2

amavisd.conf

#################################################################################################################################3

use strict;  # Sample configuration file for amavisd-new (traditional style, chatty, # you may prefer to start with the more concise supplied amavisd.conf) # # This software is licensed under the GNU General Public License (GPL). # See comments at the start of amavisd-new for the whole license text.  #Sections: # Section I    - Essential daemon and MTA settings # Section II   - MTA specific # Section III  - Logging # Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine # Section V    - Per-recipient and per-sender handling, whitelisting, etc. # Section VI   - Resource limits # Section VII  - External programs, virus scanners, SpamAssassin # Section VIII - Debugging # Section IX   - Policy banks (dynamic policy switching)  #GENERAL NOTES: #  This file is a normal Perl code, interpreted by Perl itself. #  - make sure this file (or directory where it resides) is NOT WRITABLE #    by mere mortals (not even vscan/amavis; best to make it owned by root), #    otherwise it can represent a severe security risk! #  - for values which are interpreted as booleans, it is recommended #    to use 1 for true, and 0 or undef or '' for false. #    THIS IS DIFFERENT FROM OLD AMAVIS VERSIONS where "no" also meant false, #    now it means true, like any nonempty string does! #  - Perl syntax applies. Most notably: strings in "" may include variables #    (which start with $ or @); to include characters $ and @ and \ in double #    quoted strings precede them by a backslash; in single-quoted strings #    the $ and @ lose their special meaning, so it is usually easier to use #    single quoted strings (or qw operator) for e-mail addresses. #    In both types of quoting a backslash should to be doubled. #  - variables with names starting with a '@' are lists, the values assigned #    to them should be lists too, e.g. ('one@foo', $mydomain, "three"); #    note the comma-separation and parenthesis. If strings in the list #    do not contain spaces nor variables, a Perl operator qw() may be used #    as a shorthand to split its argument on whitespace and produce a list #    of strings, e.g. qw( one@foo example.com three );  Note that the argument #    to qw is quoted implicitly and no variable interpretation is done within #    (no '$' variable evaluations). The #-initiated comments can NOT be used #    within a string. In other words, $ and # lose their special meaning #    within a qw argument, just like within '...' strings. #  - all e-mail addresses in this file and as used internally by the daemon #    are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. #    Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com #    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'. #  - the term 'default value' in examples below refers to the value of a #    variable pre-assigned to it by the program; any explicit assignment #    to a variable in this configuration file overrides the default value;  # ============================================================================= # Section I - Essential options # =============================================================================  # $MYHOME serves as a quick default for some other configuration settings. # More refined control is available with each individual setting further down. # $MYHOME is not used directly by the program. No trailing slash! $MYHOME = '/home/amavis';   # (default is '/var/amavis')  # $mydomain serves as a quick default for some other configuration settings. # More refined control is available with each individual setting further down. # $mydomain is never used directly by the program. $mydomain = 'akadia.com';      # (no useful default)  # $myhostname = 'host.example.com';  # fqdn of this host, default by uname(3)  # Set the user and group to which the daemon will change if started as root # (otherwise just keeps the UID unchanged, and these settings have no effect): $daemon_user  = 'amavis';   # (no default;  customary: vscan or amavis) $daemon_group = 'amavis';   # (no default;  customary: vscan or amavis or sweep)  # Runtime working directory (cwd), and a place where # temporary directories for unpacking mail are created. # (no trailing slash, may be a scratch file system) # $TEMPBASE = $MYHOME;          # (must be set if other config vars use is) $TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean? $db_home = "$MYHOME/db";    # DB databases directory, default "$MYHOME/db"  # $helpers_home sets environment variable HOME, and is passed as option # 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory # on a normal persistent file system, not a scratch or temporary file system # $helpers_home = $MYHOME;  # (defaults to $MYHOME) $helpers_home = "$MYHOME/var";  # Run the daemon in the specified chroot jail if nonempty: # $daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)  $pid_file  = "$MYHOME/var/amavisd.pid";  # (default is "$MYHOME/amavisd.pid") $lock_file = "$MYHOME/var/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")  # set environment variables if you want (no defaults): $ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory  $enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1  # ============================================================================= # MTA SETTINGS, UNCOMMENT AS APPROPRIATE # ============================================================================= # both $forward_method and $notify_method default to 'smtp:[127.0.0.1]:10025'  # POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4 # (set host and port number as required; host can be specified # as an IP address or a DNS name (A or CNAME, but MX is ignored) $forward_method = 'smtp:[127.0.0.1]:10025';  # where to forward checked mail $notify_method = $forward_method;            # where to submit notifications  # To make it possible for several hosts to share one content checking daemon, # the IP address and/or the port number in $forward_method and $notify_method # may be spacified as an asterisk. An asterisk in the colon-separated # second field (host) will be replaced by the SMTP client peer address, # An asterisk in the third field (tcp port) will be replaced by the incoming # SMTP/LMTP session port number plus one. This obsoletes the previously used # less flexible configuration parameter $relayhost_is_client. An example: #   $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587';   # NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST #       uncomment the appropriate settings below if using other setups!  # SENDMAIL MILTER, using amavis-milter.c helper program: # $forward_method = undef;  # no explicit forwarding, sendmail does it by itself # milter; option -odd is needed to avoid deadlocks # $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}'; # just a thought: can we use use -Am instead of -odd ?  # SENDMAIL (old non-milter setup, as relay, deprecated): # $forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}'; # $notify_method = $forward_method;  # SENDMAIL (old non-milter setup, amavis.c calls local delivery agent, deprecated): # $forward_method = undef;  # no explicit forwarding, amavis.c will call LDA # $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';  # EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead): # $forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}'; # $notify_method = $forward_method;  # prefer to collect mail for forwarding as BSMTP files? # $forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp"; # $notify_method = $forward_method;   # Net::Server pre-forking settings # The $max_servers should match the width of your MTA pipe # feeding amavisd, e.g. with Postfix the 'Max procs' field in the # master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp # $max_servers  =  5;   # number of pre-forked children          (default 2) $max_requests = 20;   # retire a child after that many accepts (default 10)  $child_timeout=5*60;  # abort child if it does not complete each task in                       # approximately n sec (default: 8*60 seconds)  # Here is a QUICK WAY to completely DISABLE some sections of code # that WE DO NOT WANT (it won't even be compiled-in). # For more refined controls leave the following two lines commented out, # and see further down what these two lookup lists really mean. # @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code # @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code # # Any setting can be changed with a new assignment, so make sure # you do not unintentionally override these settings further down!  # Check also the settings of @av_scanners at the end if you want to use # virus scanners. If not, you may want to delete the whole long assignment # to the variable @av_scanners and @av_scanners_backup, which will also # remove the virus checking code (e.g. if you only want to do spam scanning).  # Lookup list of local domains (see README.lookups for syntax details) # # @local_domains_maps list of lookup tables are used in deciding whether a # recipient is local or not, or in other words, if the message is outgoing # or not. This affects inserting spam-related headers for local recipients, # limiting recipient virus notifications (if enabled) to local recipients, # in deciding if address extension may be appended, and in SQL lookups # for non-fqdn addresses. Set it up correctly if you need features # that rely on this setting (or just leave empty otherwise). # # With Postfix (2.0) a quick hint on what local domains normally are: # a union of domains specified in: mydestination, virtual_alias_domains, # virtual_mailbox_domains, and relay_domains.  @local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains  # @local_domains_maps = (); # default is empty list, no recip. considered local # @local_domains_maps =  # using ACL lookup table #   ( [ ".$mydomain", 'sub.example.net', '.example.com' ] ); # @local_domains_maps =  # similar, split list elements on whitespace #   ( [qw( .example.com !host.sub.example.net .sub.example.net )] ); # @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) );   # using regexp # @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash  # ============================================================================= # Section II - Postfix specific (defaults should be ok) # =============================================================================  # $insert_received_line = 1;       # behave like MTA: insert 'Received:' header                       # (does not apply to sendmail/milter)                       # (default is true)  # AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter) #   (used with amavis helper clients like amavis-milter.c and amavis.c, #   NOT needed for Postfix or Exim or dual-sendmail - keep it undefined. # $unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket # $unix_socketname = undef;        # disable listening on a unix socket                                   # (default is undef, i.e. disabled)                                   # (usual setting is $MYHOME/amavisd.sock)  # SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) #   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP) $inet_socket_port = 10024;        # accept SMTP on this local TCP port                                   # (default is undef, i.e. disabled) # multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];  # SMTP SERVER (INPUT) access control # - do not allow free access to the amavisd SMTP port !!! # # when MTA is at the same host, use the following (one or the other or both): $inet_socket_bind = '127.0.0.1';  # limit socket bind to loopback interface                                   # (default is '127.0.0.1') @inet_acl = qw( 127.0.0.1 ::1 );  # allow SMTP access only from localhost IP                                   # (default is qw(127.0.0.1 ::1) )  # when MTA (one or more) is on a different host, use the following: # @inet_acl = qw(127/8 ::1 10.1.0.1 10.1.0.2);  # adjust the list as appropriate # $inet_socket_bind = undef;       # bind to all IP interfaces if undef  # # Example1: # @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 ); # permit only SMTP access from loopback and rfc1918 private address space # # Example2: # @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0 #         127.0.0.1 10/8 172.16/12 192.168/16 ); # matches loopback and rfc1918 private address space except host 192.168.1.12 # and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches) # # Example3: # @inet_acl = qw( 127/8 #         !172.16.3.0   !172.16.3.127 172.16.3.0/25 #         !172.16.3.128 !172.16.3.255 172.16.3.128/25 ); # matches loopback and both halves of the 172.16.3/24 C-class, # split into two subnets, except all four broadcast addresses # for these subnets  # @mynetworks is an IP access list which determines if the original SMTP client # IP address belongs to our internal networks, i.e. mail is coming from inside. # It is much like the Postfix parameter 'mynetworks' in semantics and similar # in syntax, and its value should normally match the Postfix counterpart. # It only affects the value of a macro %l (=sender-is-local), # and the loading of policy 'MYNETS' if present (see below). # Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart) # must be enabled in the Postfix service that feeds amavisd, otherwise # client IP address is not available to amavisd-new. # @mynetworks = qw( 127.0.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );  # default   # See README.lookups for details on specifying access control lists.  # ============================================================================= # Section III - Logging # =============================================================================  # true (e.g. 1) => syslog;  false (e.g. 0) => logging to file $DO_SYSLOG = 1;                  # (defaults to false) $SYSLOG_LEVEL = 'mail.debug';    # (facility.priority, default 'mail.info')  # Log file (if not using syslog) $LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)  #NOTE: levels are not strictly observed and are somewhat arbitrary # 0: startup/exit/failure messages, viruses detected # 1: args passed from client, some more interesting messages # 2: virus scanner output, timing # 3: server, client # 4: decompose parts # 5: more debug details $log_level = 1;       # (defaults to 0)  # Customizable template for the most interesting log file entry (e.g. with # $log_level=0) (take care to properly quote Perl special characters like '\') # For a list of available macros see README.customize .  # $log_templ = undef;        # undef disables by-message level-0 log entries # $log_recip_templ = undef;  # undef disables by-recipient level-0 log entries   # log both infected and noninfected messages (new default):  # $log_templ = ' # [?%#D||Passed # # [? [?%#V|1] |INFECTED (%V)|# # [? [?%#F|1] |BANNED (%F)|# # [? [? %2|1] |SPAM|# # [? [?%#X|1] |BAD-HEADER|CLEAN]]]]# # , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ]<%o> -> [%D|,]# # [? %q ||, quarantine: %i]# # [? %m ||, Message-ID: %m]# # [? %r ||, Resent-Message-ID: %r]# # , Hits: %c# # #, size: %z# # #[? %j ||, Subject: "%j"]# # #[? %#T ||, tests=[%T|,]]# # ] # [?%#O||Blocked # # [? [?%#V|1] |INFECTED (%V)|# # [? [?%#F|1] |BANNED (%F)|# # [? [? %2|1] |SPAM|# # [? [?%#X|1] |BAD-HEADER|CLEAN]]]]# # , [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ]<%o> -> [%O|,]# # [? %q ||, quarantine: %i]# # [? %m ||, Message-ID: %m]# # [? %r ||, Resent-Message-ID: %r]# # , Hits: %c# # #, size: %z# # #[? %j ||, Subject: "%j"]# # #[? %#T ||, tests=[%T|,]]# # ]';  # log template compatible with amavisd-new-20030616-p10: # $log_recip_templ = undef; # $log_templ = ' # [? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], # # <%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';  # # ============================================================================= # Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine # ============================================================================= #  # Select notifications text encoding when Unicode-aware Perl is converting # text from internal character representation to external encoding (charset # in MIME terminology). Used as argument to Perl Encode::encode subroutine. # #   to be used in RFC 2047-encoded header field bodies, e.g. in Subject: # $hdr_encoding = 'iso-8859-1';  # MIME charset (default: 'iso-8859-1') # $hdr_encoding_qb = 'Q';        # MIME encoding: quoted-printable (default) # $hdr_encoding_qb = 'B';        # MIME encoding: base64 # #   to be used in notification body text: its encoding and Content-type.charset # $bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')  # Default template texts for notifications may be overruled by directly # assigning new text to template variables, or by reading template text # from files. A second argument may be specified in a call to read_text(), # specifying character encoding layer to be used when reading from the # external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding. # Text will be converted to internal character representation by Perl 5.8.0 # or later; second argument is ignored otherwise. See PerlIO::encoding, # Encode::PerlIO and perluniintro man pages. # # $notify_sender_templ      = read_text("$MYHOME/notify_sender.txt"); # $notify_virus_sender_templ= read_text("$MYHOME/notify_virus_sender.txt"); # $notify_virus_admin_templ = read_text("$MYHOME/notify_virus_admin.txt"); # $notify_virus_recips_templ= read_text("$MYHOME/notify_virus_recips.txt"); # $notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt"); # $notify_spam_admin_templ  = read_text("$MYHOME/notify_spam_admin.txt");  # If notification template files are collectively available in some directory, # one may call read_l10n_templates which invokes read_text for each known # template. This is primarily a Debian-specific feature, but was incorporated # into base code to facilitate porting. # #   read_l10n_templates('/etc/amavis/en_US'); # # If read_l10n_templates is called, a localization template directory must # contain the following files: #   charset                       this file should contain a one-line name #                                 of the character set used in the template #                                 files (e.g. utf8, iso-8859-2, ...) and is #                                 passed as the second argument to read_text; #   template-dsn.txt              content fills the $notify_sender_templ #   template-virus-sender.txt     content fills the $notify_virus_sender_templ #   template-virus-admin.txt      content fills the $notify_virus_admin_templ #   template-virus-recipient.txt  content fills the $notify_virus_recips_templ #   template-spam-sender.txt      content fills the $notify_spam_sender_templ #   template-spam-admin.txt       content fills the $notify_spam_admin_templ  # Here is an overall picture (sequence of events) of how pieces fit together # #   bypass_virus_checks set for all recipients? ==> PASS #   no viruses?   ==> PASS #   log virus     if $log_templ is nonempty #   quarantine    if $virus_quarantine_to is nonempty #   notify admin  if $virus_admin (lookup) nonempty #   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) #   add address extensions for local recipients (when enabled) #   send (non-)delivery notifications #      to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS)) #   virus_lovers or final_destiny==D_PASS  ==> PASS #   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) # # Equivalent flow diagram applies for spam checks. # If a virus is detected, spam checking is skipped entirely.  # The following symbolic constants can be used in *_destiny settings: # # D_PASS     mail will pass to recipients, regardless of bad contents; # # D_DISCARD  mail will not be delivered to its recipients, sender will NOT be #            notified. Effectively we lose mail (but will be quarantined #            unless disabled). Losing mail is not decent for a mailer, #            but might be desired. # # D_BOUNCE   mail will not be delivered to its recipients, a non-delivery #            notification (bounce) will be sent to the sender by amavisd-new; #            Exception: bounce (DSN) will not be sent if a virus name matches #            $viruses_that_fake_sender_re, or to messages from mailing lists #            (Precedence: bulk|list|junk), or for spam level that exceeds #            the $sa_dsn_cutoff_level. # # D_REJECT   mail will not be delivered to its recipients, sender should #            preferably get a reject, e.g. SMTP permanent reject response #            (e.g. with milter), or non-delivery notification from MTA #            (e.g. Postfix). If this is not possible (e.g. different recipients #            have different tolerances to bad mail contents and not using LMTP) #            amavisd-new sends a bounce by itself (same as D_BOUNCE). #            Not to be used with Postfix or dual-MTA setups! # # Notes: #   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible #            for informing the sender about non-delivery, and how informative #            the notification can be (amavisd-new knows more than MTA); #   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status #            notification, colloquially called 'bounce') - depending on MTA; #            Best suited for sendmail milter, especially for spam. #   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the #            reason for mail non-delivery or even suppress DSN, but unable #            to reject the original SMTP session). Best suited to reporting #            viruses, and for Postfix and other dual-MTA setups, which can't #            reject original client SMTP session, as the mail has already #            been enqueued.  $final_virus_destiny      = D_BOUNCE;  # (defaults to D_DISCARD) $final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE) $final_spam_destiny       = D_BOUNCE;  # (defaults to D_BOUNCE) $final_bad_header_destiny = D_BOUNCE;  # (defaults to D_PASS), D_BOUNCE suggested  # Alternatives to consider for spam: # - use D_PASS if clients will do filtering based on inserted #   mail headers or added address extensions ('plus-addressing'); # - use D_DISCARD, if kill_level is set comfortably high; # # D_BOUNCE is preferred for viruses, but consider: # - use D_PASS (or virus_lovers) to deliver viruses; # - use D_REJECT instead of D_BOUNCE if using milter and under heavy #   virus storm; # # Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped # to D_BOUNCE. # # The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD # and D_PASS made settings $warnvirussender and $warnspamsender only still # marginally useful with D_PASS.  # The following $warn*sender settings are ONLY used when mail is # actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*). # Bounces or rejects produce non-delivery status notification regardless.  # Notify virus sender? # $warnvirussender = 1;  # (defaults to false (undef))  # Notify spam sender? # $warnspamsender = 1;   # (defaults to false (undef))  # Notify sender of banned files? # $warnbannedsender = 1; # (defaults to false (undef))  # Notify sender of syntactically invalid header containing non-ASCII characters? # $warnbadhsender = 1;   # (defaults to false (undef))  # Notify virus (or banned files or bad headers) RECIPIENT? #  (not very useful, but some policies demand it) # $warnvirusrecip = 1;   # (defaults to false (undef)) # $warnbannedrecip = 1;  # (defaults to false (undef)) # $warnbadhrecip = 1;    # (defaults to false (undef))  # Notify also non-local virus/banned recipients if $warn*recip is true? #  (including those not matching local_domains*) # $warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)  # Treat envelope sender address as unreliable and don't send sender # notification / bounces if name(s) of detected virus(es) match the list. # Note that virus names are supplied by external virus scanner(s) and are # not standardized, so virus names may need to be adjusted. # See README.lookups for syntax, check also README.policy-on-notifications # @viruses_that_fake_sender_maps = (new_RE(   qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,   qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,   qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,   qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,   qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan   qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc   [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],   [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],   [qr/.*/ => 1],  # true by default  (remove or comment-out if undesired) ));  # where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address) # - the administrator envelope address may be a simple fixed e-mail address #   (a scalar), or may depend on the RECIPIENT address (e.g. its domain). # #   Empty or undef lookup disables virus admin notifications.  $virus_admin = undef;  # $virus_admin = "martin.zahn\@$mydomain"; # $virus_admin = 'virus-admin@example.com'; # $virus_admin = undef;   # do not send virus admin notifications (default) # # @virus_admin_maps = (    # by-recipient maps #  {'not.example.com' => '', #   '.' => 'virusalert@example.com'}, #  $virus_admin,   # the usual default # );  # equivalent to $virus_admin, but for spam admin notifications:  $spam_admin = undef;  # $spam_admin = "martin.zahn\@$mydomain"; # $spam_admin = undef;    # do not send spam admin notifications (default) # @spam_admin_maps = (     # by-recipient maps #  {'not.example.com' => '', #   '.' => 'spamalert@example.com'}, #  $spam_admin,   # the usual default # );  # advanced example, using a hash lookup table and a scalar default, # lookup key is a recipient envelope address: # @virus_admin_maps = (    # by-recipient maps #  { 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com', #    '.sub1.example.com'  => 'virusalert@sub1.example.com', #    '.sub2.example.com'  => '',               # don't send admin notifications #    'a.sub3.example.com' => 'abuse@sub3.example.com', #    '.sub3.example.com'  => 'virusalert@sub3.example.com', #    '.example.com'       => 'noc@example.com', # default for our virus senders #  }, #  'virusalert@hq.example.com',  # catchall for the rest # );   # sender envelope address, from which notification reports are sent from; # may be a null reverse path, or a fully qualified address: #   (admin and recip sender addresses default to a null return path). #   If using strings in double quotes, don't forget to quote @, i.e. \@ # # $mailfrom_notify_admin     = "martin.zahn\@$mydomain"; # $mailfrom_notify_recip     = "martin.zahn\@$mydomain"; # $mailfrom_notify_spamadmin = "martin.zahn\@$mydomain";  $mailfrom_notify_admin     = undef; $mailfrom_notify_recip     = undef; $mailfrom_notify_spamadmin = undef;  # 'From' HEADER FIELD for sender and admin notifications. # This should be a replyable address, see rfc1894. Not to be confused # with $mailfrom_notify_sender, which is the envelope return address # and can be empty (null reverse path) according to rfc2821. # # The syntax of the 'From' header field is specified in rfc2822, section # '3.4. Address Specification'. Note in particular that display-name must be # a quoted-string if it contains any special characters like spaces and dots. # # $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>"; # $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>'; # $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>'; # $hdrfrom_notify_admin = $mailfrom_notify_admin; # $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin; #   (default: "\"Content-filter at $myhostname\" <postmaster\@$myhostname>")  # whom quarantined messages appear to be sent from (envelope sender); # keeps original sender if undef, or set it explicitly, default is undef $mailfrom_to_quarantine = '';   # override sender address with null return path   # Location to put infected mail into: (applies to 'local:' quarantine method) #   empty for not quarantining, may be a file (Unix-style mailbox), #   or a directory (no trailing slash) #   (the default value is undef, meaning no quarantine) # $QUARANTINEDIR = '/var/virusmails';  # $virus_quarantine_method        = 'local:virus-%i-%n';    # default # $spam_quarantine_method         = 'local:spam-%b-%i-%n';  # default # $banned_files_quarantine_method = 'local:banned-%i-%n';   # default # $bad_header_quarantine_method   = 'local:badh-%i-%n';     # default  # Separate quarantine subdirectories virus, spam, banned and badh within # the directory $QUARANTINEDIR may be specified by the following settings # (the subdirectories need to exist - must be created manually): # $virus_quarantine_method        = 'local:virus/virus-%i-%n'; # $spam_quarantine_method         = 'local:spam/spam-%b-%i-%n'; # $banned_files_quarantine_method = 'local:banned/banned-%i-%n'; # $bad_header_quarantine_method   = 'local:badh/badh-%i-%n';  # # use the 'bsmtp:' method as an alternative to the default 'local:' # $virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp"; # $spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";  # When using the 'local:' quarantine method (default), the following applies: # # A finer control of quarantining is available through # variables $virus_quarantine_method/$spam_quarantine_method/ # $banned_files_quarantine_method/$bad_header_quarantine_method. # # The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a # per-recipient lookup result from lookup tables @virus_quarantine_to_maps) # is/are interpreted as follows: # # VARIANT 1: #   empty or undef disables quarantine; # # VARIANT 2: #   a string NOT containing an '@'; # amavisd will behave as a local delivery agent (LDA) and will quarantine # viruses to local files according to hash %local_delivery_aliases (pseudo # aliases map) - see subroutine mail_to_local_mailbox() for details. # Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'. # Setting $virus_quarantine_to ($spam_quarantine_to) to this string will: # # * if $QUARANTINEDIR is a directory, each quarantined virus will go #   to a separate file in the $QUARANTINEDIR directory (traditional #   amavis style, similar to maildir mailbox format); # # * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style #   mailbox. All quarantined messages will be appended to this file. #   Amavisd child process must obtain an exclusive lock on the file during #   delivery, so this may be less efficient than using individual files #   or forwarding to MTA, and it may not work across NFS or other non-local #   file systems (but may be handy for pickup of quarantined files via IMAP #   for example); # # VARIANT 3: #   any email address (must contain '@'). # The e-mail messages to be quarantined will be handed to MTA # for delivery to the specified address. If a recipient address local to MTA # is desired, you may leave the domain part empty, e.g. 