A few people don’t have virus
scanner licence and so want to disable all the virus scanning. |
|
Virus Scanners |
|
Default: none Which Virus Scanning package to use. Possible choices are sophos, mcafee, command, kaspersky, kavdaemonclient, inoculate, onoculan, nod32, f−secure, f−prot, panda, rav, antivir, clamav, trend, none (no virus scanning at all) Note for McAfee users: Do NOT use any symlinks with McAfee at all. It is very strange but McAfee may not detect all viruses when started from a symlink or scanning a directory path including symlinks. Note: If you want to use multiple virus scanners, then this should be a space−separated list of virus scanners. |
|
Virus Scanner Timeout |
|
Default: 300 The maximum time (in seconds) that the cirus scanner is allowed to take to scan one batch of messages. |
|
Deliver Disinfected Files |
|
Default: yes Should infected attached documents be automatically disinfected and sent on to the original recipients? |
|
Silent Viruses |
|
Default: Klez Yaha−E Bugbear Braid−A WinEvar Messages whose virus reports contain any of the words listed here will be treated as "silent" viruses. No messages will be sent back to the senders of these viruses, and the delivery to the recipient of the message can be controlled by the next option "Still Deliver Silent Viruses". This is primarily designed for viruses such as "Klez" and "Bugbear" which put fake addresses on messages they send, so there is no point informing the sender of the message, as it won’t actually be them who sent it anyway. |
|
Still Deliver Silent Viruses |
|
Default: yes If this is set to yes then disinfected messsages that originally contained one of the "silent" viruses will still be delivered to the original recipients, even those addresses were chosen at random by the infected PC and do not correspond to anything a user intended to send. Set this to yes so that your users (and your management) appreciate how much MailScanner is doing to protect them, but set it to no if they complain a lot about receiving lots of virus warnings. |
|
Allowed Sophos Error Messages |
|
Default: Anything on the next line that appears in brackets at the end of a line of output from Sophos will cause the error/infection to be ignored. Use of this option is dangerous, and should only be used if you are having trouble with lots of corrupt PDF files, for example. |
|
Allow Partial Messages |
|
Default: no Do you want to allow partial messages, which only contain a fraction of
the attachments, not the whole thing? There is no way that "partial
messages" can be scanned for viruses properly, as only a fragment of the
message is ever processed, never the whole message at once. |
|
Allow External Message Bodies |
|
Default: no There is a mechanism, very rarely used, in which the body of a message
is contained on a remote server, which the user’s email application should
download when it displays the message. Currently, I am only aware of this
feature being supported by a few versions of Netscape, and the only people
who use it are the IETF. There is no way to guarantee that the fetched
file has no viruses in it, as MailScanner never sees it. |
|
Allow IFrame Tags |
|
Default: no Do you want to allow HTML <IFrame> tags in email messages? This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to go unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy. |
|
Log IFrame Tags |
|
Default: no You may receive complaints from your users that HTML mailing lists they subscribe to have been stopped by the "Allow IFrame Tags" option above. So before you use the option above, set this option to "yes" and MailScanner will log the senders all messages which contain IFrame tags. You can then setup a ruleset for the option above which will allow IFrame tags in messages sent by well known (and trusted) mailing lists, while banning them from everywhere else. |
|
Allow Object Codebase Tags |
|
Default: no Do you want to allow HTML <Object Codebase=...> tags in email messages? This will allow various Microsoft security vulnerabilities to go unprotected. I strongly advise you set this to "no" unless you have a very specific requirement. |
|
Convert Dangerous HTML To Text |
|
Default: no When <IFrame> or <Object Codebase=...> HTML tags are allowed in messages, would you like to convert any messages containing them to be plain text. This is very useful as an alternative to either banning them using the 2 options above, or else allowing them through untouched. This option will still give the users the chance to read the text content of the message while not exposing them to potentially dangerous or offensive HTML content. |
|
Convert HTML To Text |
|
Default: no If you have users who are children, or who are offended by things like pornographic spam email, you can protect them by converting incoming HTML email messages into plain text. HTML attachments will not be affected. You could set this to be a ruleset so you only convert messages addressed to some of your users, or not convert messages from some known trusted sources. This can be essential if you have a "duty of care" for some of your users. |
