From owner-freebsd-ports-bugs@FreeBSD.ORG Mon May 9 15:40:09 2005
Return-Path: the name of a fi@
-\ No newline at end of file
-+ the name of a file containing a list of directory names,
-+which can in turn contain wildcards. Example:
-+/usr/local/etc/MailScanner/mqueue.in.list.conf Outgoing Queue Dir Default: /var/spool/mqueue Directory in which MailScanner should place scanned
-+e−mail messages. This can also be the filename of a
-+ruleset. Incoming work dir Default: /opt/MailScanner/var/incoming Directory in which to temporarily store unpacked MIME
-+messages during scanning process. Quarantine Dir Default: /opt/MailScanner/var/quarantine Set where to store infected messages and attachments (if
-+they are kept). This can also be the filename of a
-+ruleset. PID file Default: /opt/MailScanner/var/MailScanner.pid Set where to store the process id number so you can stop
-+MailScanner. In the FreeBSD port this should remain
-+/var/run/MailScanner.pid in order for the start/stop script
-+to work. Restart Every Default: 14400 To avoid resource leaks the MailScanner parent process
-+stops and restarts its child processes from time to time.
-+Set the amount of seconds each child process is supposed to
-+live here. MTA Default: sendmail MailScanner works with sendmail and exim. Since the queue
-+handling differs a bit, you have to tell MailScanner which
-+MTA you are using. Valid options are sendmail and exim. Sendmail Default: /usr/lib/sendmail Set how to invoke MTA when sending messages MailScanner
-+has created (e.g. to sender/recipient saying "found a
-+virus in your message"). This can also be the filename
-+of a ruleset. Sendmail2 Default: same value as the Sendmail setting Sendmail2 is provided for exim users. It is the command
-+used to attempt delivery of outgoing cleaned/disinfected
-+messages. This is not usually required for sendmail. You should not normally need to touch these settings at
-+all, unless you are using ClamAV and need to be able to use
-+the external archive unpackers instead of ClamAV’s
-+built−in ones. Incoming Work User Default: If you want to create the temporary working files so they
-+are owned by a user other than the "Run As User"
-+setting, you can change that here. Note: If the "Run As
-+User" is not "root" then you cannot change
-+the user but may still be able to change the group, if the
-+"Run As User" is a member of both of the groups
-+"Run As Group" and "Incoming Work
-+Group". Incoming Work Group Default: If you want to create the temporary working files so they
-+are owned by a group other than the "Run As User"
-+setting, you can change that here. Note: If the "Run As
-+User" is not "root" then you cannot change
-+the user but may still be able to change the group, if the
-+"Run As User" is a member of both of the groups
-+"Run As Group" and "Incoming Work
-+Group". Incoming Work Permissions Default: 0600 If you want processes running under the same *group* as
-+MailScanner to be able to read the working files (and list
-+what is in the directories, of course), set to 0640. If you
-+want *all* other users to be able to read them, set to 0644.
-+For a detailed description, if you’re not already
-+familiar with it, refer to ‘man 2 chmod‘.
-+Typical use: external helper programs of virus scanners
-+(notably ClamAV), like unpackers. Use with care, you may
-+well open security holes.
-
-
--
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+Default FreeBSD: /var/spool/MailScanner/incoming
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+Default FreeBSD: /var/spool/MailScanner/quarantine
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+Default FreeBSD: /var/run/MailScanner.pid
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+Default FreeBSD: /usr/sbin/sendmail
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+For Exim users this could be: Sendmail2 = /usr/sbin/exim
-+−C /usr/local/etc/exim/configure.outIncoming Work Dir Settings
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+Quarantine and Archive Settings
+@@ -120,13 +120,15 @@
+ directories within the MailScanner installation and in the
+ section "RULESETS" later in this manpage.
The options are best listed in a few categories. This is +-also the order in which you will find them in the +-MailScanner.conf file. If this list looks very large then +-don’t worry, the supplied MailScanner.conf file (or +-MailScanner.conf.sample) contains sensible defaults for all +-the values. You will probably only need to change a very few +-of them to start with.
++The options are best listed in a few categories. If this ++list looks very large then don’t worry, the supplied ++MailScanner.conf file (or MailScanner.conf.sample) contains ++sensible defaults for all the values. You will probably only ++need to change a very few of them to start with.