'infected@', but the # '@' character must nevertheless be included to distinguish it from variant 2. # # This variant enables more refined delivery control made available by MTA # (e.g. its aliases file, other local delivery agents, dealing with # privileges and file locking when delivering to user's mailbox, nonlocal # delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined # will not be handed back to amavisd for checking, as this will cause a loop # (hopefully broken at some stage)! If this can be assured, notifications # will benefit too from not being unnecessarily virus-scanned. # # By default this is safe to do with Postfix and Exim v4 and dual-sendmail # setup, but probably not safe with sendmail milter interface without tricks.  # (default values are: virus-quarantine, banned-quarantine, spam-quarantine)  # $virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine # $virus_quarantine_to = 'infected@';           # forward to MTA for delivery # $virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar # $virus_quarantine_to = 'virus-quarantine@example.com';  # similar  $virus_quarantine_to = undef;                 # no quarantine  # # lookup key is envelope recipient address: # @virus_quarantine_to_maps = (   # per-recip multiple quarantines #  new_RE( [qr'^user@example\.com$'i => 'infected@'], #          [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'], #          [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'] ), #  $virus_quarantine_to,  # the usual default # );  # similar for banned names and bad headers and spam (set to undef to disable) $banned_quarantine_to     = 'banned-quarantine';     # local quarantine $bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine $spam_quarantine_to       = 'spam-quarantine';       # local quarantine  # or to a mailbox or no quarantine # $banned_quarantine_to     = "martin.zahn\@$mydomain"; # $bad_header_quarantine_to = "martin.zahn\@$mydomain"; # $spam_quarantine_to       = "martin.zahn\@$mydomain";  $banned_quarantine_to     = undef; $bad_header_quarantine_to = undef; $spam_quarantine_to       = undef;  # @spam_quarantine_to_maps = (    # per-recip multiple quarantines #  new_RE( [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'] ), #  $spam_quarantine_to,  # the usual default # );   # In addition to per-recip quarantine, a by-sender lookup is possible. # It is similar to $spam_quarantine_to, but the lookup key is the # envelope sender address: # $spam_quarantine_bysender_to = undef;   # dflt: no by-sender spam quarantine   # Add X-Virus-Scanned header field to mail?  $X_HEADER_TAG = 'X-Virus-Scanned';  # (default: 'X-Virus-Scanned')  # Set to empty to add no header field   # (dflt "$myproduct_name at $mydomain") # $X_HEADER_LINE = "$myproduct_name at $mydomain"; # $X_HEADER_LINE = "by $myproduct_name using ClamAV at $mydomain"; # $X_HEADER_LINE = "$myproduct_name $myversion_id ($myversion_date) at $mydomain";  # a string to prepend to Subject (for local recipients only) if mail could # not be decoded or checked entirely, e.g. due to password-protected archives $undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it  # MIME defanging wraps the entire original mail in a MIME container of type # 'Content-type: multipart/mixed', where the first part is a text/plain with # a short explanation, and the second part is a complete original mail, # enclosed in a 'Content-type: message/rfc822' MIME part. # Defanging is only done when enabled (selectively by malware type), # and mail is considered malware (virus/spam/...), and the malware is allowed # to pass (*_lovers or *_destiny=D_PASS) # $defang_virus  = 1;  # default is false: don't modify mail body $defang_banned = 1;  # default is false: don't modify mail body # $defang_bad_header     = 1;  # default is false: don't modify mail body # $defang_undecipherable = 1;  # default is false: don't modify mail body # $defang_spam = 1;  # default is false: don't modify mail body  $remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone #$remove_existing_x_scanned_headers= 1; # remove existing headers                     # (defaults to false) #$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone $remove_existing_spam_headers  = 1;     # remove existing spam headers if                     # spam scanning is enabled (default)  # set $bypass_decode_parts to true if you only do spam scanning, or if you # have a good virus scanner that can deal with compression and recursively # unpacking archives by itself, and save amavisd the trouble. # Disabling decoding also causes banned_files checking to only see # MIME names and MIME content types, not the content classification types # as provided by the file(1) utility. # It is a double-edged sword, make sure you know what you are doing! # #$bypass_decode_parts = 1;      # (defaults to false)  # don't trust this file type or corresponding unpacker for this file type, # keep both the original and the unpacked file for a virus checker to see # (lookup key is what file(1) utility returned): # @keep_decoded_original_maps = (new_RE( # qr'^MAIL$',   # retain full original message for virus checking (can be slow)   qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables   qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data',      # don't trust Archive::Zip ));   # Checking for banned MIME types and names. If any mail part matches, # the whole mail is rejected. Object $banned_filename_re provides a list # of Perl regular expressions to be matched against each part's: # #  * Content-Type value (both declared and effective mime-type), #    such as the possible security-risk content types #    'message/partial' and 'message/external-body', as specified in rfc2046, #    or 'application/x-msdownload' and 'application/x-msdos-program'; # #  * declared (recommended) file names as specified by MIME subfields #    Content-Disposition.filename and Content-Type.name, both in their #    raw (encoded) form and in rfc2047-decoded form if applicable #    as well as (recommended) file names specified in archives; # #  * file content type as guessed by 'file(1)' utility, mapped #    (by @map_full_type_to_short_type_maps) into short type names such as #    .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always #    starts with a dot. These short types are available unless #    $bypass_decode_parts is true. # # All nodes (mail parts) of the fully recursively decoded mail and embedded # archives are checked, each node independently from remaining nodes. # # For each node all its ancestor nodes including itself are checked against # $banned_filename_re lookup list, top-down. The search for a node stops # at the first match, the right-hand side of the matching key determines # the result (true or false, absent right-hand side implies true, as explained # in README.lookups). # # Although repeatedly re-checking ancestor nodes may seem excessive, it gives # the opportunity to specify rules which make a particular node hide its # descendents, e.g. allow any name or file type within a .zip, even though # .exe files may otherwise not be allowed. # # Leave $banned_filename_re undefined to disable these checks # (giving an empty list to new_RE() will also always return false)  $banned_filename_re = new_RE( # qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components    # block certain double extensions anywhere in the base name   qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,  # qr'[{}]',      # curly braces in names (serve as Class ID extensions - CLSID)    qr'^application/x-msdownload$'i,                  # block these MIME types   qr'^application/x-msdos-program$'i,   qr'^application/hta$'i,  # qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types  # [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any type in Unix-compressed   [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any type in Unix archives # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any type within such archives    qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|exe|fxp|hlp|hta|inf|ins|isp| #        js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg| #        reg|scr|sct|shb|shs|vb|vbe|vbs|wsc|wsf|wsh)$'ix,  # banned ext - long  # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.    qr'^\.(exe-ms)$',                       # banned file(1) types # qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types ); # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 # and http://www.cknow.com/vtutor/vtextensions.htm  # A little trick: a pattern qr'\.exe$' matches both a short type name '.exe', # as well as any file name which happens to end with .exe. If only matching # a file name is desired, but not the short type, a pattern qr'.\.exe$'i # or similar may be used, which requires that at least one character precedes # the '.exe', and so it will never match short file types which always start # with a dot.   # the syntax of these Perl regular expressions is a bit awkward if not # familiar with them, so please do follow examples and stick to the idioms: #   \A        ... at the beginning of the first component #   \z        ... at the end of the the last (leaf) component #   ^         ... at the beginning of each component in the path #   $         ... at the end of each component in the path #   (.*\t)?   ... at the beginning of a field #   (\t.*)?   ... at the end of a field #   \t(.*\t)* ... separating fields #   [^\t\n]   ... any single character, but don't escape from this field #   (.*\n)+   ... one or more levels down #   (?#...)   ... a comment within a regexp  # new-style of banned lookup table $banned_namepath_re = new_RE(    # block these MIME types   qr'(?#NO X-MSDOWNLOAD)   ^(.*\t)? M=application/x-msdownload   (\t.*)? $'xmi,   qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,   qr'(?#NO HTA)            ^(.*\t)? M=application/hta            (\t.*)? $'xmi,  # # block rfc2046 MIME types # qr'(?# BLOCK RFC2046 ) #    ^ (.*\t)? M=message/(partial|external-body) (\t.*)? $'xmi,  # # within traditional Unix compressions allow any name and type # [ qr'(?#rule-3) ^ (.*\t)? T=(Z|gz|bz2)     (\t.*)? $'xmi => 0 ],  # allow    # within traditional Unix archives allow any name and type   [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ],  # allow  # # block anything within a zip # qr'(?#rule-5) ^ (.*\t)? T=zip (\t.*)? (.*\n)+ .* $'xmi,    # block certain double extensions in filenames   qr'(?# BLOCK DOUBLE-EXTENSIONS )      ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* \.                   (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,  # # block curly braces (used in Class ID (CLSID) extensions) in filenames # qr'(?# BLOCK CLSID-EXTENSIONS ) #    ^ (.*\t)? N= [^\t\n]* [{}] [^\t\n]* (\t.*)? $'xmi,  # # banned declared names with three or more consecutive spaces # qr'(?# BLOCK NAMES WITH SPACES ) #    ^ (.*\t)? N= [^\t\n]*  [ ]{3,} 'xmi,  # # within PC archives allow any types or names at any depth # [ qr'(?#rule-7) ^ (.*\t)? T=(zip|rar|arc|arj|zoo) (\t.*)? $'xmi => 0 ],  # ok  # # within certain archives allow leaf members at any depth if crypted # [ qr'(?# ALLOW ENCRYPTED ) #      ^ (.*\t)? T=(zip|rar|arj) (.*\n)+ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],  # # allow crypted leaf members regardless of their name or type # [ qr'(?# ALLOW IF ENCRYPTED )    ^ (.*\t)? A=C (\t.*)? \z'xmi => 0 ],  # # block if any component can not be decoded (is encrypted or bad archive) # qr'(?# BLOCK IF UNDECIPHERABLE ) ^ (.*\t)? A=U (\t.*)? \z'xmi,  # [ qr'(?# SPECIAL ALLOWANCES - MAGIC NAMES) #      \A (.*\t)? T=(rpm|cpio|tar|zip|rar|arc|arj|zoo|Z|gz|bz2) #         \t(.*\t)* N=example\d+[^\t\n]* #         (\t.*)? $'xmi => 0 ],    # banned filename extensions (in declared names) anywhere - basic   qr'(?# BLOCK COMMON NAME EXENSIONS )      ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,  # # banned filename extensions (in declared names) anywhere - long # qr'(?# BLOCK MORE NAME EXTENSIONS ) #    ^ (.*\t)? N= [^\t\n]* \. ( #    ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|exe|fxp|hlp|hta|inf|ins|isp| #    js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg| #    reg|scr|sct|shb|shs|vb|vbe|vbs|wsc|wsf|wsh) (\t.*)? $'xmi,  # # banned filename extensions anywhere - WinZip vulnerability (pre-V9) # qr'(?# BLOCK WinZip VULNERABILITY EXENSIONS ) #    ^ (.*\t)? N= [^\t\n]* \. (mim|b64|bhx|hqx|xxe|uu|uue) (\t.