|
Filename Rules |
|
Default: /opt/MailScanner/etc/filename.rules.conf File in which to store the attachment filename ruleset. This can be a ruleset allowing different filename rules to apply to different users or domains. The syntax of this file is described in section "Attachment Filename Ruleset". |
|
Quarantine Infections |
|
Default: yes Set this to store infected / dangerous attachments in directories created under the quarantine directory. Without this, they will be deleted. Due to laws on privacy and data protection in your country, you may be forced to set this to "no". |
|
Quarantine Whole Message |
|
Default: no When an infected message is stored in the quarantine, a copy of the entire message will be saved, in addition to copies of the infected attachments. |
|
Quarantine Whole Messages As Queue Files |
|
Default: no When an entire message is saved in the quarantine for any reason, do you want to save it as the raw data files out of the mail queue (which can be processed with the df2mbox script, and which is easier to send to its original recipients), or do you want a conventional message file consisting of the header followed by the body of the message. If the previous option is switched off, then this will only affect archived mail and quarantined spam. If the previous option is on, then this also affects quarantined infections. |
|
Language Strings |
|
Default: /opt/MailScanner/etc/reports/en/languages.conf Set where to find all the strings used so they can be translated into your local language. This can also be the filename of a ruleset so you can produce different languages for different messages. |
|
Deleted Bad Filename Message Report |
|
Default:
/opt/MailScanner/etc/reports/en/deleted.filename.message.txt When an attachment is deleted from a message because the filename failed the filename rules in force for the message, it is replaced by the contents of this file. A few variable substitutions can be made in this file, an example of each of which is contained in the supplied sample file. |
|
Deleted Virus Message Report |
|
Default:
/opt/MailScanner/etc/reports/en/deleted.virus.message.txt When an attachment is deleted from a message because the attachment contained a virus or other dangerous content, it is replaced by the contents of this file. A few variable substitutions can be made in this file, an example of each of which is contained in the supplied sample file. |
|
Stored Bad Filename Message Report |
|
Default:
/opt/MailScanner/etc/reports/en/stored.filename.message.txt When an attachment is deleted from a message (and the attachment has been stored in the quarantine) because the filename failed the filename rules in force for the message, it is replaced by the contents of this file. A few variable substitutions can be made in this file, an example of each of which is contained in the supplied sample file. |
|
Disinfected Report |
|
Default:
/opt/MailScanner/etc/reports/en/disinfected.report.txt When, for example, a Microsoft Word macro virus has been safely removed from a document, leaving the original document intact, it is delivered on to the original recipient. The contents of this text file will be put in the body of the new message, explaining to the user what has happened. |
|
Inline HTML Signature |
|
Default: /opt/MailScanner/etc/reports/en/inline.sig.html If the "Sign Clean Messages" option is set, then the contents of this file will be appended to the end of the body of every message that is scanned by MailScanner. You can use this to inform your users that MailScanner has scanned it, and you can also add any disclaimers you feel should be on mail travelling through your servers. This option corresponds to the contents that is appended to HTML messages. |
|
Inline Text Signature |
|
Default: /opt/MailScanner/etc/reports/en/inline.sig.txt If the "Sign Clean Messages" option is set, then the contents of this file will be appended to the end of the body of every message that is scanned by MailScanner. You can use this to inform your users that MailScanner has scanned it, and you can also add any disclaimers you feel should be on mail travelling through your servers. This option corresponds to the contents that is appended to text messages. |
|
Sender Error Report |
|
Default:
/opt/MailScanner/etc/reports/en/sender.error.report.txt When a message could not be processed completely for some reason, such as bad message structure or unreadable winmail.dat TNEF attachments, this message is sent back to the sender. Read the example file supplied for a demonstration of what variables can be used inside the file. |
|
Sender Bad Filename Report |
|
Default:
/opt/MailScanner/etc/reports/en/sender.filename.report.txt When an attachment is trapped by the filename rules, this message is sent back to the sender. : |
|
Sender Virus Report |
|
Default:
/opt/MailScanner/etc/reports/en/sender.virus.report.txt When an attachment is removed because of a virus, this message is sent back to the sender. |
|
Hide Incoming Work Dir |
|