+ -+-+ |
-+ If, for example, you are using a web interface so that -+users can manage their quarantined files, you might want to -+change the ownership and permissions of the quarantined so -+that they can be read and/or deleted by the web server. -+Don’t touch this unless you know what you are -+doing! -+ |
-+
Starting with version 4.40.10 of MailScanner you can use ++shell environment variables such as $HOSTNAME or ${HOSTNAME} ++in MailScanner.conf and its relatives.
+ +You should define the following variables:
+ +@@ -220,6 +222,54 @@ + headers. + + + ++ |
-+ Quarantine User |
++
+ |
-+ Default: ++Default: Your Organisation Name Here + -+If you want to create the quarantine/archive so the files -+are owned by a user other than the "Run As User" -+setting at the top of this file, you can change that here. -+Note: If the "Run As User" is not "root" -+then you cannot change the user but may still be able to -+change the group, if the "Run As User" is a member -+of both of the groups "Run As Group" and -+"Quarantine Group". ++Enter the full name of your organisation below, this is ++used in the signature placed at the bottom of report ++messages sent by MailScanner. It can include pretty much any ++text you like. You can make the result span several lines by ++including "0 sequences in the text. These will be ++replaced by line−breaks. + |
+
Quarantine Group
%web−site%
+ + ++ |
-+ Default: ++Default: www.your−organisation.com + -+If you want to create the quarantine/archive so the files -+are owned by a user other than the "Run As User" -+setting at the top of this file, you can change that here. -+Note: If the "Run As User" is not "root" -+then you cannot change the user but may still be able to -+change the group, if the "Run As User" is a member -+of both of the groups "Run As Group" and -+"Quarantine Group". ++Enter the location of your organisation’s web site ++below. This is used in the signature placed at the bottom of ++report messages sent by MailScanner. It should preferably be ++the location of a page that you have written explaining why ++you might have rejected the mail and what the recipient ++and/or sender should do about it. + |
+
-+ |
-+ Quarantine Permissions |
+
+
+ |
++ Unrar Command |
+
+ |
-+ Default: 0600 ++Default: /usr/bin/unrar + -+If you want processes running under the same *group* as -+MailScanner to be able to read the quarantined files (and -+list what is in the directories, of course), set to 0640. If -+you want *all* other users to be able to read them, set to -+0644. For a detailed description, if you’re not -+already familiar with it, refer to ‘man 2 -+chmod‘. Typical use: let the webserver have access to -+the files so users can download them if they really want to. -+Use with care, you may well open security holes. ++Where the "unrar" command is installed. If you ++haven’t got this command, look at www.rarlab.com. This ++is used for unpacking rar archives so that the contents can ++be checked for banned filenames and filetypes, and also that ++the archive can be tested to see if it is ++password−protected. Virus scanning the contents of rar ++archives is still left to the virus scanner, with one ++exception: If using the clavavmodule virus scanner, this ++adds external RAR checking to that scanner which is needed ++for archives which are RAR version 3. + |
+
+ |
-+ Max Unscanned Bytes Per Scan |
++
+ |
-+ Default: 100000000 -+ -+MailScanner handles messages in batches for efficiency. -+Messages are gathered (in strict date order) from the -+incoming queue directory, one at a time, until this or one -+of the following three limits is reached or the queue is -+empty. ++Default: 50 + -+This setting limits the total size of messages per batch -+for which no scanning is done (i.e. Virus Scanning = -+no). ++The maximum length of time the "unrar" command ++is allowed to run for 1 RAR archive (in seconds) + |
+
Max Unsafe Bytes per Scan
-+ |
-+ Default: 50000000 -+ -+This setting limits the total size of messages per batch -+for which scanning is done (i.e. Virus Scanning = yes). -+ |
-+
Block Encrypted Messages