*)? $'xmi,    [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )        ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi     => 'DISCARD' ],  # [ qr'(?# BLOCK EMPTY MIME PARTS ) #      ^ (.*\t)? M= [^\t\n]+ \t(.*\t)* T=empty (\t.*)? $'xmi => 'DISCARD' ],    qr'(?# BLOCK Microsoft EXECUTABLES )      ^ (.*\t)? T=exe-ms (\t.*)? $'xm,              # banned file(1) type  # qr'(?# BLOCK ANY EXECUTABLE ) #    ^ (.*\t)? T=exe (\t.*)? $'xm,                 # banned file(1) type  # qr'(?# BLOCK THESE TYPES ) #    ^ (.*\t)? T=(exe|lha|tnef|cab|dll) (\t.*)? $'xm,  # banned file(1) types  );  # use old or new style of banned lookup table; not both to avoid confusion # # @banned_filename_maps = ();   # to disable old-style   $banned_namepath_re = undef;  # to disable new-style  # # ============================================================================= # Section V - Per-recipient and per-sender handling, whitelisting, etc. # ============================================================================= #  # @virus_lovers_maps list of lookup tables: #   (this should be considered a policy option, is does not disable checks, #   see bypass*checks for that!) # # Exclude certain RECIPIENTS from virus filtering by adding their (lower-cased) # envelope e-mail address (or domain only) to one of the lookup tables in # the @virus_lovers_maps list - see README.lookups and examples. # Make sure the appropriate form (e.g. external/internal) of address # is used in case of virtual domains, or when mapping external to internal # addresses, etc. - this is MTA-specific. # # Notifications would still be generated however (see the overall # picture above), and infected mail (if passed) gets additional header: #   X-AMaViS-Alert: INFECTED, message contains virus: ... # (header not inserted with milter interface!) # # NOTE (milter interface only): in case of multiple recipients, # it is only possible to drop or accept the message in its entirety - for all # recipients. If all of them are virus lovers, we'll accept mail, but if # at least one recipient is not a virus lover, we'll discard the message.   # @bypass_virus_checks_maps list of lookup tables: #   (this is mainly a time-saving option, unlike virus_lovers* !) # # Similar in concept to @virus_lovers_maps, a @bypass_virus_checks_maps # is used to skip entirely the decoding, unpacking and virus checking, # but only if ALL recipients match the lookup. # # @bypass_virus_checks_maps does NOT GUARANTEE the message will NOT be checked # for viruses - this may still happen when there is more than one recipient # for a message and not all of them match these lookup tables, or when # check result was cached (i.e. the same contents was recently sent to other # recipients). To guarantee virus delivery, a recipient must also match # @virus_lovers_maps lookups (but see milter limitations above),  # NOTE: it would not be clever to base enabling of virus checks on SENDER # address, since there are no guarantees that it is genuine. Many viruses # and spam messages fake sender address. To achieve selective filtering # based on the source of the mail (e.g. IP address, MTA port number, ...), # use mechanisms provided by MTA if available, possibly combined with policy # banks feature.  # Similar to lists of lookup tables controlling virus checking, there are # counterparts for spam scanning, banned names/types, and headers_checks # control: #   @spam_lovers_maps, #   @banned_files_lovers_maps, #   @bad_header_lovers_maps # and: #   @bypass_spam_checks_maps, #   @bypass_banned_checks_maps, #   @bypass_header_checks_maps  # Example: #   @bypass_header_checks_maps = ( [qw( user@example.com )] ); #   @bad_header_lovers_maps    = ( [qw( user@example.com )] );  # The following example disables spam checking altogether, # since it matches any recipient e-mail address. #   @bypass_spam_checks_maps = (1);   # See README.lookups for further detail, and examples below.  # In the following example a list of lookup tables @virus_lovers_maps # contains three elements, the first is a reference to an ACL lookup table # (brackets in Perl indicate a ref to a list), the second is a reference # to a hash lookup table (curly braces in Perl indicate a ref to a hash), # the third is a regexp lookup table, indicated by the type of object # created by new_RE() : # #@virus_lovers_maps = ( # [ qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org ) ], # { "postmaster\@$mydomain" => 1, # double quotes permit variable evaluation #   'postmaster@example.com'=> 1, # in single quotes the '@' need not be quoted #   'abuse@example.com'=> 1, #   'some.user@'       => 1,  # this recipient, regardless of domain #   'boss@example.com' => 0,  # never, even if domain matches #   'example.com'      => 1,  # this domain, but not its subdomains #   '.example.com'     => 1,  # this domain, including its subdomains # }, # new_RE( qr'^(helpdesk|postmaster)@example\.com$'i ), #);  #@spam_lovers_maps = ( # ["postmaster\@$mydomain", 'postmaster@example.com', 'abuse@example.com'], #);  #@bad_header_lovers_maps = ( # ["postmaster\@", "abuse\@$mydomain"], #);  # to save some typing of quotes and commas, a Perl operator qw can be used # to split its argument on whitespace and to quote resulting elements: #@bypass_spam_checks_maps = ( #  [ qw( some.ddd !butnot.example.com .example.com ) ], #);   # don't run spam check for these RECIPIENT domains: #   @bypass_spam_checks_maps = ( [qw( d1.com .d2.com a.d3.com )] ); # or the other way around (bypass check for all BUT these): #   @bypass_spam_checks_maps = ( [qw( !d1.com !.d2.com !a.d3.com . )] ); # a practical application: don't check outgoing mail for spam: #   @bypass_spam_checks_maps = ( [ "!.$mydomain", "." ] ); # (a downside of which is that such mail will not count as ham in SA bayes db) # # Note that 'outgoing' is not the same as 'originating from inside'. # The internal-to-internal mail is not outgoing, but is originating from # inside. To base rules on 'originating from inside', the use of policy bank # MYNETS is needed, in conjunction with XFORWARD Postfix extension to SMTP.  # Where to find SQL server(s) and database to support SQL lookups? # A list of triples: (dsn,user,passw).   (dsn = data source name) # More than one entry may be specified for multiple (backup) SQL servers. # See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details. # When chroot-ed, accessing SQL server over inet socket may be more convenient. # # @lookup_sql_dsn = #   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], #     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] ); # # ('mail' in the example is the database name, choose what you like) # With PostgreSQL the dsn (first element of the triple) may look like: #      'DBI:Pg:host=host1;dbname=mail'  # The SQL select clause to fetch per-recipient policy settings. # The %k will be replaced by a comma-separated list of query addresses # (e.g. full address, domain only (stripped level by level), and a catchall). # Use ORDER if there is a chance that multiple records will match - the first # match wins. If field names are not unique (e.g. 'id'), the later field # overwrites the earlier in a hash returned by lookup, which is why we use # '*,users.id' instead of just '*'. No need to uncomment the following # assignment if the default is ok. #   $sql_select_policy = 'SELECT *,users.id FROM users,policy'. #     ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'. #     ' ORDER BY users.priority DESC'; # # The SQL select clause to check sender in per-recipient whitelist/blacklist # The first SELECT argument '?' will be users.id from recipient SQL lookup, # the %k will be sender addresses (e.g. full address, domain only, catchall). # The default value is: #   $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'. #     ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'. #     '   AND (mailaddr.email IN (%k))'. #     ' ORDER BY mailaddr.priority DESC'; # # To disable SQL white/black list, set to undef (otherwise comment-out # the following statement, leaving it at the default value): $sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting   # If passing malware to certain recipients ($final_*_destiny=D_PASS or # *_lovers), the recipient-based lookup tables @addr_extension_*_maps may # return a string, which (if nonempty) will be added as an address extension # to the local-part of the recipient's address. This extension may be used # by the final local delivery agent (LDA) to place such mail into different # subfolders (the extension is usually interpreted as a folder name). # This is sometimes known as the 'plus addressing'. Appending address # extensions is prevented when: # - recipient does not match lookup tables @local_domains_maps; # - lookup into corresponding @addr_extension_*_maps results #   in an empty string or undef; # - $recipient_delimiter is empty (see below) # LDAs usually default to stripping away address extension if no special # handling is specified or if a named subfolder or alias does not exist, # so adding address extensions normally does no harm.  # @addr_extension_virus_maps  = ('virus');     # defaults to empty # @addr_extension_spam_maps   = ('spam');      # defaults to empty # @addr_extension_banned_maps = ('banned');    # defaults to empty # @addr_extension_bad_header_maps = ('badh');  # defaults to empty # # A more complex example: # @addr_extension_virus_maps = ( #   {'sub.example.com'=>'infected', '.example.com'=>'filtered'}, 'virus' );  # Delimiter between local part of the envelope recipient address and address # extension (which can optionally be added, see @addr_extension_*_maps. E.g. # recipient address <user@example.com> is changed to <user+virus@example.com>. # # Delimiter must match the equivalent (final) MTA delimiter setting. # (e.g. for Postfix add 'recipient_delimiter = +' to main.cf) # Setting it to an empty string or to undef disables adding extensions # regardless of $addr_extension_*_maps.  # $recipient_delimiter = '+';       # (default is undef, i.e. disabled)  # true: replace extension;  false: append extension # $replace_existing_extension = 1;  # (default is false)  # Affects matching of localpart of e-mail addresses (left of '@') # in lookups: true = case sensitive, false = case insensitive $localpart_is_case_sensitive = 0;   # (default is false)   # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING  # Instead of hard black- or whitelisting, a softer approach is to add # score points (penalties) to the SA score for mail from certain senders. # Positive points lean towards blacklisting, negative towards whitelisting. # This is much like adding SA rules or using its white/blacklisting, except # that here only envelope sender addresses are considered (not addresses # in a mail header), and that score points can be assigned per-recipient # (or globally), and the assigned penalties are customarily much lower # than the default SA white/blacklisting score. # # The table structure is similar to $per_recip_blacklist_sender_lookup_tables # i.e. the first level key is recipient, pointing to by-sender lookup tables. # The essential difference is that scores from _all_ matching by-recipient # lookups (not just the first that matches) are summed to give the final # score boost. That means that both the site and domain administrators, # as well as the recipient can have a say on the final score. # # NOTE: keep hash keys in lowercase, either manually or by using function lc  @score_sender_maps = ({  # a by-recipient hash lookup table  # # per-recipient personal tables  (NOTE: positive: black, negative: white) # 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}], # 'user3@example.com'  => [{'.ebay.com'                 => -3.0}], # 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0, #                           '.cleargreen.com'           => -5.0}],    # site-wide opinions about senders (the '.' matches any recipient)   '.' => [  # the _first_ matching sender determines the score boost     new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist     [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],     [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],     [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],     [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],     [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],     [qr'^(your_friend|greatoffers)@'i                                => 5.0],     [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],    ),  #  read_hash("/var/amavis/sender_scores_sitewide"),     { # a hash-type lookup table (associative array)      'nobody@cert.org'                        => -3.0,      'cert-advisory@us-cert.gov'              => -3.0,      'owner-alert@iss.net'                    => -3.0,      'slashdot@slashdot.org'                  => -3.0,      'bugtraq@securityfocus.com'              => -3.0,      'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,      'security-alerts@linuxsecurity.com'      => -3.0,      'mailman-announce-admin@python.org'      => -3.0,      'amavis-user-admin@lists.sourceforge.net'=> -3.0,      'notification-return@lists.sophos.com'   => -3.0,      'owner-postfix-users@postfix.org'        => -3.0,      'owner-postfix-announce@postfix.org'     => -3.0,      'owner-sendmail-announce@lists.sendmail.org'   => -3.0,      'sendmail-announce-request@lists.sendmail.org' => -3.0,      'donotreply@sendmail.org'                => -3.0,      'ca+envelope@sendmail.org'               => -3.0,      'noreply@freshmeat.net'                  => -3.0,      'owner-technews@postel.acm.org'          => -3.0,      'ietf-123-owner@loki.ietf.org'           => -3.0,      'cvs-commits-list-admin@gnome.org'       => -3.0,      'rt-users-admin@lists.fsck.com'          => -3.0,      'clp-request@comp.nus.edu.sg'            => -3.0,      'surveys-errors@lists.nua.ie'            => -3.0,      'emailnews@genomeweb.com'                => -5.0,      'yahoo-dev-null@yahoo-inc.com'           => -3.0,      'returns.groups.yahoo.com'               => -3.0,      'clusternews@linuxnetworx.com'           => -3.0,      lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,      lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,       # soft-blacklisting (positive score)      'sender@example.net'                     =>  3.0,      '.example.net'                           =>  1.0,     },   ],  # end of site-wide tables });   # ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT) # (affects spam checking only, has no effect on virus and other checks)  # WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted # senders even if the message would be recognized as spam. Effectively, for # the specified senders, message recipients temporarily become 'spam_lovers'. # To avoid surprises, whitelisted sender also suppresses inserting/editing # the tag2-level header fields (X-Spam-*, Subject), appending spam address # extension, and quarantining. # # BLACKLISTING: messages from specified SENDERS are DECLARED SPAM. # Effectively, for messages from blacklisted envelope sender addresses, spam # level is artificially pushed high, and the normal spam processing applies, # resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual # reactions to spam, including possible rejection. If the message nevertheless # still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED # in the 'X-Spam-Status' header field, but the reported spam value and # set of tests in this report header field (if available from SpamAssassin, # which may or may not have been called) is not adjusted. # # A sender may be both white- and blacklisted at the same time, settings # are independent. For example, being both white- and blacklisted, message # is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No; # X-Spam-Status: No, ...), but the reported spam level (if computed) may # still indicate high spam score. # # If ALL recipients of the message either white- or blacklist the sender, # spam scanning (calling the SpamAssassin) is bypassed, saving on time. # # The following variables (lists of lookup tables) are available, # with the semantics and syntax as specified in README.lookups: # @whitelist_sender_maps, @blacklist_sender_maps  # SOME EXAMPLES: # #ACL: # @whitelist_sender_maps = ( ['.example.org', '.example.net'] ); # @whitelist_sender_maps = ( [qw(.example.org  .example.net)] );  # same thing # # @whitelist_sender_maps = ( [".