rmilter.conf

# Sample config file for rmilter
# $Id$
#

# .include - directive to include other config file
#.include ./rmilter-grey.conf

# pidfile - path to pid file
# Default: pidfile = /var/run/rmilter.pid

pidfile = /var/run/rmilter/rmilter.pid;

#clamav {
#	# servers - clamav socket definitions in format:
#	# /path/to/file
#	# host[:port]
#	# sockets are separated by ','
#	# Default: empty
#	#servers = clam1.example.com, clam2.example.com;
#	# connect_timeout - timeout in miliseconds for connecting to clamav
#	# Default: 1s
#	connect_timeout = 1s;
#
#	# port_timeout - timeout in miliseconds for waiting for clamav port response
#	# Default: 4s
#	port_timeout = 4s;
#
#	# results_timeout - timeout in miliseconds for waiting for clamav response
#	# Default: 20s
#	results_timeout = 20s;
#
#	# error_time - time in seconds during which we are counting errors
#	# Default: 10
#	error_time = 10;
#
#	# dead_time - time in seconds during which we are thinking that server is down
#	# Default: 300
#	dead_time = 300;
#
#	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
#	# this upstream is dead
#	# Default: 10
#	maxerrors = 10;
#};

spamd {
	# servers - spamd socket definitions in format:
	# /path/to/file
	# host[:port]
	# sockets are separated by ','
	# is server name is prefixed with r: it is rspamd server
	# Default: empty
	servers = r:localhost:11333;

	# also_check - extra spamd servers to check
	#also_check = r:clam10.example.com;

	# diff_dir - path where to write messages that have different results from main and extra checks
	#diff_dir = /var/run/rmilter/diffmsg;

	# connect_timeout - timeout in miliseconds for connecting to spamd
	# Default: 1s
	connect_timeout = 1s;

	# results_timeout - timeout in miliseconds for waiting for spamd response
	# Default: 20s
	results_timeout = 20s;

	# error_time - time in seconds during which we are counting errors
	# Default: 10
	error_time = 10;

	# dead_time - time in seconds during which we are thinking that server is down
	# Default: 300
	dead_time = 300;

	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
	# this upstream is dead
	# Default: 10
	maxerrors = 10;

	# reject_message - reject message for spam
	# Default: "Spam message rejected; If this is not spam contact abuse team"
	reject_message = "message rejected; if you're not spamming please contact abuse at kaworu.ch";

	# whitelist - list of ips or nets that should be not checked with spamd
	# Default: empty
	whitelist = 127.0.0.1/32, 192.168.0.0/16;

	# rspamd_metric - metric for using with rspamd
	# Default: "default"
	rspamd_metric = "default";

	spamd_soft_fail = yes;
	spamd_greylist = yes;
	# For using in the personal email
	extended_spam_headers = yes;
};

#memcached {
#	# servers_grey - memcached servers for greylisting in format:
#	# host[:port][, host[:port]]
#	# It is possible to make memcached mirroring, its syntax is {server1, server2}
#	servers_grey = localhost;
#
#	# servers_white - memcached servers for whitelisting in format similar to that is used
#	# in servers_grey
#	servers_white = localhost;
#
#	# servers_limits - memcached servers used for limits storing, can not be mirrored
#	servers_limits = localhost;
#
#	# servers_id - memcached servers used for message id storing, can not be mirrored
#	servers_id = localhost;
#
#	# id_prefix - prefix for extracting message ids from memcached
#	# Default: empty (no prefix is prepended to key)
#	id_prefix = "message_id.";
#
#	# grey_prefix - prefix for extracting greylisted records from memcached
#	# Default: empty (no prefix is prepended to key)
#	grey_prefix = "grey.";
#
#	# id_prefix - prefix for extracting whitelisted records from memcached
#	# Default: empty (no prefix is prepended to key)
#	white_prefix = "white.";
#
#	# connect_timeout - timeout in miliseconds for waiting for memcached
#	# Default: 1s
#	connect_timeout = 1s;
#
#	# error_time - time in seconds during which we are counting errors
#	# Default: 10
#	error_time = 10;
#
#	# dead_time - time in seconds during which we are thinking that server is down
#	# Default: 300
#	dead_time = 300;
#
#	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
#	# this upstream is dead
#	# Default: 10
#	maxerrors = 10;
#
#	# protocol - protocol that is using for connecting to memcached (tcp or udp)
#	# Default: udp
#	protocol = tcp;
#};