Default: yes When this option is set, the full directory in which the virus was found will be removed from report messages sent to users. This makes the infection reports a lot easier to understand. |
|
Include Scanner Name in Reports |
|
Default: yes Include the name of the virus scanner in each of the scanner reports. Very useful if you use several virus scanners, but a bad idea if you don’t want to let your customers know which scanners you use. |
|
Mail Header |
|
Default: X−MailScanner: Extra header that should be added to all scanned messages to show they have been scanned. You might want to add an abbreviation of your site name to this, so that you can find headers that are added by your MailScanner server. |
|
Spam Header |
|
Default: X−MailScanner−SpamCheck: Name of the header to add to mail detected as spam. The text of the header is a list of the causes that think the message is spam. |
|
Spam Score Header |
|
Default: X−MailScanner−SpamScore: If the option "Spam Score" is set, this is the name of the header that is used to contain the list of characters. |
|
Information Header |
|
Default: X−MailScanner−Information: Name of the header to add to all messages, to be used for simply providing a URL or contact information for anyone receiving mail that has gone through MailScanner. If you do not want this header, simply set it blank. |
|
Detailed Spam Report |
|
Default: yes If this is set to yes then you get the normal fully detailed spam report in spam messages. If this is set to no then you simply get a "spam" or "not spam" report. The exact text inserted can be configured in the languages.conf file for your language. |
|
Spam Score Character |
|
Default: s If the option "Spam Score" is set, this is the character that will be repeated in the "Spam Score Header", one letter for each point in the SpamAssassin score. |
|
Clean header Value |
|
Default: Found to be clean This is the text that is added to the "Mail Header" when a message is found to be clean and free of viruses and other dangerous content. |
|
Infected Header Value |
|
Default: Found to be infected This is the text that is added to the "Mail Header" when a message is found to be infected with a virus or other dangerous content. |
|
Disinfected Header Value |
|
Default: Disinfected This is the text that is added to the "Mail Header" of a message that is created by MailScanner to contain disinfected documents containing macro viruses that could be completely removed, leaving the original document intact. |
|
Information Header Value |
|
Default: Please contact the ISP for more information This is the text that is added to the "Information Header" of a message that has passed through MailScanner at all. It could be used to provide a URL or contact address for recipients if they have any queries about the messages they have received. If the setting "Information Header" is blank, this message will not be added to the Mail Header. |
|
Multiple Headers |
|
Default: append When a message passes through more than one MailScanner server on your site, they will each try to add their own headers. This option controls what should happen when trying to add a MailScanner header that already exists in the message. Valid options are append (append the new data to the existing header), add (add a new header) and replace (replace the old data with the new data). |
|
Hostname |
|
Default: the MailScanner This is the name of the MailScanner server that is put in messages to users. If you have more than one MailScanner server on your site, you will want to change this on each server so that you can tell them apart. |
|
Sign Messages Already Processed |
|
Default: no If a message has already been processed by another MailScanner server on your site, then the "Inline HTML/Text Signature" is not added to the message again if this option is set. Without it, you will get one signature added for every MailScanner server that processes the message. |
|
Sign Clean Messages |
|
Default: no If this option is set, then the "Inline HTML/Text Signature" will be added to the end of every clean message processed by MailScanner. You can use this to inform the recipient that the message has been checked, and also to add any legal disclaimer or copyright statement you want to add to every message. Using a ruleset for this option, you could very simply set it so that only messages leaving your site are signed, for example. |
|
Mark Infected Messages |
|
Default: yes If this option is set, then the "Inline HTML/Text Warning" is added to the start of every message that is found to be infected or has had attachments removed for any reason. This can be used to guide the recipients to read the infection reports contained in the replacement attachments. |
|
Mark Unscanned Messages |
|
Default: yes If this option is set, then any message which is not scanned by MailScanner gets the "Mail Header" added to it with the string contained in the "Unscanned Header Value" option. This can be used to advertise your MailScanner service to customers/clients who are currently not using it. |
|
Unscanned Header Value |
|