+ + +@@ -1638,6 +1736,90 @@ + scanner, not the "clamav" scanner setting. + + + ++ |
-+ Max Unscanned Messages Per Scan |
++
+ |
-+ Default: 100 ++Default: 5 + -+This setting limits the total number of messages per -+batch for which no scanning is done (i.e. Virus Scanning = -+no). ++ClamAVModule only: The maximum recursion level of ++archives. This setting *cannot* be the filename of a ++ruleset, only a simple number. + |
+
Max Unsafe Messages per Scan
ClamAVmodule Maximum Files
+ + +-+ |
-+ Max Normal Queue Size |
-+
-+ |
-+ Default: 1000 -+ -+If more messages are found in the queue than this, then -+switch to an "accelerated" mode of processing -+messages. This will cause it to stop scanning messages in -+strict date order, but in the order it finds them in the -+queue. If your queue is bigger than this size a lot of the -+time, then some messages could be greatly delayed. So treat -+this option as "in emergency only". ++ClamAVModule only: The maximum number of files per batch. ++This setting *cannot* be the filename of a ruleset, only a ++simple number. + |
+
Maximum Attachments Per Message
ClamAVmodule Maximum File Size
+ + ++ |
-+ Default: 200 ++Default: 10000000 + -+The maximum number of attachments allowed in a message -+before it is considered to be an error. Some email systems, -+if bouncing a message between 2 addresses repeatedly, add -+information about each bounce as an attachment, creating a -+message with thousands of attachments in just a few minutes. -+This can slow down or even stop MailScanner as it uses all -+available memory to unpack these thousands of attachments. -+This can also be the filename of a ruleset. ++ClamAVModule only: The maximum file of each file (Default ++= 10MB). This setting *cannot* be the filename of a ruleset, ++only a simple number. + |
+
Expand TNEF
ClamAVmodule Maximum Compression Ratio
+ + ++ |
-+ Default: yes ++Default: 250 + -+TNEF is primarily used by Microsoft programs such as -+Outlook and Outlook Express when mails are formatted/sent in -+Rich−Text−Format. Attachments are all put -+together in one WINMAIL.DAT file. -+ -+Should we use a TNEF decoder (external or Perl module)? -+This should be "yes" unless the scanner you are -+using (Sophos, McAfee) has the facility built−in. -+However, if you set it to "no", then the filenames -+within the TNEF attachment will not be checked against the -+filename rules. ++ClamAVModule only: The maximum compression ration of ++archives. This setting *cannot* be the filename of a ++ruleset, only a simple number. + |
+
-+ |
-+ Deliver Unparsable TNEF |
+
+
+ |
++ Phishing Safe Sites File |
+
+ |
-+ Default: no ++Default: %etc−dir%/phishing.safe.sites.conf + -+Rich Text format attachments produced by some versions of -+Microsoft Outlook cannot be completely decoded at present. -+Setting this option to yes allows compatibility with the -+behaviour of earlier versions where these attachments were -+still delivered. This would introduce the slight chance of a -+virus getting through in the segment of the attachment that -+could not be decoded, but the setting may be necessary if -+you have a large number of Microsoft Outlook users who are -+troubled by the new behaviour. ++There are some companies, such as banks, that insist on ++sending out email messages with links in them that are ++caught by the "Find Phishing Fraud" test described ++above. This is the name of a file which contains a list of ++link destinations which should be ignored in the test. This ++may, for example, contain the known websites of some banks. ++See the file itself for more information. This can only be ++the name of the file containing the list, it *cannot* be the ++filename of a ruleset. + |
+
TNEF Expander
-+ |
-+ Default: /opt/MailScanner/bin/tnef Full pathname giving location of the MS−TNEF -+expander/decoder program, or the keyword internal which will -+force use of the optional Perl Convert::TNEF module instead -+of the external program. +Allow IFrame Tags |
+
Log all occurrences of "Silent Viruses" as + defined above? This can only be a simple yes/no value, not a + ruleset.