# bind_socket - socket credits for local bind:
# unix:/path/to/file - bind to local socket
# inet:port@host - bind to inet socket
# Default: bind_socket = unix:/var/tmp/rmilter.sock;

bind_socket = unix:/var/run/rmilter/rmilter.sock;
#bind_socket = inet:11330@localhost;

# tempdir - path to directory that contains temporary files
# Default: $TMPDIR

tempdir = /tmp;

# max_size - maximum size of scanned mail with clamav and dcc
# Default: 0 (no limit)

max_size = 10M;

# strict_auth - strict checks for mails from authenticated senders
# Default: no

strict_auth = no;

# spf_domains - path to file that contains hash of spf domains
# Default: empty

#spf_domains = example.com, mail.ru;

# use_dcc - whether use or not dcc system
# Default: no

#use_dcc = yes;

# rule definition:
# rule {
#	accept|discard|reject|tempfail|quarantine "[message]"; <- action definition
#	[not] connect <regexp> <regexp>; <- conditions
#	helo <regexp>;
#	envfrom <regexp>;
#	envrcpt <regexp>;
#	header <regexp> <regexp>;
#	body <regexp>;
# };

# limits section
limits {
	# Whitelisted ip or networks
	#limit_whitelist = 194.67.45.4/32;
	# Whitelisted recipients
	limit_whitelist_rcpt =  postmaster, mailer-daemon;
	# Addrs for bounce checks
	limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon;
	# Limit for bounce mail
	limit_bounce_to = 5:0.000277778;
	# Limit for bounce mail per one source ip
	limit_bounce_to_ip = 5:0.000277778;
	# Limit for all mail per recipient
	limit_to = 20:0.016666667;
	# Limit for all mail per one source ip
	limit_to_ip = 30:0.025;
	# Limit for all mail per one source ip and from address
	limit_to_ip_from = 100:0.033333333;
};

##beanstalk {
#	# List of beanstalk servers, random selected
#	#servers = bot01.example.com:3132;
#
#	# Address of server to which rmilter should send all messages copies
#	#copy_server = somehost:13333;
#
#	# Address of server to which rmilter should send spam messages copies
#	#spam_server = otherhost:13333;
#
#	# Beanstalk protocol
#	protocol = tcp;
#	# Time to live for task in seconds
#	lifetime = 172800;
#	# Regexp that define for which messages we should put the whole message to beanstalk
#	# now only In-Reply-To headers are checked
#	id_regexp = "/^SomeID.*$/";
#	# Flags for sending beanstalk copies
#	send_beanstalk_headers = yes;
#	send_beanstalk_copy = yes;
#	send_beanstalk_spam = yes;
#};

#greylisting {
#	timeout = 300s;
#	expire = 3d;
#	whitelist = 127.0.0.1,
#				192.168.1.1,
#				192.168.2.0/24;
#	awl_enable = yes;
#	awl_pool = 10M;
#	awl_hits = 10;
#	awl_ttl = 3600s;
#};

#dkim {
#	# Sample for dkim specific keys
#	# domain {
#	#   key = /etc/dkim/dkim_example.key;
#	#   domain = "example.com";
#	#	selector = "dkim";
#	# };
#	# domain {
#	#   key = /etc/dkim/dkim_test.key;
#	#   domain = "test.com";
#	#	selector = "dkim";
#	# };
#	# Universal selector, keys will be checked for pattern /etc/dkim/<domain>.<selector>.key
#    domain {
#		key = /usr/local/etc/dkim;
#		domain = "*";
#		selector = "dkim";
#	};
#	header_canon = relaxed;
#	body_canon = relaxed;
#	sign_alg = sha256;
#};