Default: Not scanned: please contact your Internet E−Mail Service Provider for details This supplies the text that is placed in the "Mail Header" of messages that have not been scanned, if the option "Mark Unscanned Messages" is set. It is a useful place to advertise your MailScanner service to new customers/clients. |
|
Deliver Cleaned Messages |
|
Default: yes Once a message has had all viruses and dangerous content removed from it, it will then be delivered to the original recipients if this option is set. If you want the behaviour from previous versions of MailScanner that had the "Deliver From Local Domains" keyword, then you should set this to be a ruleset that only returns "yes" for messages destined for inside your site, and "no" for messages going out of your site. |
|
Notify Senders |
|
Default: yes If this option is set, a message will be sent back to the address that sent each infected message. The text contained in these messages is supplied by the "Sender Reports" described earlier in this document. |
|
Never Notify Senders Of Precedence |
|
Default: list bulk This contains a space−separated list of message "Precedence:" header values. If you receive a nasty message, the sender will not be notified if the "Precedence:" header value appears in this list. This is particularly useful for stopping MailScanner responding to poorly−maintained mailing lists. |
|
Scanned Modify Subject |
|
Default: no # end If this is set to "start" or "end" then the "Scanned Subject Text" is inserted at the start or the end of the Subject: line. This only happens if the Subject: line has not already been modified for any other reason. |
|
Scanned Subject Text |
|
Default: {Scanned} This is the text inserted at the start or the end of the Subject: line if the "Scanned Modify Subject" option above is in effect. |
|
Virus Modify Subject |
|
Default: yes If this is set, then the "Subject:" line of a message that was infected with a virus will have the "Virus Subject Text" text inserted at the start. |
|
Virus Subject Text |
|
Default: {Virus?} This is the text inserted at the start of the "Subject:" line if the "Virus Modify Subject" option is set. |
|
Filename Modify Subject |
|
Default: yes If this is set, then the "Subject:" line of a message that had an attachment with a dangerous filename will have the "Virus Subject Text" text inserted at the start. |
|
Filename Subject Text |
|
Default: yes This is the text inserted at the start of the "Subject:" line if the "Filename Modify Subject" option is set. |
|
Spam Modify Subject |
|
Default: yes If this is set, then the "Subject:" line of a message that was determined to be spam will have the "Spam Subject Text" text inserted at the start. |
|
Spam Subject Text |
|
Default: {Spam?} This is the text inserted at the start of the "Subject:" line if the "Spam Modify Subject" option is set. |
|
High Scroing Spam Modify Subject |
|
Default: yes If this is set, then the "Subject:" line of a message that was determined to be spam, and had a SpamAssassin score greater than the "High SpamAssassin Score" will have the "High Scoring Spam Subject Text" text inserted at the start. |
|
High Scoring Spam Subject Text |
|
Default: {Spam?} This is the text inserted at the start of the "Subject:" line if the "High Scoring Spam Modify Subject" option is set. |
|
Warning Is Attachment |
|
Default: yes When an infected or dangerous attachment is replaced with a text message containing the infection report, should the replacement be an attachment (yes) or should it be included inline in the main text of the message (no). |
|
Attachment Warning Filename |
|
Default: VirusWarning.txt What an infected or dangerous attachment is replaced with a text message containing the infection report, this is the filename of the attachment that appears in the message. |
|
Attachment Encoding Charset |
|
Default: us−ascii This is the name of the encoding character set used for the contents of "VirusWarning.txt" attachments. If your users do not use English as their preferred language, you may want to set this to "ISO−8859−1". |
|
Archive Mail |
|
Default: This option provides a list of directory names and/or email addresses to which all mail should be copied. You will probably want to make this a ruleset so that only mail to/from certain users is archived. Note that there may be severe legal privacy implications of using this option without the prior knowledge of the individuals whose messages you are archiving/copying. |
|
Send Notices |
|
Default: yes Should system administrators listed in the "Notices To" option be notified of every infection found? |
|
Notives Include Full Headers |
|
Default: no If this option is set, then the system administrator notices will include the full headers of every infected message. If this option is set to "no" then only a restricted set of headers is included in the notices. |
|
Hide Incoming Work Dir in Notices |
|
Default: no When this option is set, the full directory in which the virus was found will be removed from report messages sent to administrators. This makes the infection reports a lot easier to understand. It is also very useful if your notices go to your customer sites. |
|
Notice Signature |
|