+ + + @@ -624,7 +277,7 @@ +TNEF Timeout
Log Dangerous HTML Tags
+ + ++ |
-+ Default: 120 -+ -+The maximum length of time (in seconds) the TNEF Expander -+is allowed to run for diassembling one attachment. -+ |
-+
-+ |
-+ File Command |
-+
-+ |
-+ Default: /usr/bin/file -+ -+Where the "file" command is installed. This is -+used for checking the content type of files, regardless of -+their filename. To disable Filetype checking, set this value -+to blank. -+ |
-+
-+ |
-+ File Timeout |
-+
-+ |
-+ Default: 20 -+ -+The maximum length of time the "file" command -+is allowed to run for one batch of messages (in -+seconds). -+ |
-+
-+ |
-+ Block Encrypted Messages |
-+
-+ |
-+ Default: no -+ -+This is inteded for use with a ruleset to ensure that -+none of your users is covertly mailing sites with which you -+would not normally communicate (e.g. your competitors). If -+this is set to yes (or the ruleset evaluates to yes) -+encrypted messages are blocked. -+ |
-+
-+ |
-+ Block Unencrypted Messages |
-+
-+ |
-+ Default: no -+ -+This is intended for use with a ruleset to ensure that -+mail is always encrypted before being sent. This could be -+used to ensure that mail to your business partners is sent -+securely. -+ |
-+
-+ |
-+ Allow Password−Protected Archives |
-+
-+ |
-+ Default: no -+ -+Should archives which contain any -+password−protected files be allowed? Leaving this set -+to "no" is a good way of protecting against all -+the protected zip files used by viruses at the moment. This -+can also be the filename of a ruleset. -+ |
-+
-+ |
-+ Maximum Message Size |
-+
-+ |
-+ Default: 0 -+ -+The maximum size, in bytes, of any message including the -+headers. If this is set to zero, then no size checking is -+done. This can also be the filename of a ruleset, so you can -+have different settings for different users. You might want -+to set this quite small for dialup users so their email -+applications don’t time out downloading huge -+messages. -+ |
-+
-+ |
-+ Maximum Attachment Size |
-+
-+ |
-+ Default: −1 -+ -+The maximum size, in bytes, of any attachment in a -+message. If this is set to zero, effectively no attachments -+are allowed. If this is set less than zero, then no size -+checking is done. This can also be the filename of a -+ruleset, so you can have different settings for different -+users. You might want to set this quite small for large -+mailing lists so they don’t get deluged by large -+attachments. -+ |
-+
-+ |
-+ Maximum Archive Depth |
-+
-+ |
-+ Default: 3 -+ -+The maximum depth to which zip archives will be unpacked -+to allow for checking filenames and filetypes within zip -+archives. Setting this to 0 will disable -+filename/−type checks within zip files while still -+allowing to block password protected zip files. -+ |
-+
-+ |
-+ Find Archives By Content |
-+
-+ |
-+ Default: yes -+ -+Find zip archives by filename or by file contents? -+Finding them by content is a far more reliable way of -+finding them, but it does mean that you cannot tell your -+users to avoid zip file checking by renaming the file from -+".zip" to "_zip" and tricks like that. -+Only set this to no (i.e. check by filename only) if you -+don’t want to reliably check the contents of zip -+files. Note this does not affect virus checking, but it will -+affect all the other checks done on the contents of the zip -+file. This can also be the filename of a ruleset. -+ |
-+
-+ |
-+ Allowed Sophos Error Messages |
-+
-+ |
-+ Default: -+ -+Anything on the next line that appears in brackets at the
-+end of a line of output from Sophos will cause the
-+error/infection to be ignored. Use of this option is
-+dangerous, and should only be used if you are having trouble
-+with lots of corrupt PDF files, for example. This option
-+allows for multiple strings as well. In this case, the
-+strings should be put in double quotes (") and each
-+string separated with commas. Examples: The first version will match "corrupt format not -+supported" only. The second version will match -+"corrupt" and "format not -+supported". -+ |
-+
-+ |
-+ Sophos IDE Dir |
-+
-+ |
-+ Default: /usr/local/Sophos/ide -+ -+The directory (or a link to it) containing all the Sophos -+*.ide files. This is only used by the "sophossavi" -+virus scanner, and is irrelevant for all other scanners. -+ |
-+
-+ |
-+ Sophos Lib Dir |
-+
-+ |
-+ Default: /usr/local/Sophos/lib -+ -+The directory (or a link to it) containing all the Sophos -+*.so libraries.This is only used by the -+"sophossavi" virus scanner, and is irrelevant for -+all other scanners. -+ |
-+
-+ |
-+ Monitors For Sophos Updates |
-+
-+ |
-+ Default: /usr/local/Sophos/ide/*ides.zip -+ -+SophosSAVI only: monitor each of these files for changes -+in size to detect when a Sophos update has happened. The -+date of the Sophos Lib Dir is also monitored. This is only -+used by the "sophossavi" virus scanner, not the -+"sophos" scanner setting. -+ |
-+
-+ |
-+ Virus Scanning |
-+
-+ |
-+ Default: yes -+ -+Do you want to scan email for viruses? A few people