$mydomain"] );  # $mydomain and its subdomains # NOTE: This is not a reliable way of turning off spam checks for #   locally-originating mail, as sender address can easily be faked. #   To reliably avoid spam-scanning outgoing mail, use @bypass_spam_checks_maps #   for nonlocal recipients. To reliably avoid spam scanning for locally #   originating mail (including internal-to-internal mail), recognized by #   the original SMTP client IP address matching @mynetworks, use policy bank #   MYNETS, adjust @mynetworks, and turn on XFORWARD in the Postfix smtp client #   service feeding amavisd.  #with regexps: @whitelist_sender_maps = ( new_RE(    qr'.*@akadia.com$'i,    qr'.*@swisscom\.com$'i,    qr'.*@sicap\.com$'i,    qr'.*@glue\.ch$'i,    qr'.*@\.*\.admin\.ch$'i ));   # illustrates the use of regexp lookup table:  @blacklist_sender_maps = ( new_RE(    qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,    qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,    qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,    qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,    qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,    qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,    qr'.*@yahoo\.com$'i,    qr'.*@hotmail\.com$'i,    qr'.*@comfind\.com$'i,    qr'.*@b2bnowmembers\.com$'i,    qr'.*@aral\.net$'i,    qr'.*@nowcon\.com$'i,    qr'.*@uole\.com$'i,    qr'.*@mail\.com$'i,    qr'.*@microware\.ch$'i,    qr'.*@stsmarketing\.ch$'i,    qr'.*@wstore\.com$'i,    qr'.*@oracleeblast\.com$'i,    qr'.*@boss\.com$'i,    qr'.*@issihk\.net$'i,    qr'.*@draexlmaier\.de$'i,    qr'.*@ebay\.com$'i,    qr'.*@qualitylaser\.com$'i,    qr'.*@transitchicago\.com$'i,    qr'.*@homeeshopping\.com$'i,    qr'.*@alltel\.net$'i,    qr'.*@ntlworld\.com$'i,    qr'.*@jpberlin\.de$'i,    qr'.*@iwantspecialdeals\.com$'i,    qr'.*@juno\.com$'i,    qr'.*@exotissimo\.com$'i,    qr'.*@5pillars\.com$'i,    qr'.*@notmydesk\.com$'i,    qr'.*@3rivers\.net$'i,    qr'.*@2die4\.com$'i,    qr'.*@free\.fr$'i,    qr'.*@toto\.com$'i,    qr'.*@klopapier\.net$'i,    qr'.*@netscape\.net$'i,    qr'.*@inforush\.biz$'i,    qr'.*@mail4him\.com$'i,    qr'.*@mail4her\.com$'i,    qr'.*@onthenet\.com\.au$'i,    qr'.*@ihug\.com\.au$'i,    qr'.*@public\.bta\.net\.cn$'i,    qr'.*@4hismail\.com$'i,    qr'.*@4hermail\.com$'i,    qr'.*@ciudad\.com\.ar$'i,    qr'.*@keromail\.com$'i,    qr'.*@webtopmail\.com$'i,    qr'.*@financeland\.com\.br$'i,    qr'.*@yahoo\.co\.uk$'i,    qr'.*@Nationwide\.com$'i,    qr'.*@web2mail\.com$'i,    qr'.*@utopia\.com$'i,    qr'.*@adelphia\.net$'i,    qr'.*@mailcity\.com$'i,    qr'.*@teleauskunft\.de$'i,    qr'.*@gunji\.co\.kr$'i,    qr'.*@winning\.com$'i,    qr'.*@gate\.net$'i,    qr'.*@qis\.net$'i,    qr'.*@gmx\.at$'i,    qr'.*@123box\.co\.uk$'i,    qr'.*@link\.net$'i,    qr'.*@bestnet\.net$'i,    qr'.*@samerica\.com$'i,    qr'.*@mshri\.on\.ca$'i,    qr'.*@optinet\.de$'i,    qr'.*@mailpike\.net$'i,    qr'.*@gte\.net$'i,    qr'.*@aol\.com$'i,    qr'.*@athenet\.net$'i,    qr'.*@business-man\.com$'i,    qr'.*@dbzmail\.com$'i,    qr'.*@mail2amazing\.com$'i,    qr'.*@cruzio\.com$'i,    qr'.*@bigfoot\.com$'i,    qr'.*@financetotal\.com\.br$'i,    qr'.*@sex\.com$'i,    qr'.*@freeweb\.org$'i,    qr'.*@lemonde\.fr$'i,    qr'.*@bildata\.se$'i,    qr'.*@erols\.com$'i,    qr'.*@msn\.com$'i,    qr'.*@whale-mail\.com$'i,    qr'.*@carioca\.net$'i,    qr'.*@freemail\.hu$'i,    qr'.*@cicciociccio\.org$'i,    qr'.*@mypersonalemail\.com$'i,    qr'.*@kittymail\.com$'i,    qr'.*@email\.com$'i,    qr'.*@yahoo\.com\.hk$'i,    qr'.*@singles4jesus\.com$'i,    qr'.*@cox\.net$'i,    qr'.*@china\.com$'i,    qr'.*@onlinehome\.de$'i,    qr'.*@theglobe\.com$'i,    qr'.*@telegraaf\.nl$'i,    qr'.*@jamesoff\.net$'i,    qr'.*@doramail\.com$'i,    qr'.*@amuro\.net$'i,    qr'.*@terra\.es$'i,    qr'.*@advalvas\.be$'i,    qr'.*@sinnfein\.ie$'i,    qr'.*@www\.cn\.nctu\.edu\.tw$'i,    qr'.*@address\.com$'i,    qr'.*@sunnygirl\.net$'i,    qr'.*@au\.ru$'i,    qr'.*@wuerzburg\.de$'i,    qr'.*@online\.nsk\.su$'i,    qr'.*@rr\.com$'i,    qr'.*@oricom\.ca$'i,    qr'.*@hongkong\.com$'i,    qr'.*@boardermail\.com$'i,    qr'.*@scientist\.com$'i,    qr'.*@worldonline\.de$'i,    qr'.*@yahoo\.ca$'i,    qr'.*@yahoo\.fr$'i,    qr'.*@Korea\.com$'i,    qr'.*@fastermail\.com$'i,    qr'.*@glay\.org$'i,    qr'.*@web\.de$'i,    qr'.*@cas\.honeywell\.com$'i,    qr'.*@icqmail\.com$'i,    qr'.*@zaobao\.com$'i,    qr'.*@pekklemail\.com$'i,    qr'.*@pacbell\.net$'i,    qr'.*@tutopia\.com$'i,    qr'.*@caramail\.com$'i,    qr'.*@minedu\.fi$'i,    qr'.*@weco\.ca$'i,    qr'.*@ulb\.ac\.be$'i,    qr'.*@amora\.co\.uk$'i,    qr'.*@earthlink\.com$'i,    qr'.*@verizon\.net$'i,    qr'.*@syo\.fi$'i,    qr'.*@slarti\.ucd\.ie$'i,    qr'.*@qwest\.net$'i,    qr'.*@xcelco\.on\.ca$'i,    qr'.*@home\.pf\.jcu\.cz$'i,    qr'.*@wong\.com$'i,    qr'.*@koys\.de$'i,    qr'.*@colagen\.com$'i,    qr'.*@go\.com$'i,    qr'.*@vrflow\.oulu\.fi$'i,    qr'.*@burntmail\.com$'i,    qr'.*@avo\.gov\.au$'i,    qr'.*@davinci\.ethz\.ch$'i,    qr'.*@velnet\.com$'i,    qr'.*@medmicro\.uct\.ac\.za$'i,    qr'.*@earthlink\.net$'i,    qr'.*@rte\.ie$'i,    qr'.*@Earth9\.com$'i,    qr'.*@einkaufs-verzeichnis\.de$'i,    qr'.*@alehop\.com$'i,    qr'.*@tenbit\.pl$'i,    qr'.*@email\.cz$'i,    qr'.*@vtt\.fi$'i,    qr'.*@online\.at$'i,    qr'.*@graffiti\.net$'i,    qr'.*@graffiti\.com$'i,    qr'.*@earthcorp\.com$'i,    qr'.*@merlin\.net\.au$'i,    qr'.*@ondagrupera\.com$'i,    qr'.*@earthnet\.com$'i,    qr'.*@indiatimes\.com$'i,    qr'.*@mgmt\.ucalgary\.ca$'i,    qr'.*@cybermega\.com$'i,    qr'.*@promo\.gateway\.com$'i,    qr'.*@zeit\.de$'i,    qr'.*@cefic\.be$'i,    qr'.*@standaard\.be$'i,    qr'.*@cuni\.cz$'i,    qr'.*@kirjastot\.fi$'i,    qr'.*@uni-mannheim\.de$'i,    qr'.*@cs\.com$'i,    qr'.*@yahoo\.com\.au$'i,    qr'.*@arsystech\.com$'i,    qr'.*@billboard\.cz$'i,    qr'.*@ericsson\.se$'i,    qr'.*@mail\.glue\.ch$'i,    qr'.*@ns\.glue\.ch$'i,    qr'.*@lycos\.com$'i,    qr'.*@Juntos\.com$'i,    qr'.*@cabana\.net$'i,    qr'.*@thanksmuch\.org$'i,    qr'.*@rediffmail\.com$'i,    qr'.*@spiegel\.de$'i,    qr'.*@topgamers\.com$'i,    qr'.*@beer\.com$'i,    qr'.*@ramirez\.com$'i,    qr'.*@canada\.com$'i,    qr'.*@freenet\.de$'i,    qr'.*@prontomail\.com$'i,    qr'.*@hon\.ch$'i,    qr'.*@cnn\.com$'i,    qr'.*@zuvio\.com$'i,    qr'.*@hush\.com$'i,    qr'.*@gmcc\.ab\.ca$'i,    qr'.*@adacta\.si$'i,    qr'.*@englandfans\.com$'i,    qr'.*@polbox\.com$'i,    qr'.*@geocities\.com$'i,    qr'.*@gosympatico\.ca$'i,    qr'.*@optusnet\.com\.au$'i,    qr'.*@cbn\.net\.id$'i,    qr'.*@williams\.edu$'i,    qr'.*@billy\.de$'i,    qr'.*@skynet\.be$'i,    qr'.*@rock\.com$'i,    qr'.*@gfk\.se$'i,    qr'.*@alacarta\.com$'i,    qr'.*@micronet\.fr$'i,    qr'.*@att\.net$'i,    qr'.*@mahjong\.dk$'i,    qr'.*@free\.com$'i,    qr'.*@mail2Samoa\.com$'i,    qr'.*@amhb\.ab\.ca$'i,    qr'.*@bnf\.fr$'i,    qr'.*@sprint\.com$'i,    qr'.*@v-sexi\.com$'i,    qr'.*@passcollege\.com$'i,    qr'.*@myownemail\.com$'i,    qr'.*@ac\.be$'i,    qr'.*@kbr\.be$'i,    qr'.*@creative\.net$'i,    qr'.*@2911\.net$'i,    qr'.*@calwin\.dk$'i,    qr'.*@asiaworldd2000\.com$'i,    qr'.*@marshall\.edu$'i,    qr'.*@sasquatch\.com$'i,    qr'.*@xs4all\.nl$'i,    qr'.*@surfbirds\.com$'i,    qr'.*@centurytel\.net$'i,    qr'.*@eliteconsultant\.com$'i,    qr'.*@concentric\.com$'i,    qr'.*@asgard\.net\.au$'i,    qr'.*@ne\.jp$'i,    qr'.*@olywa\.net$'i,    qr'.*@wli\.net$'i,    qr'.*@asiaapacific\.com$'i,    qr'.*@aces-ductwork\.co\.uk$'i,    qr'.*@javanet\.com$'i,    qr'.*@tlcfan\.com$'i,    qr'.*@merlin\.at$'i,    qr'.*@fresnomail\.com$'i,    qr'.*@meganet\.net$'i,    qr'.*@freemail\.gr$'i,    qr'.*@toppoint\.de$'i,    qr'.*@megatime\.de$'i,    qr'.*@o2\.pl$'i,    qr'.*@telusplanet\.net$'i,    qr'.*@bcpl\.net$'i,    qr'.*@cyberlink\.com$'i,    qr'.*@nyu\.edu$'i,    qr'.*@top--sites\.com$'i,    qr'.*@terra\.com$'i,    qr'.*@on-luebeck\.de$'i,    qr'.*@i-link-2\.net$'i,    qr'.*@after-death\.com$'i,    qr'.*@srce\.hr$'i,    qr'.*@wmn\.net$'i,    qr'.*@tepkom\.ru$'i,    qr'.*@asia\.co\.th$'i,    qr'.*@cape\.com$'i,    qr'.*@terem\.ru$'i,    qr'.*@awwwsome\.com$'i,    qr'.*@br-online\.de$'i,    qr'.*@itu\.ch$'i,    qr'.*@macbox\.com$'i,    qr'.*@1-base\.com$'i,    qr'.*@ameritech\.net$'i,    qr'.*@mail2Betty\.com$'i,    qr'.*@metla\.fi$'i,    qr'.*@gawab\.com$'i,    qr'.*@web-mail\.com\.ar$'i,    qr'.*@skrzynka\.pl$'i,    qr'.*@dwp\.net$'i,    qr'.*@1234hollus\.com$'i,    qr'.*@optonline\.net$'i,    qr'.*@myparentime\.com$'i,    qr'.*@bluepalalski\.com$'i,    qr'.*@1bigred\.com$'i,    qr'.*@geocities\.co\.jp$'i,    qr'.*@apc\.net$'i,    qr'.*@osn\.de$'i,    qr'.*@osha\.eu\.int$'i,    qr'.*@attbi\.com$'i,    qr'.*@mailinator\.com$'i,    qr'.*@octo\.com$'i,    qr'.*@winzip\.com$'i,    qr'.*@indiamart\.com$'i,    qr'.*@ztabb\.com$'i,    qr'.*@salabrasteron\.com$'i,    qr'.*@hillside-inn\.com$'i,    qr'.*@nccn\.net$'i,    qr'.*@comidamexicana\.com$'i,    qr'.*@swingfans\.com$'i,    qr'.*@inbox\.lv$'i,    qr'.*@siritech\.com$'i,    qr'.*@widgetdesigns\.com$'i,    qr'.*@karlsruhe\.org$'i,    qr'.*@chol\.com$'i,    qr'.*@infinito\.it$'i,    qr'.*@warwick\.ac\.uk$'i,    qr'.*@sisl\.co\.in$'i,    qr'.*@canterbury\.ac\.nz$'i,    qr'.*@usa\.net$'i,    qr'.*@relay\.jinr\.ru$'i,    qr'.*@smartwebby\.com$'i,    qr'.*@buss\.com$'i,    qr'.*@coca-coliker\.com$'i,    qr'.*@incluudes\.com$'i,    qr'.*@371\.net$'i,    qr'.*@starmedia\.com$'i,    qr'.*@surfeador\.com$'i,    qr'.*@inria\.fr$'i,    qr'.*@thw-ahrensburg\.de$'i,    qr'.*@exo\.com$'i,    qr'.*@sify\.com$'i,    qr'.*@flantalapsicle\.com$'i,    qr'.*@coolyork\.com$'i,    qr'.*@ttasmdc\.com$'i,    qr'.*@web-o\.net$'i,    qr'.*@sisulasterex\.com$'i,    qr'.*@dated\.biz$'i,    qr'.*@libero\.it$'i,    qr'.*@e-gold\.com$'i,    qr'.*@orcon\.net\.nz$'i,    qr'.*@tohoku\.ac\.jp$'i,    qr'.*@haveyooseeenthis\.com$'i,    qr'.*@aguytyemdse\.com$'i,    qr'.*@room84\.net$'i,    qr'.*@frsnce\.com$'i,    qr'.*@misfit\.co\.uk$'i,    qr'.*@123greetings\.com$'i,    qr'.*@44eemeds\.com$'i,    qr'.*@cnetech\.com$'i,    qr'.*@occultmail\.com$'i,    qr'.*@lissamail\.com$'i,    qr'.*@shopfree-inc\.com$'i,    qr'.*@cmmeds4\.com$'i,    qr'.*@yahoo\.com\.cn$'i,    qr'.*@finklfan\.com$'i,    qr'.*@arcada\.fi$'i,    qr'.*@tiscali\.fr$'i,    qr'.*@offshrtme\.com$'i,    qr'.*@excite\.com$'i,    qr'.*@isnet\.ca$'i,    qr'.*@qw21qa\.com$'i,    qr'.*@actasap\.com$'i,    qr'.*@umanitoba\.ca$'i,    qr'.*@videotron\.ca$'i,    qr'.*@zonai\.com$'i,    qr'.*@futbolamericano\.com$'i,    qr'.*@tscnet\.com$'i,    qr'.*@boink\.net$'i,    qr'.*@lawyer\.com$'i,    qr'.*@online\.fr$'i,    qr'.*@billonario\.com$'i,    qr'.*@bellatlantic\.net$'i,    qr'.*@allsaintsfan\.com$'i,    qr'.*@dumbwit\.com$'i,    qr'.*@halifax\.com$'i,    qr'.*@proca\.ro$'i,    qr'.*@uwasa\.fi$'i,    qr'.*@dajuma\.com$'i,    qr'.*@actogmbh\.com$'i,    qr'.*@ergo\.no$'i,    qr'.*@ibi\.co\.za$'i,    qr'.*@ewa\.net$'i,    qr'.*@crestron\.com$'i,    qr'.*@jetcity\.com$'i,    qr'.*@playful\.com$'i,    qr'.*@tiscali\.co\.uk$'i,    qr'.*@superstorebn\.com$'i,    qr'.*@izap\.com$'i,    qr'.*@88cresa\.com$'i,    qr'.*@moellenhoff\.de$'i,    qr'.*@fishing\.co\.jp$'i,    qr'.*@nwinfo\.net$'i,    qr'.*@shinbiro\.com$'i,    qr'.*@wanted-dead-or-alive\.com$'i,    qr'.*@lignumcomputing\.com$'i,    qr'.*@sns\.it$'i,    qr'.*@best1\.net$'i,    qr'.*@ginko\.de$'i,    qr'.*@expage\.com$'i,    qr'.*@aruba\.it$'i,    qr'.*@nospammail\.net$'i,    qr'.*@guanajuato\.com$'i,    qr'.*@ournewsnow\.com$'i,    qr'.*@kutscheracommunication\.com$'i,    qr'.*@thereallybigone\.com$'i,    qr'.*@nwnexus\.com$'i,    qr'.*@star\.cz$'i,    qr'.*@bettahits\.biz$'i,    qr'.*@deportista\.com$'i,    qr'.*@cheftalk\.com$'i,    qr'.*@bkkmail\.com$'i,    qr'.*@yerphi\.am$'i,    qr'.*@rescueteam\.com$'i,    qr'.*@webmail\.co\.za$'i,    qr'.*@vsnl\.net$'i,    qr'.*@surfari\.net$'i,    qr'.*@inorbit\.com$'i,    qr'.*@interblod\.com$'i,    qr'.*@bion\.kth\.se$'i,    qr'.*@advernet\.es$'i,    qr'.*@leonlai\.net$'i,    qr'.*@gettyimages\.com$'i,    qr'.*@bootix\.com$'i,    qr'.*@ilovemermaids\.com$'i,    qr'.*@moegenburg\.de$'i,    qr'.*@mmail\.com$'i,    qr'.*@cidman\.de$'i,    qr'.*@sunpharma\.com$'i,    qr'.*@semantec\.bg$'i,    qr'.*@argus\.co\.za$'i,    qr'.*@anonymous\.to$'i,    qr'.*@beyondthelaw\.com$'i,    qr'.*@so-near-yet-so-far\.com$'i,    qr'.*@cumbria\.sch\.uk$'i,    qr'.*@elsitiodc\.tv$'i,    qr'.*@ilovebanging\.com$'i,    qr'.*@webinbox\.com$'i,    qr'.*@r-a-v-e\.com$'i,    qr'.*@infi\.net$'i,    qr'.*@capitale\.qc\.ca$'i,    qr'.*@aus-city\.com$'i,    qr'.*@techemail\.com$'i,    qr'.*@Jabble\.com$'i,    qr'.