Default: −− \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info This string is added to the bottom of all system administrator notices, and is intended to be the signature of your MailScanner system. To insert "line−breaks" or "newline" characters, use the sequence 0 |
|
Notices From |
|
Default: MailScanner The visible part of the email address used in the "From:" line of the notices. The <user@domain> part of the email address is set to the "Local Postmaster" setting. |
|
Notices To |
|
Default: postmaster This option provides a list of the addresses to which virus notices should be sent. You may want to set this to be a ruleset, providing different notification addresses for different domains that you administer. |
|
Local Postmaster |
|
Default: postmaster When virus warnings are sent to any users, this is the email address used as the "From:" header in the messages. |
|
Spam List Definitions |
|
Default: /opt/MailScanner/etc/spam.lists.conf This file contains all the definitions of the "Spam Lists" (also known as RBL’s or DNSBL’s) which can be used to try to detect spam based on where each message came from. Many more spam lists can be added to this file, but it contains the most popular ones to get you started. |
|
Virus Scanner Definitions |
|
Default: /opt/MailScanner/etc/virus.scanners.conf This file contains the locations of all the commands that are run for each virus scanner. Check this file before starting MailScanner to make sure it will run the correct command or wrapper script. |
|
Spam Checks |
|
Default: yes If this option is set, messages will be checked to see if they are spam. |
|
Spam List |
|
Default: ORDB−RBL Infinite−Monkeys This provides a space−separated list of "Spam Lists" (or RBL’s or DNSBL’s) which are checked for each message. These lists are based on the numeric IP address of the server that sent the message to your MailScanner server. Every list used here must be defined in the "Spam List Definitions" file mentioned above. |
|
Spam Domain List |
|
Default: This provides a space−separated list of "Spam Lists" (or RBL’s or DNSBL’s) which are checked for each message. These lists are based on the domain name of the sender address of each message. Every list used here must be defined in the "Spam List Definitions" file mentioned above. |
|
Spam List Timeout |
|
Default: 10 This is the number of seconds to wait for each "Spam List" lookup to complete. If the lookup takes longer than this, it is killed and ignored. |
|
Max Spam List Timeouts |
|
Default: 7 If a "Spam List" lookup times out for this many consecutive checks without ever succeeding, then the particular "Spam List" entry will not be used any more, as it appears to be unreachable. When MailScanner restarts itself after a few hours, MailScanner will try to use the entry again, in case service has resumed properly. |
|
Is Definitely Not Spam |
|
Default: /opt/MailScanner/etc/rules/spam.whitelist.rules This option would normally be a ruleset. Any messages for which the ruleset result is "yes" will never be marked as spam. This is used to create a spam "whitelist" of addresses which are never spam. You will probably want to include your own site (or your own site’s IP addresses) in this ruleset. |
|
Is Definitely Spam |
|
Default: no This option would normally be a ruleset. Any messages for which the ruleset result is "yes" will always be marked as spam. This is used to create a spam "blacklist" of addresses of known spammers. |
|
Use SpamAssassin |
|
Default: no Do you want to detect spam using the very good SpamAssassin package?
You must have installed SpamAssassin before using this option, otherwise
MailScanner will not start properly. |
|
Max SpamAssassin Size |
|
Default: 90000 SpamAssassin is quite slow when processing very large messages. To work round this problem, this option provides a maximum size for messages that are processed with SpamAssassin. Most real spam is usually less than about 50,000 bytes per message. |
|
Required Spam Assassin Score |
|
Default: 5 This gives the minimum SpamAssassin score value above which messages are spam. This replaces SpamAssassin’s own "required_hits" value, so that it can be a ruleset and set to different values for different users/domains. |
|
High SpamAssassin Score |
|
Default: 20 Messages with a SpamAssassin score greater than this value are labelled as being "High Scoring Spam", and a different set of "Spam Actions" are applied to messages scoring at least this value. |
|
SpamAssassin Auto Whitelist |
|
Default: no SpamAssassin has a feature which measures the ratio of spam to non−spam originating from different addresses, and will automatically add addresses to its own internal "whitelist" if most of the messages from an address is not spam. This option enables this feature of SpamAssassin. Please read their documentation for more information. |
|
SpamAssassin Prefs File |
|
Default: /opt/MailScanner/etc/spam.assassin.prefs.conf SpamAssassin uses a "user preferences" file which can be used to set the values of various SpamAssassin options. This is the name of that file. Its most useful feature is that the RBL/DNSBL/"Spam List" checks done by SpamAssassin can be disabled as MailScanner already does them and there is little to be gained by doing these checks twice for every message. |
|
SpamAssassin Timeout |
|
Default: 30 This option sets the maximum number of seconds to wait for SpamAssassin to process a message. This is a useful protection against occasional bugs in SpamAssassin that can cause it to take hours to process a single message. |
|
Max SpamAssasin Timeouts |
|
Default: 20 If several consecutive calls to SpamAssassin time out, then MailScanner decides that there is something stopping SpamAssassin from working properly. It will therefore be disabled for the next few hours until MailScanner restarts itself, at which point it will be tried again. |
|
Check SpamAssassin If On Spam List |
|
Default: yes If a message has already triggered any of the "Spam List" checks, the SpamAssassin check will be skipped if this option is set to "no". This can help reduce the load on your server if SpamAssassin checks take a long time for some reason. |
|
Always Include SpamAssasin Report |
|
Default: no If this option is set, then the "Spam Header" will be included in the header of every message, so its presence cannot be used to filter out spam by your users’ e−mail applications. |
|
Spam Score |
|
Default: yes If a message is spam, and this option is set, then a header will be added to the message containing 1 character for each point in the SpamAssassin score. This allows users to choose for themselves the SpamAssassin scores at which they want to do different things with the message, such as file it or delete it. |
|
Spam Actions |
|
Default: deliver This can be any combination of 1 or more of the following keywords, and these actions are applied to any message which is spam. "deliver" − the message is delivered to the recipient as normal "delete" − the message is deleted "store" − the message is stored in the quarantine "bounce" − a rejection message is sent back to the sender "forward" − an email address is supplied, to which the message is forwarded "striphtml" − convert all in−line HTML content in the message to be stripped to plain text, which removes all images and scripts and so can be used to protect your users from offensive spam. Note that using this action on its own does not imply that the message will be delivered, you will need to specify "deliver" or "forward" to actually deliver the message. |
|
High Scoring Spam Actions |
|
Default: deliver This is the same as the "Spam Actions" option above, but it gives the actions to apply to any message whose SpamAssassin score is above the "High Scoring" threshold described above. |
|
Sender Spam Report |
|
Default:
/opt/MailScanner/etc/reports/en/sender.spam.report.txt hen the "bounce" spam action is applied to a message that triggered both a "Spam List" check and SpamAssassin, this file gives the text to put in that message. |
|
Sender Spam List Report |
|
Default:
/opt/MailScanner/etc/reports/en/sender.spam.rbl.report.txt When the "bounce" spam action is applied to a message that triggered a "Spam List" check, this file gives the text to put in that message. |
|
Sender SpamAssassin Report |
|
Default:
/opt/MailScanner/etc/reports/en/sender.spam.sa.report.txt When the "bounce" spam action is applied to a message that triggered SpamAssassin, this file gives the text to put in that message. |
|
Syslog Facility |
|
Default: mail This is the name of the "facility" used by syslogd to log MailScanner’s messages. If this doesn’t mean anything to you, then either leave it alone or else read the "syslogd" man page. |
|
Log Spam |
|
Default: no If this option is set, then every spam message will be logged to syslog. If you get a lot of spam, or your server load is high, you will want to leave this option switched off. But if you are having trouble with spam detection, setting this to "yes" temporarily can provide useful debugging output. |
|
Log Permitted Filenames |
|
Default: no If this option is set, then every attachment filename that passes the "filename rules" checks will be logged to syslog. Normally this is of no interest. But if you are having trouble getting your filename rules correct, setting, this can provide useful debugging output. |
|
Debug |
Default: no |
|
Not for use by normal users. Setting this option to "yes" will put MailScanner into debugging mode, in which it creates slightly more output and will not become a daemon. |
|
Always Looked Up Last |
|
Default: no The value of the option is actually never used, but it is evaluated at the end of processing a batch of messages. It is designed to be used in conjunction with a Custom Function. The Custom Function should then be written to have a "side effect" of doing something useful such as logging lots of information about the batch of messages to a file or an SQL database. |
|
Deliver in Background |
|
Default: yes When attempting delivery of any messages (when the "Delivery Method = batch") the sendmail/Exim command will be run in the background so that MailScanner does not have to wait for the delivery attempt to complete. There are very few good reasons for setting this to "no". |