*@alloymail\.com$'i,    qr'.*@uk2\.net$'i,    qr'.*@myself\.com$'i,    qr'.*@six1\.net$'i,    qr'.*@journalist\.com$'i,    qr'.*@ri1\.biz$'i,    qr'.*@swbell\.net$'i,    qr'.*@zwallet\.com$'i,    qr'.*@ivysaur-fan\.com$'i,    qr'.*@seznam\.cz$'i,    qr'.*@doomedbeauty\.com$'i,    qr'.*@showfans\.com$'i,    qr'.*@andylau\.net$'i,    qr'.*@emaila\.nu$'i,    qr'.*@yahoo\.co\.in$'i,    qr'.*@fireball\.de$'i,    qr'.*@mail2Reggie\.com$'i,    qr'.*@goforit\.helpaccount\.net$'i,    qr'.*@usa\.com$'i,    qr'.*@Rinderwahnsinn\.de$'i,    qr'.*@gravityswitch\.com$'i,    qr'.*@nextmail\.ru$'i,    qr'.*@starbux\.de$'i,    qr'.*@einsundeins\.de$'i,    qr'.*@codewerk\.com$'i,    qr'.*@antispin\.org$'i,    qr'.*@modem-help\.co\.uk$'i,    qr'.*@aboutgolf\.com$'i,    qr'.*@derechoshumanos\.com$'i,    qr'.*@lets-do-a-liquid-lunch\.com$'i,    qr'.*@email\.ro$'i,    qr'.*@e-mail\.com$'i,    qr'.*@millcomm\.com$'i,    qr'.*@vnet\.ibm\.com$'i,    qr'.*@porncity\.net$'i,    qr'.*@yandex\.ru$'i,    qr'.*@inav\.net$'i,    qr'.*@gyuvetch\.bg$'i,    qr'.*@winterhighland\.co\.uk$'i,    qr'.*@ranmamail\.com$'i,    qr'.*@pigs-arse\.com$'i,    qr'.*@pakvalley\.com$'i,    qr'.*@madrid\.com$'i,    qr'.*@mail2Steve\.com$'i,    qr'.*@infoasis\.com$'i,    qr'.*@adden\.com$'i,    qr'.*@maktoob\.com$'i,    qr'.*@postaldigital\.com$'i,    qr'.*@ablake\.net$'i,    qr'.*@abwebplus\.com$'i,    qr'.*@bcs\.cl$'i,    qr'.*@afreeinternet\.com$'i,    qr'.*@staffplanning\.nl$'i,    qr'.*@candea\.nl$'i,    qr'.*@bestofchris\.de$'i,    qr'.*@roava\.net$'i,    qr'.*@penn\.com$'i,    qr'.*@bugger-all\.com$'i,    qr'.*@milestoneinteractive\.com$'i,    qr'.*@mendsxn4\.com$'i,    qr'.*@iluvxmas\.com$'i,    qr'.*@sllug\.org$'i,    qr'.*@co\.id$'i,    qr'.*@therightmoment\.com$'i,    qr'.*@tstindias\.com$'i,    qr'.*@stamm-wire\.de$'i,    qr'.*@qc\.ca$'i,    qr'.*@co\.uk$'i,    qr'.*@1-struck\.de$'i,    qr'.*@stapro\.sk$'i,    qr'.*@or\.jp$'i,    qr'.*@stan-noon\.de$'i,    qr'.*@mokry\.cz$'i,    qr'.*@telus\.net$'i,    qr'.*@stallbalans\.se$'i,    qr'.*@co\.kr$'i,    qr'.*@another-world\.com$'i,    qr'.*@e-bay\.com$'i,    qr'.*@univr\.it$'i,    qr'.*@tvg\.is$'i,    qr'.*@carolina\.cl$'i,    qr'.*@stamm-erdenburg\.de$'i,    qr'.*@mst\.dk$'i,    qr'.*@co\.nz$'i,    qr'.*@comcast\.com$'i,    qr'.*@stakes\.fi$'i,    qr'.*@firemail\.de$'i,    qr'.*@mnends\.com$'i,    qr'.*@mail2lawyer\.org$'i,    qr'.*@doctor\.com$'i,    qr'.*@cicm\.es$'i,    qr'.*@attitude\.com$'i,    qr'.*@chinakontor\.de$'i,    qr'.*@ac\.uk$'i,    qr'.*@unipv\.it$'i,    qr'.*@rhubarb-rhubarb\.com$'i,    qr'.*@charterpa\.net$'i,    qr'.*@pravda\.ru$'i,    qr'.*@singapore\.com$'i,    qr'.*@mohnhaupt\.de$'i,    qr'.*@gamewood\.net$'i,    qr'.*@tver\.ru$'i,    qr'.*@utimail\.com$'i,    qr'.*@emailaccount\.com$'i,    qr'.*@bellsouth\.net$'i,    qr'.*@co\.at$'i,    qr'.*@hanmail\.net$'i,    qr'.*@buttonpushers\.com$'i,    qr'.*@indiantoners\.com$'i,    qr'.*@rocketmail\.com$'i,    qr'.*@wroc\.pl$'i,    qr'.*@nhs\.uk$'i,    qr'.*@over-the-rainbow\.com$'i,    qr'.*@modellbautreff\.de$'i,    qr'.*@co\.th$'i,    qr'.*@bizjournals\.com$'i,    qr'.*@a-acht\.de$'i,    qr'.*@p-bridge\.com$'i,    qr'.*@namesecure\.com$'i,    qr'.*@veryfast\.biz$'i,    qr'.*@stammwelfen\.de$'i,    qr'.*@kinki-kids\.com$'i,    qr'.*@co\.jp$'i,    qr'.*@twainweb\.de$'i,    qr'.*@dgmedia\.dk$'i,    qr'.*@catchamail\.com$'i,    qr'.*@cvrtgfd\.com$'i,    qr'.*@jjgfdk\.com$'i,    qr'.*@bluecom\.no$'i,    qr'.*@autrijus\.org$'i,    qr'.*@126\.com$'i,    qr'.*@silcom\.com$'i,    qr'.*@gtt-india\.com$'i,    qr'.*@legacy\.com$'i,    qr'.*@unlimitedautoresponders\.com$'i,    qr'.*@com\.au$'i,    qr'.*@Iname\.com$'i,    qr'.*@internav\.com$'i,    qr'.*@extremeplayer\.com$'i,    qr'.*@abstractsoft\.com$'i,    qr'.*@cims\.cz$'i,    qr'.*@kerrlake\.com$'i,    qr'.*@hurting\.com$'i,    qr'.*@usherb\.ca$'i,    qr'.*@cliffhanger\.com$'i,    qr'.*@online\.hr$'i,    qr'.*@shawcable\.net$'i,    qr'.*@mcgillicuddy\.com$'i,    qr'.*@neenahprinting\.com$'i,    qr'.*@hondutel\.hn$'i,    qr'.*@netwiz\.net$'i,    qr'.*@es\.to$'i,    qr'.*@co\.za$'i,    qr'.*@moose-mail\.com$'i,    qr'.*@rattvik\.se$'i,    qr'.*@waw\.pl$'i,    qr'.*@mk\.ua$'i,    qr'.*@cat-fan\.com$'i,    qr'.*@dewahost\.com$'i,    qr'.*@cimatech\.at$'i,    qr'.*@accountant\.com$'i,    qr'.*@dvd-fan\.net$'i,    qr'.*@ImogeneOlsen@google\.com$'i,    qr'.*@tnl-online\.com$'i,    qr'.*@pavilion\.net$'i,    qr'.*@supermedia\.pl$'i,    qr'.*@dte2k\.de$'i,    qr'.*@uni-stuttgart\.de$'i,    qr'.*@waxworks\.nl$'i,    qr'.*@ula\.ve$'i,    qr'.*@xemacs\.org$'i,    qr'.*@iwvisp\.com$'i,    qr'.*@univ-lyon1\.fr$'i,    qr'.*@yahoo\.com\.sg$'i,    qr'.*@Z6\.com$'i,    qr'.*@t-online\.de$'i,    qr'.*@aaiworldmarket\.com$'i,    qr'.*@telstra\.com$'i,    qr'.*@eivd\.ch$'i,    qr'.*@net999\.com$'i,    qr'.*@amega\.com$'i,    qr'.*@moebelspedition\.de$'i,    qr'.*@alen\.com$'i,    qr'.*@primion\.de$'i,    qr'.*@bargain-warrior\.com$'i,    qr'.*@myvaluepc\.com$'i,    qr'.*@allergist\.com$'i,    qr'.*@bigisbetter\.com$'i,    qr'.*@fleet\.com$'i,    qr'.*@os\.dk$'i,    qr'.*@rockbridge\.net$'i,    qr'.*@adamsacres\.com$'i,    qr'.*@senderservices\.info$'i,    qr'.*@queerplaces\.com$'i,    qr'.*@algx\.net$'i,    qr'.*@zenpkscu11\.com$'i,    qr'.*@akelia\.com$'i,    qr'.*@cariboo\.bc\.ca$'i,    qr'.*@americatel\.hn$'i,    qr'.*@michaelkuntz\.de$'i,    qr'.*@telefonicamoviles\.com\.mx$'i,    qr'.*@swift\.cz$'i,    qr'.*@vulve\.com$'i,    qr'.*@llangollen\.com$'i,    qr'.*@thedoghousemail\.com$'i,    qr'.*@model-endres\.de$'i,    qr'.*@cuernavaca\.com$'i,    qr'.*@cadcamlab\.org$'i,    qr'.*@carmen\.se$'i,    qr'.*@hopsoft\.com$'i,    qr'.*@freemail\.nl$'i,    qr'.*@qualiteonline\.com$'i,    qr'.*@aschober\.de$'i,    qr'.*@every1\.net$'i,    qr'.*@com\.ar$'i,    qr'.*@mannegeil\.com$'i,    qr'.*@com\.pe$'i,    qr'.*@viernulvier\.nl$'i,    qr'.*@nabaza\.com$'i,    qr'.*@i7\.com\.pl$'i,    qr'.*@honold-online\.de$'i,    qr'.*@free-state\.com$'i,    qr'.*@kristne-gym\.dk$'i,    qr'.*@bigpond\.com$'i,    qr'.*@yahoo\.es$'i,    qr'.*@broadbad\.com$'i,    qr'.*@loveforlostcats\.com$'i,    qr'.*@cybersmtp\.com$'i,    qr'.*@customspine\.com$'i,    qr'.*@mchsi\.com$'i,    qr'.*@metalab\.unc\.edu$'i,    qr'.*@planetwave\.net$'i,    qr'.*@mhi\.nl$'i,    qr'.*@godsmackmail\.com$'i,    qr'.*@stardel\.ca$'i,    qr'.*@fuse\.net$'i,    qr'.*@jumpy\.it$'i,    qr'.*@cjb\.net$'i,    qr'.*@cityofcardiff\.net$'i,    qr'.*@llandudno\.com$'i,    qr'.*@starcity\.ru$'i,    qr'.*@twotiming\.com$'i,    qr'.*@desertmail\.com$'i,    qr'.*@ae\.com$'i,    qr'.*@aeneasmail\.com$'i,    qr'.*@breath-of-fresh-air\.com$'i,    qr'.*@analytic\.ch$'i,    qr'.*@avertlabs\.com$'i,    qr'.*@vcustomer\.com$'i,    qr'.*@yangjinglin\.com$'i,    qr'.*@net4india\.com$'i,    qr'.*@fr\.st$'i,    qr'.*@asia-links\.com$'i,    qr'.*@jorma-pentium\.org$'i,    qr'.*@netikka\.fi$'i,    qr'.*@avvesta\.com$'i,    qr'.*@comcast\.net$'i,    qr'.*@timewarner\.com$'i,    qr'.*@euphoricheaven\.com$'i,    qr'.*@aahtech\.com$'i,    qr'.*@abelio\.com$'i,    qr'.*@wanadoo\.nl$'i,    qr'.*@thehatters\.com$'i,    qr'.*@quattro-it\.dk$'i,    qr'.*@ls-d\.de$'i,    qr'.*@tell-me-another\.com$'i,    qr'.*@paonline\.com$'i,    qr'.*@tackleshop\.de$'i,    qr'.*@3dimension\.com$'i,    qr'.*@darwinsys\.com$'i,    qr'.*@techpacindia\.com$'i,    qr'.*@nsta\.ca$'i,    qr'.*@computer-expert\.net$'i,    qr'.*@astat\.de$'i,    qr'.*@geekly\.net$'i,    qr'.*@xfiles\.cz$'i,    qr'.*@chello\.nl$'i,    qr'.*@hanbalmasstech\.com$'i,    qr'.*@essenet\.it$'i,    qr'.*@pon\.net$'i,    qr'.*@lycosmail\.com$'i,    qr'.*@afropoets\.com$'i,    qr'.*@spl\.at$'i,    qr'.*@moering\.de$'i,    qr'.*@pdgbroadcast\.com$'i,    qr'.*@ESPN\.com$'i,    qr'.*@gantke-net\.com$'i,    qr'.*@craftemail\.com$'i,    qr'.*@bju\.edu$'i,    qr'.*@takas\.lt$'i,    qr'.*@neuform-propeller\.de$'i,    qr'.*@inow\.com$'i,    qr'.*@inland\.net$'i,    qr'.*@emarsistemi\.it$'i,    qr'.*@quoteland\.com$'i,    qr'.*@backyardjungle\.org$'i,    qr'.*@servicemagic\.com$'i,    qr'.*@expn\.com$'i,    qr'.*@aahlife\.com$'i,    qr'.*@suomi24\.fi$'i,    qr'.*@adams-online\.de$'i,    qr'.*@advmgtconcepts\.com$'i,    qr'.*@stampauctions\.se$'i,    qr'.*@gol\.com$'i,    qr'.*@pqnb\.com$'i,    qr'.*@dodgeit\.com$'i,    qr'.*@tvc\.es$'i,    qr'.*@nightstyles\.net$'i,    qr'.*@netster\.com$'i,    qr'.*@dyaryoboy\.com$'i,    qr'.*@handbag\.com$'i,    qr'.*@carmax\.com$'i,    qr'.*@stony4921rneds\.com$'i,    qr'.*@sbcglobal\.net$'i,    qr'.*@cyberwebglobal\.info$'i,    qr'.*@wesleymail\.com$'i,    qr'.*@gowebway\.com$'i,    qr'.*@yahoo\.gr$'i,    qr'.*@hardwarefan\.com$'i,    qr'.*@flash\.net$'i,    qr'.*@ciateq\.mx$'i,    qr'.*@myway\.com$'i,    qr'.*@phayze\.com$'i,    qr'.*@desilver\.com$'i,    qr'.*@semistable\.com$'i,    qr'.*@catcha\.com$'i,    qr'.*@armagalli\.com$'i,    qr'.*@recruited2055rneds\.com$'i,    qr'.*@asiamail\.com$'i,    qr'.*@tmicha\.net$'i,    qr'.*@inker\.com$'i,    qr'.*@tatanova\.com$'i,    qr'.*@easypeasy\.com$'i,    qr'.*@peepingtomtortoises\.com$'i,    qr'.*@harryturtlepeepers\.com$'i,    qr'.*@bass-security\.com$'i,    qr'.*@carrier\.kiev\.ua$'i,    qr'.*@openface\.ca$'i,    qr'.*@tverskov\.dk$'i,    qr'.*@luxuryhomesinc\.com$'i,    qr'.*@aafintl\.com$'i,    qr'.*@mokai\.de$'i,    qr'.*@outgun\.com$'i,    qr'.*@siba\.fi$'i,    qr'.*@yyhmail\.com$'i,    qr'.*@akela\.ro$'i,    qr'.*@aonix\.de$'i,    qr'.*@assetnewmedia\.de$'i,    qr'.*@optincomp\.info$'i,    qr'.*@steels4foreknew\.com$'i,    qr'.*@gmail\.com$'i,    qr'.*@fastmail\.fm$'i,    qr'.*@paamco\.com$'i,    qr'.*@accessfactory\.com$'i,    qr'.*@tucomm\.net$'i,    qr'.*@netoffersnow\.com$'i,    qr'.*@chifren\.de$'i,    qr'.*@evafan\.com$'i,    qr'.*@cheerful\.com$'i,    qr'.*@acuario\.com$'i,    qr'.*@advodata\.be$'i,    qr'.*@asptoday\.com$'i,    qr'.*@citibank\.com$'i,    qr'.*@check1check\.com$'i,    qr'.*@ahmed\.com$'i,    qr'.*@online-dialer\.com$'i,    qr'.*@arkwright\.com$'i,    qr'.*@access-one\.com$'i,    qr'.*@norcov\.com$'i,    qr'.*@datasync\.com$'i,    qr'.*@accessloans\.com$'i,    qr'.*@carleton\.ca$'i,    qr'.*@softlineamerica\.com$'i,    qr'.*@azzit\.de$'i,    qr'.*@asapso\.de$'i,    qr'.*@despammed\.com$'i,    qr'.*@ufredbx\.com$'i,    qr'.*@norgesmail\.com$'i,    qr'.*@mail2Richard\.com$'i,    qr'.*@charterwv\.net$'i,    qr'.*@stallion\.ee$'i,    qr'.*@inbox\.ru$'i,    qr'.*@way2vn\.com$'i,    qr'.*@act-online\.de$'i,    qr'.*@tigerdrive\.com$'i,    qr'.*@accutek\.com$'i,    qr'.*@absolutemotion\.com$'i,    qr'.*@yapost\.com$'i,    qr'.*@t-dialin\.net$'i,    qr'.*@mailserver\.de$'i,    qr'.*@starfrog\.de$'i,    qr'.*@bmbuss\.de$'i,    qr'.*@access\.com$'i,    qr'.*@birdowner\.net$'i,    qr'.*@shops\.com$'i,    qr'.*@mailpride\.com$'i,    qr'.*@alphasystem\.no$'i,    qr'.*@wbox\.de$'i,    qr'.*@emosaustin\.com$'i,    qr'.*@giminc\.com$'i,    qr'.*@queretaro\.com$'i,    qr'.*@inos\.com$'i,    qr'.*@modern-products\.at$'i,    qr'.*@atom\.hu$'i,    qr'.*@paypal\.com$'i,    qr'.*@138mail\.com$'i,    qr'.*@relia\.net$'i,    qr'.*@chinchilla\.de$'i,    qr'.*@educationalministries\.com$'i,    qr'.*@websentric\.com$'i,    qr'.*@dighty\.com$'i,    qr'.*@scriptsportal\.com$'i,    qr'.*@goingincircles\.com$'i,    qr'.*@blocspam\.com$'i,    qr'.*@peta\.org$'i,    qr'.*@doxdesk\.com$'i,    qr'.*@tatasteel\.com$'i,    qr'.*@sinhalaya\.com$'i,    qr'.*@netidentity\.com$'i,    qr'.*@meramec\.com$'i,    qr'.*@computermail\.net$'i,    qr'.*@directvinternet\.com$'i,    qr'.*@iepg\.org$'i,    qr'.*@taet-tat\.ch$'i,    qr'.*@mz-home\.de$'i,    qr'.*@sos-software\.ch$'i,    qr'.*@eduhi\.at$'i,    qr'.*@hacker\.ag$'i,    qr'.*@bytebox\.de$'i ));   # NOTE: whitelisting is becoming deprecated because sender address is #       all too often faked; use @score_sender_maps for soft-whitelisting! # # Illustrates the use of several lookup tables: # # @whitelist_sender_maps = ( # # # read_hash("$MYHOME/whitelist_sender"),  # a hash table read from a file # #   # and another hash lookup table constructed in-line, with keys lowercased: #   { map {lc $_ => 1} qw( #     nobody@cert.org #     cert-advisory@us-cert.gov #     owner-alert@iss.net #     slashdot@slashdot.org #     bugtraq@securityfocus.com #     NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM #     security-alerts@linuxsecurity.com #     amavis-user-admin@lists.sourceforge.net #     notification-return@lists.sophos.com #     mailman-announce-admin@python.org #     owner-postfix-users@postfix.org #     owner-postfix-announce@postfix.org #     owner-sendmail-announce@lists.sendmail.org #     sendmail-announce-request@lists.sendmail.org #     owner-technews@postel.ACM.ORG #     lvs-users-admin@LinuxVirtualServer.org #     ietf-123-owner@loki.ietf.org #     cvs-commits-list-admin@gnome.org #     rt-users-admin@lists.fsck.com #     clp-request@comp.nus.edu.sg #     surveys-errors@lists.nua.ie #     emailNews@genomeweb.com #     owner-textbreakingnews@CNNIMAIL12.CNN.COM #     yahoo-dev-null@yahoo-inc.com #     returns.groups.yahoo.com #   )}, # # # { '' => 1 },  # and another one, containing just an empty reverse path (DSN) # # );   # ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT  # The same semantics as for global white/blacklisting applies, but this # time each recipient (or its domain, or subdomain, ...) can be given # an individual lookup table for matching senders. The per-recipient lookups # take precedence over the global lookups, which serve as a fallback default.  # Specify a two-level lookup table: the key for the outer table is recipient, # and the result should be an inner lookup table (hash or ACL or RE), # where the key used will be the sender. (Note that this structure is flatter # than @score_sender_maps, where the first level result is a ref to a _list_ # of inner lookup tables, not a ref to a single lookup table.) # #$per_recip_blacklist_sender_lookup_tables = { # 'user1@my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i), # 'user2@my.example.com'=>[qw( spammer@d1.example,org .d2.example,org )], #}; #$per_recip_whitelist_sender_lookup_tables = { # 'user@my.example.com' => [qw( friend@example.org .other.example.org )], # '.my1.example.com'    => [qw( !foe.other.example,org .other.example,org )], # '.my2.example.com'    => read_hash("$MYHOME/my2-wl.dat"), # 'abuse@' => { 'postmaster@'=>1, #               'cert-advisory-owner@cert.org'=>1, 'owner-alert@iss.net'=>1 }, #};   # # ============================================================================= # Section VI - Resource limits # ============================================================================= #  # Sanity limit to the number of allowed recipients per SMTP transaction # $smtpd_recipient_limit = 1100;  # (default is 1100)  # Resource limits to protect unpackers, decompressors and virus scanners # against mail bombs (e.g. 42.zip)   # Maximum recursion level for extraction/decoding (0 or undef disables limit) $MAXLEVELS = 14;        # (default is undef, no limit)  # Maximum number of extracted files (0 or undef disables the limit) $MAXFILES = 1500;       # (default is undef, no limit)  # For the cumulative total of all decoded mail parts we set max storage size # to defend against mail bombs. Even though parts may be deleted (replaced # by decoded text) during decoding, the size they occupied is _not_ returned # to the quota pool. # # Parameters to storage quota formula for unpacking/decoding/decompressing #   Formula: #     quota = max($MIN_EXPANSION_QUOTA, #                 $mail_size*$MIN_EXPANSION_FACTOR, #                 min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR)) #   In plain words (later condition overrules previous ones): #     allow MAX_EXPANSION_FACTOR times initial mail size, #     but not more than MAX_EXPANSION_QUOTA, #     but not less than MIN_EXPANSION_FACTOR times initial mail size, #     but never less than MIN_EXPANSION_QUOTA # $MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced) $MIN_EXPANSION_FACTOR =   5;  # times original mail size  (default is 5) $MAX_EXPANSION_FACTOR = 500;  # times original mail size  (default is 500)  # expiration time of cached results: time to live in seconds #   (how long the result of a virus/spam test remains valid) $virus_check_negative_ttl=  3*60; # time to remember that mail was not infected $virus_check_positive_ttl= 30*60; # time to remember that mail was infected $spam_check_negative_ttl = 30*60; # time to remember that mail was not spam $spam_check_positive_ttl = 30*60; # time to remember that mail was spam # # NOTE: #   Cache size will be determined by the largest of the $*_ttl values. #   Depending on the mail rate, the cache database may grow quite large. #   Reasonable compromise for the max value is 15 minutes to 2 hours.  # # ============================================================================= # Section VII - External programs, virus scanners # ============================================================================= #  # Specify a path string, which is a colon-separated string of directories # (no trailing slashes!) to be assigned to the environment variable PATH # and to serve for locating external programs below.  # NOTE: if $daemon_chroot_dir is nonempty, the directories will be #       relative to the chroot directory specified;  $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';  # Specify one string or a search list of strings (first match wins). # The string (or: each string in a list) may be an absolute path, # or just a program name, to be located via $path; # Empty string or undef (=default) disables the use of that external program. # Optionally command arguments may be specified - only the first substring # up to the whitespace is used for file searching.  # required: $file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability  # optional: $gzip   = 'gzip'; $bzip2  = 'bzip2'; $lzop   = 'lzop'; $rpm2cpio   = ['rpm2cpio.pl','rpm2cpio']; $cabextract = 'cabextract'; $uncompress = ['uncompress', 'gzip -d', 'zcat']; $unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat']; $arc        = ['nomarch', 'arc']; $unarj      = ['arj', 'unarj'];  # both can extract, arj is recommended $unrar      = ['rar', 'unrar'];  # both can extract, same options $zoo    = 'zoo'; $lha    = 'lha'; $cpio   = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports                             # the options needed; the rest of us use cpio $ar     = 'ar';  # Unix binary archives and Debian binary packages $dspam  = 'dspam';  # ============================================================================= # SpamAssassin settings # =============================================================================  # $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value # of the option local_tests_only. See Mail::SpamAssassin man page. # If set to 1, no SA tests that require internet access will be performed. # $sa_local_tests_only = 0;   # (default: false) $sa_auto_whitelist = 1;     # turn on AWL in SA 2.63 or older (irrelevant                             # for SA 3.0, its cf option is use_auto_whitelist)  $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger                 # (less than 1% of spam is > 64k)                 # default: undef, no limitations  # default values, customarily used in the @spam_*_level_maps as the last entry $sa_tag_level_deflt  = 2.0; # add spam info headers if at, or above that level;                 # undef is interpreted as lower than any spam level $sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level to                             # passed mail (e.g. when $final_spam_destiny=D_PASS                             # or for spam_lovers or when below kill_level) $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions                 # at or above that level: bounce/reject/drop,                 # quarantine, and adding mail address extension $sa_dsn_cutoff_level = 5;   # spam level beyond which a DSN is not sent,                             # effectively turning D_BOUNCE into D_DISCARD;                             # undef disables this feature and is a default;  # advanced example specifying per-recipient values using a hash lookup: #@spam_tag_level_maps  = (\$sa_tag_level_deflt);  # this is a default #@spam_tag2_level_maps = ( #  { 'user1@example.com' => 8.0, '.example.com' => 6.0 }, #  \$sa_tag2_level_deflt,   # catchall default #); #@spam_kill_level_maps = ( #  { 'user1@example.com' => 8.0, '.example.com' => 6.0 }, #  \$sa_kill_level_deflt,   # catchall default #); #@spam_dsn_cutoff_level_maps = ( #  { 'user1@example.com' => 10, '.example.com' => 15 }, #  \$sa_dsn_cutoff_level,   # catchall default #);  # a quick reference: #   tag_level  controls adding the X-Spam-Status and X-Spam-Level headers, #   tag2_level controls adding 'X-Spam-Flag: YES', editing (tagging) Subject, #                       and adding address extensions, #   kill_level controls 'evasive actions' (reject, quarantine); # it only makes sense to maintain the relationship: # tag_level <= tag2_level <= kill_level < dsn_cutoff_level  # string to prepend to Subject header field when message exceeds tag2 level $sa_spam_subject_tag = '***SPAM*** ';  # (defaults to undef, disabled)                  # (only seen when spam is passed and recipient is                              # in local_domains*)  $sa_spam_modifies_subj = 1; # in @sa_spam_modifies_subj_maps, default is true  # Example: modify Subject for all local recipients except user@example.com #@sa_spam_modifies_subj_maps = ( [qw( !user@example.com . )] );  #$sa_spam_level_char = '*';  # char for X-Spam-Level bar, defaults to '*';                  # undef or empty disables inserting X-Spam-Level #$sa_spam_report_header = 0; # insert X-Spam-Report header field? default false  # stop anti-virus scanning when the first scanner detects a virus? #$first_infected_stops_scan = 1;  # default is false, all scanners in a section                                   # are called  # @av_scanners is a list of n-tuples, where fields semantics is: #  1. av scanner plain name, to be used in log and reports; #  2. scanner program name; this string will be submitted to subroutine #     find_external_programs(), which will try to find the full program path #     name during startup; if program is not found, this scanner is disabled. #     Besides a simple string (full program path name or just the basename #     to be looked for in PATH), this may be an array ref of alternative #     program names or full paths - the first match in the list will be used; #     As a special case for more complex scanners, this field may be #     a subroutine reference, and the whole n-tuple is passed to it as args. #  3. command arguments to be given to the scanner program; #     a substring {} will be replaced by the directory name to be scanned, i.e. #     "$tempdir/parts", a "*" will be replaced by base file names of parts; #  4. an array ref of av scanner exit status values, or a regexp (to be #     matched against scanner output), indicating NO VIRUSES found; #  5. an array ref of av scanner exit status values, or a regexp (to be #     matched against scanner output), indicating VIRUSES WERE FOUND; #     Note: the virus match prevails over a 'not found' match, so it is safe #     even if the no. 4. matches for viruses too; #  6. a regexp (to be matched against scanner output), returning a list #     of virus names found, or a sub ref, returning such a list when given #     scanner output as argument; #  7. and 8.: (optional) subroutines to be executed before and after scanner #     (e.g. to set environment or current directory); #     see examples for these at KasperskyLab AVP and NAI uvscan.  # NOTES: # # - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the #   whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE #   (which can be handy if all you want to do is spam scanning); # # - the order matters: although _all_ available entries from the list #   are tried regardless of their verdict, scanners are run in the order #   specified: the report from the first one detecting a virus will be used #   (providing virus names and scanner output); REARRANGE THE ORDER TO WILL; #   see also $first_infected_stops_scan; # # - it doesn't hurt to keep an unused command line scanner entry in the list #   if the program can not be found; the path search is only performed once #   during the program startup; # #   COROLLARY: to disable a scanner that _does_ exist on your system, #   comment out its entry or use undef or '' as its program name/path #   (second parameter). An example where this is almost a must: disable #   Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl #   (same for Trophie/vscan, and clamd/clamscan), or if another unrelated #   program happens to have a name matching one of the entries ('sweep' #   again comes to mind); # # - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES #   for interfacing (where the second parameter starts with \&). #   Keeping such entry and not having a corresponding virus scanner daemon #   causes an unnecessary connection attempt (which eventually times out, #   but it wastes precious time). For this reason the daemonized entries #   are commented in the distribution - just remove the '#' where needed. # # CERT list of av resources: http://www.cert.org/other_sources/viruses.html  @av_scanners = (  # ### http://www.vanja.com/tools/sophie/ # ['Sophie', #   \&ask_daemon, ["{}/\n", '/var/run/sophie'], #   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/, #   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],  # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ # ['Sophos SAVI', \&sophos_savi ],  # ### http://www.clamav.net/ # ['ClamAV-clamd', #   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], #   qr/\bOK$/, qr/\bFOUND$/, #   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd;  match the socket # # name (LocalSocket) in clamav.conf to the socket name in this entry # # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],  # ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred) # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],  # ### http://www.openantivirus.org/ # ['OpenAntiVirus ScannerDaemon (OAV)', #   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'], #   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],  # ### http://www.vanja.com/tools/trophie/ # ['Trophie', #   \&ask_daemon, ["{}/\n", '/var/run/trophie'], #   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/, #   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],  # ### http://www.grisoft.com/ # ['AVG Anti-Virus', #   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'], #   qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],  # ### http://www.f-prot.com/ # ['FRISK F-Prot Daemon', #   \&ask_daemon, #   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", #     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202', #      '127.0.0.1:10203','127.0.0.1:10204'] ], #   qr/(?i)<summary[^>]*>clean<\/summary>/, #   qr/(?i)<summary[^>]*>infected<\/summary>/, #   qr/(?i)<name>(.+)<\/name>/ ],  # ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ # ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later #   [pack('N',1).  # DRWEBD_SCAN_CMD #    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES #    pack('N',     # path length #      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). #    '{}/*'.       # path #    pack('N',0).  # content size #    pack('N',0), #    '/var/drweb/run/drwebd.sock', #  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot #  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default #  # '127.0.0.1:3000',                    # or over an inet socket #   ], #   qr/\A\x00[\x10\x11][\x00\x10]\x00/s,         # IS_CLEAN,EVAL_KEY; SKIPPED #   qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF #   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s, # ], # # NOTE: If using amavis-milter, change length to: # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").    ### http://www.kaspersky.com/  (in the 'file server version')   ['KasperskyLab AVP - aveclient',     ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',      '/opt/kav/bin/aveclient','aveclient'],     '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,     qr/(?:INFECTED|SUSPICION) (.+)/,   ],    ### http://www.kaspersky.com/   ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],     '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?     qr/infected: (.+)/,     sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},     sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},   ],    ### The kavdaemon and AVPDaemonClient have been removed from Kasperky   ### products and replaced by aveserver and aveclient   ['KasperskyLab AVPDaemonClient',     [ '/opt/AVP/kavdaemon',       'kavdaemon',       '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',       '/opt/AVP/AvpTeamDream',    'AvpTeamDream',       '/opt/AVP/avpdc', 'avpdc' ],     "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],     # change the startup-script in /etc/init.d/kavd to:     #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"     #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )     # adjusting /var/amavis above to match your $TEMPBASE.     # The '-f=/var/amavis' is needed if not running it as root, so it     # can find, read, and write its pid file, etc., see 'man kavdaemon'.     # defUnix.prf: there must be an entry "*/var/amavis" (or whatever     #   directory $TEMPBASE specifies) in the 'Names=' section.     # cd /opt/AVP/DaemonClients; configure; cd Sample; make     # cp AvpDaemonClient /opt/AVP/     # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"    ### http://www.hbedv.com/ or http://www.centralcommand.com/   ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',     ['antivir','vexira'],     '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,     qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |          (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],     # NOTE: if you only have a demo version, remove -z and add 214, as in:     #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,    ### http://www.commandsoftware.com/   ['Command AntiVirus for Linux', 'csav',     '-all -archive -packed {}', [50], [51,52,53],     qr/Infection: (.+)/ ],    ### http://www.symantec.com/   ['Symantec CarrierScan via Symantec CommandLineScanner',     'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',     qr/^Files Infected:\s+0$/, qr/^Infected\b/,     qr/^(?:Info|Virus Name):\s+(.+)/ ],    ### http://www.symantec.com/   ['Symantec AntiVirus Scan Engine',     'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',     [0], qr/^Infected\b/,     qr/^(?:Info|Virus Name):\s+(.+)/ ],     # NOTE: check options and patterns to see which entry better applies    ### http://www.f-secure.com/products/anti-virus/   ['F-Secure Antivirus', 'fsav',     '--dumb --mime --archive {}', [0], [3,8],     qr/(?:infection|Infected|Suspected): (.+)/ ],    ['CAI InoculateIT', 'inocucmd',  # retired product     '-sec -nex {}', [0], [100],     qr/was infected by virus (.+)/ ],   # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html    ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)   ['CAI eTrust Antivirus', 'etrust-wrapper',     '-arc -nex -spm h {}', [0], [101],     qr/is infected by virus: (.+)/ ],     # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer     # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783    ### http://mks.com.pl/english.html   ['MkS_Vir for Linux (beta)', ['mks32','mks'],     '-s {}/*', [0], [1,2],     qr/--[ \t]*(.+)/ ],    ### http://mks.com.pl/english.html   ['MkS_Vir daemon', 'mksscan',     '-s -q {}', [0], [1..7],     qr/^... (\S+)/ ],    ### http://www.nod32.com/   ['ESET Software NOD32', 'nod32',     '-all -subdir+ {}', [0], [1,2],     qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],    ### http://www.nod32.com/   ['ESET Software NOD32 - Client/Server Version', 'nod32cli',     '-a -r -d recurse --heur standard {}', [0], [10,11],     qr/^\S+\s+infected:\s+(.+)/ ],  # Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 # ['ESET Software NOD32 Client/Server (NOD32SS)', #   \&ask_daemon2,    # greets with 200, persistent, terminate with QUIT #   ["SCAN {}/*\r\n", '127.0.0.1:8448' ], #   qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],    ### http://www.norman.com/products_nvc.shtml   ['Norman Virus Control v5 / Linux', 'nvcc',     '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],     qr/(?i).* virus in .* -> \'(.+)\'/ ],    ### http://www.pandasoftware.com/   ['Panda Antivirus for Linux', ['pavcl'],     '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',     qr/Number of files infected[ .]*: 0+(?!\d)/,     qr/Number of files infected[ .]*: 0*[1-9]/,     qr/Found virus :\s*(\S+)/ ],  # ### http://www.pandasoftware.com/ # ['Panda Antivirus for Linux', ['pavcl'], #   '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', #   [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], #   qr/Found virus :\s*(\S+)/ ],  # GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. # Check your RAV license terms before fiddling with the following two lines! # ['GeCAD RAV AntiVirus 8', 'ravav', #   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ], # # NOTE: the command line switches changed with scan engine 8.5 ! # # (btw, assigning stdin to /dev/null causes RAV to fail)    ### http://www.nai.com/   ['NAI McAfee AntiVirus (uvscan)', 'uvscan',     '--secure -rv --mime --summary --noboot - {}', [0], [13],     qr/(?x) Found (?:         \ the\ (.+)\ (?:virus|trojan)  |         \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |         :\ (.+)\ NOT\ a\ virus)/,   # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},   # sub {delete $ENV{LD_PRELOAD}},   ],   # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before   # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6   # and then clear it when finished to avoid confusing anything else.   # NOTE2: to treat encrypted files as viruses replace the [13] with:   #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/    ### http://www.virusbuster.hu/en/   ['VirusBuster', ['vbuster', 'vbengcl'],     # VirusBuster Ltd. does not support the daemon version for the workstation     # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of     # binaries, some parameters AND return codes have changed (from 3 to 1).     "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],     qr/: '(.*)' - Virus/ ],  # ### http://www.virusbuster.hu/en/ # ['VirusBuster (Client + Daemon)', 'vbengd', #   # HINT: for an infected file it always returns 3, #   # although the man-page tells a different story #   '-f -log scandir {}', [0], [3], #   qr/Virus found = (.*);/ ],    ### http://www.cyber.com/   ['CyberSoft VFind', 'vfind',     '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,   # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},   ],    ### http://www.ikarus-software.com/   ['Ikarus AntiVirus for Linux', 'ikarus',     '{}', [0], [40], qr/Signature (.+) found/ ],    ### http://www.bitdefender.com/   ['BitDefender', 'bdc',     '--all --arc --mail {}', qr/^Infected files *:0+(?!\d)/,     qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,     qr/(?:suspected|infected): (.*)(?:\033|$)/ ],  # ### example: fully-fledged checker for JPEG marker segments of invalid length # ['check-jpeg', #   sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) }, #   ["{}/*"], [0], [1], qr/^(bad jpeg: .*)$/ ], # # NOTE: place file JpegTester.pm somewhere where Perl can find it, # #       for example in /usr/local/lib/perl5/site_perl  # ### example: simpleminded checker for JPEG marker segments of invalid length # ### (only checks first 32k, which is not thorough enough) # ['check-jpeg-simple', #   sub { Amavis::AV::ask_av(sub { #     my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg'); #     open(FF,$f) or die "jpeg: open err $f: $!"; #     binmode(FF) or die "jpeg: binmode err $f: $!"; #     defined read(FF,$_,32000) or die "jpeg: read err $f: $!"; #     close(FF) or die "jpeg: close err $f: $!"; #     if (/^\xff\xd8\xff/) { #       @r=(0,'jpeg ok'); #       while (!/\G(?:\xff\xd9|\z)/gc) {          # EOI or eof #         if (/\G\xff+(?=\xff|\z)/gc) {}          # fill-bytes before marker #         elsif (/\G\xff([\x01\xd0-\xd8])/gc) {}  # TEM, RSTi, SOI #         elsif (/\G\xff([^\x00\xff])(..)/gcs) {  # marker segment start #           my($n)=unpack("n",$2)-2; #           $n=32766 if $n>32766;  # Perl regexp limit #           if ($n<0) {@r=(1,"bad jpeg: len=$n, pos=".pos); last} #           elsif (/\G.{$n}/gcs) {}          # ok #           elsif (/\G.{0,$n}\z/gcs) {last}  # truncated #           else {@r=(1,"bad jpeg: unexpected, pos=".pos); last} #         } #         elsif (/\G[^\xff]+/gc)      {}  # ECS #         elsif (/\G(?:\xff\x00)+/gc) {}  # ECS #         else {@r=(2,"bad jpeg: unexpected char, pos=".pos); last} #       } #     }; @r}, @_) }, #   ["{}/*"], [0], [1], qr/^(bad jpeg: .*)$/ ],  );   # If no virus scanners from the @av_scanners list produce 'clean' nor # 'infected' status (i.e. they all fail to run or the list is empty), # then _all_ scanners from the @av_scanners_backup list are tried # (again, subject to $first_infected_stops_scan). When there are both # daemonized and equivalent or similar command-line scanners available, # it is customary to place slower command-line scanners in the # @av_scanners_backup list. The default choice is somewhat arbitrary, # move entries from one list to another as desired, keeping main scanners # in the primary list to avoid warnings.  @av_scanners_backup = (    ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV   ['ClamAV-clamscan', 'clamscan',     "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],     qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],    ### http://www.f-prot.com/   - backs up F-Prot Daemon   ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],     '-dumb -archive -packed {}', [0,8], [3,6],     qr/Infection: (.+)/ ],    ### http://www.trendmicro.com/   - backs up Trophie   ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],     '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],    ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD   ['drweb - DrWeb Antivirus',     ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],     '-path={} -al -go -ot -cn -upn -ok-',     [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'],    ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],     '-i1 -xp {}', [0,10,15], [5,20,21,25],     qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,     sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},     sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},   ],  # Commented out because the name 'sweep' clashes with Debian and FreeBSD # package/port of an audio editor. Make sure the correct 'sweep' is found # in the path when enabling. # # ### http://www.sophos.com/   - backs up Sophie or SAVI-Perl # ['Sophos Anti Virus (sweep)', 'sweep', #   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}', #   [0,2], qr/Virus .*? found/, #   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/, # ], # # other options to consider: -mime -oe -idedir=/usr/local/sav  # always succeeds (uncomment to consider mail clean if all other scanners fail) # ['always-clean', sub {0}],  );   # # ============================================================================= # Section VIII - Debugging # ============================================================================= #  # The most useful debugging tool is to run amavisd-new non-detached # from a terminal window using command:  # amavisd debug  # Some more refined approaches:  # If sender matches ACL, turn debugging fully up, just for this one message #@debug_sender_maps = ( ["test-sender\@$mydomain"] ); #@debug_sender_maps = ( [qw( debug@example.com debug@example.net )] );  # May be useful along with @debug_sender_maps: # Prevent all decoded originals being deleted (replaced by decoded part) #@keep_decoded_original_maps = (1);  # Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug') $sa_debug = 1;            # defaults to false   # # ============================================================================= # Section IX - Policy banks (dynamic policy switching) # ============================================================================= #  ## Define some policy banks (sets of settings) and give them ## arbitrary names (the '' and 'MYNETS' have special meaning): # # $policy_bank{'ALT'} = { #   log_level => 3, #   inet_acl => [qw( 10.0.1.14 )], #   final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS, #   forward_method => 'smtp:*:*', #   notify_method  => 'smtp:[127.0.0.1]:10025', #   virus_admin_maps => "abuse\@$mydomain", #   spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@example.com )]], #   spam_tag_level_maps  => 2.1, #   spam_tag2_level_maps => 6.32, #   spam_kill_level_maps => 6.72, #   spam_dsn_cutoff_level_maps => 9, #   defang_spam => 1, #   local_client_bind_address => '10.11.12.13', #   localhost_name => 'amavis.example.com', #   smtpd_greeting_banner => #     '${helo-name} ${protocol} ${product} ${version-id} (${version-date}) TEST service ready'; #   auth_mech_avail => [qw(PLAIN LOGIN)], #   auth_required_inp => 1, #   auth_required_out => 1, #   amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX', #   av_scanners => [  # provide only 'free' scanners #     ['ClamAV-clamd', #       \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], #       qr/\bOK$/, qr/\bFOUND$/, #       qr/^.*?: (?!Infected Archive)(.*) FOUND$/, #     ], #   ], #   av_scanners_backup => [ #     ['ClamAV-clamscan', 'clamscan', #       "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], #       qr/^.*?: (?!Infected Archive)(.*) FOUND$/, #     ], #   ], # };  # NOTE: the use of policy banks for changing protocol on the input socket is # only needed when different protocols need to be spoken on different sockets # at the same time. For normal use just set e.g.: $protocol='AM.PDP'; # # $policy_bank{'AM.PDP'} = { #   log_level => 3, #   protocol=>'AM.PDP', # Amavis policy delegation protocol (new milter helper) # };  ## the name 'MYNETS' has special semantics: this policy bank gets loaded ## whenever MTA supplies the original SMTP client IP address (Postfix XFORWARD ## extension or a new AM.PDP protocol) and that address matches @mynetworks. # # $policy_bank{'MYNETS'} = {  # mail originating from @mynetworks #   spam_kill_level_maps => 6.9, #   spam_admin_maps => ["spamalert\@$mydomain"],  # alert of internal spam #   bypass_spam_checks_maps   => [1],  # or: don't spam-check internal mail #   bypass_banned_checks_maps => [1],  # don't banned-check internal mail # };   ## Now we can assign policy banks to amavisd tcp port numbers listed in ## $inet_socket_port. Whenever the connection from MTA is received, first ## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in ## all the global/legacy settings, then it gets overlaid by the bank ## named in the $interface_policy{$port} if any, and finally the bank ## 'MYNETS' is overlaid if it exists and the SMTP client IP address ## is known (by XFORWARD command from MTA) and it matches @mynetworks.  # $interface_policy{'10026'} = 'ALT'; # $interface_policy{'9998'} = 'AM.PDP'; # $interface_policy{'SOCK'} = 'AM.PDP';  #------------- 1;  # insure a defined return

########################################################