|
Lockfile Dir |
|
Default: /tmp This is the directory in which lock files are placed to stop the virus scanners used while they are in the middle of updating themselves with new virus definitions. If you change this at all, you will need to edit the "autoupdate" scripts for all your virus scanners. |
|
Lock Type |
|
Do not set this option to anything unless you know exactly what you are doing. For sendmail and Exim, MailScanner will choose the correct value by default. This affects how mail queue files are locked, and your mail will be totally screwed up if you set this option to anything other than the correct value for your MTA. So leave it alone and let MailScanner choose the correct value for you. |
|
Minimum Code Status |
|
Default: supported Some of the virus scanners are not supported by the authors of MailScanner, and they may use code contributed by another user. If this option is set to the wrong value for your virus scanners, then you will get an error message in your maillog (syslog) telling you that it is set wrong and MailScanner will refuse to start. The error message will include the location of a web page describing this option in more detail, and this tells you what value to set this to for each virus scanner that can be used by MailScanner. |
|
Ruleset files should all be put in /opt/MailScanner/etc/rules (FreeBSD: /usr/local/etc/MailScanner/rules) and their filename should end in ".rules" wherever possible. All blank lines are ignored, and comments start with "#" and continue to the end of the line, like this: # This line is just a comment Other than that, every line is a rule and looks like this example: From: john.doe@domain.com yes As you can see, each rule has 3 fields: 1. Direction should be one of the following: |
|
From: |
Matches when the message is from a matching address |
||
|
To: |
Matches when the message is to a matching address |
|
FromOrTo: |
|
Matches when the message is from or to a matching address |
|
FromAndTo: |
|
Matches when the message is from and to a matching address |
|
The syntax of these is very loosely defined. Any word containing "from", any word containing "to", any word containing "from" and "to" (in either order), and any word containing "and" will work just fine. You can put them in upper or lower case, it doesn’t matter. And any additional punctuation will be ignored. This specifies the whether the rule should be matched against the sender’s address (or IP address), or the recipient’s address. 2. The pattern describes what messages should match this rule. Some examples are: user@sub.domain.com # Individual address You should be able to do just about anything with that. 3. The result value is what you could have put in the entry in the main mailscanner.conf file had you not given the filename of a ruleset instead. See the file EXAMPLES for a few ideas on how to do things with this system. |
|
This is held in the filename pointed to by the configuration option Filename rules. It contains a set of rules that are used to judge whether any given file attachment should be accepted or rejected on the basis of its filename, regardless of whether it is found to be virus−infected or not. This can not only be used for draconian measures such as banning all .exe attachments, but it can be used with any Perl regular expression to provide facilities such as detection of attempts at hiding filenames. Many Windows e−mail programs (eg. Microsoft Outlook) hide common file extensions in an attempt to not baffle the user. The result is that while an attachment called "Your Document.doc" is helpfully displayed as "Your Document", a more sinister attachment just as "Looks Safe.txt.pif" will appear simply as "Looks Safe.txt". Many users recognise the .txt filename extension as applying to plain text files, which they know are safe. So even an experienced user may well double−click on this attachment thinking it is just going to start Notepad and display the text file. However, the file is really an MS−Dos shortcut (.pif file) and can execute any arbitrary commands the author wanted: all without any indication to the unwitting user. The rules are matched in order from the top to the bottom of the file, and the first rule containing a matching regular expression is used. Each line of the file is either blank, a comment (in which case it starts with a ’#’ character) or is a rule made up of 4 fields separated by one or more TAB characters: |
|
allow / deny |
|
Accept or reject the attachment if its filename matches the regular expression |
|
regular expression |
|
The rule is executed if the attachment matches this expression. It may optionally be surrounded in ’/’ characters. |
|
log text |
|
If the rule matches, this text is placed in the syslog. If the text is "−", no string is logged. |
|
user text |
|
If the rule matches, this text is placed in the text message sent to the user. If the text is "−", no text is used. |
|
Please have a look at the filename.rules.conf or filename.rules.conf.sample file provided with this distribution/package/port. |
|
MailScanner(1) |