-+don’t have virus scanner licence and so want to
-+disable all the virus scanning. |
-+
-+ |
-+ Virus Scanners |
-+
-+ |
-+ Default: none -+ -+Which Virus Scanning package to use. Possible choices are -+sophos, sophossavi, mcafee, command, bitdefender, kaspersky, -+kaspersky−4.5, kavdaemonclient, inoculate, inoculan, -+nod32, nod32−1.99, f−secure, f−prot, -+panda, rav, antivir, clamav, clamavmodule, css, trend, -+norman, avg, vexira, symscanengine, generic, none (no virus -+scanning at all). This *cannot* be the filename of a -+ruleset. -+ -+Note for McAfee users: Do NOT use any symlinks with -+McAfee at all. It is very strange but McAfee may not detect -+all viruses when started from a symlink or scanning a -+directory path including symlinks. -+ -+Note: If you want to use multiple virus scanners, then -+this should be a space−separated list of virus -+scanners. -+ -+Note: Make sure that you check that the base installation -+directory in the 3rd column of virus.scanners.conf matches -+the location you have installed each of your virus scanners. -+The supplied virus.scanners.conf file assumes the default -+installation locations recommended by each of the virus -+scanner installation guides. -+ |
-+
-+ |
-+ Virus Scanner Timeout |
-+
-+ |
-+ Default: 300 -+ -+The maximum time (in seconds) that the cirus scanner is -+allowed to take to scan one batch of messages. -+ |
-+
-+ |
-+ Deliver Disinfected Files |
-+
-+ |
-+ Default: yes -+ -+Should infected attached documents be automatically -+disinfected and sent on to the original recipients? Less -+than 1% of viruses in the wild can be successfully -+disinfected,as macro viruses are now a rare occurrence. So -+the default has been changed to "no" as it gives a -+significant performance improvement. -+ |
-+
-+ |
-+ Silent Viruses |
-+
-+ |
-+ Default: HTML−IFrame All−Viruses -+ -+Messages whose virus reports contain any of the words -+listed here will be treated as "silent" viruses. -+No messages will be sent back to the senders of these -+viruses, and the delivery to the recipient of the message -+can be controlled by the next option "Still Deliver -+Silent Viruses". This is primarily designed for viruses -+such as "Klez" and "Bugbear" which put -+fake addresses on messages they send, so there is no point -+informing the sender of the message, as it won’t -+actually be them who sent it anyway. Other words that can be -+put in this list are the 5 special keywords -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ HTML−IFrame: inserting this will stop senders -+being warned about HTML Iframe tags, when they are not -+allowed. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ HTML−Codebase: inserting this will stop senders -+being warned about HTML Object Codebase tags, when they are -+not allowed. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ Zip−Password: inserting this will stop senders -+being warned about password−protected zip files when -+they are not allowd. This keyword is not needed if you -+include All−Viruses. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ All−Viruses: inserting this will stop senders -+being warned about any virus, while still allowing you to -+warn senders about HTML−based attacks. This includes -+Zip−Password so you don’t need to include -+both. -+ |
-+
-+ |
-+ The default of "All−Viruses" means that -+no senders of viruses will be notified (as the sender -+address is always forged these days anyway), but anyone who -+sends a message that is blocked for other reasons will still -+be notified. |
-+
-+ |
-+ Still Deliver Silent Viruses |
-+
-+ |
-+ Default: no -+ -+If this is set to yes then disinfected messsages that -+originally contained one of the "silent" viruses -+will still be delivered to the original recipients, even -+those addresses were chosen at random by the infected PC and -+do not correspond to anything a user intended to send. Set -+this to yes so that your users (and your management) -+appreciate how much MailScanner is doing to protect them, -+but set it to no if they complain a lot about receiving lots -+of virus warnings. -+ |
-+
-+ |
-+ Non−Forging Viruses |
-+
-+ |
-+ Default: Joke/ OF97/ WM97/ W97M/ -+ -+Strings listed here will be searched for in the output of -+the virus scanners. It works to achieve the opposite effect -+of the "Silent Viruses" listed above. If a string -+here is found in the output of the virus scanners, then the -+message will be treated as if it were not infected with a -+"Silent Virus". If a message is detected as both a -+silent virus and a non−forging virus, then the -+non−forging status will override the silent status. In -+simple terms, you should list virus names (or parts of them) -+that you know do *not* forge the From address. A good -+example of this is a document macro virus or a Joke program. -+Another word that can be put in this list is the special -+keyword "Zip−.Password". Inserting this will -+cause senders to be warned about password−protected -+zip files, whey they are not allowed. -+ |
-+
-+ |
-+ Monitors for ClamAV Updates |
-+
-+ |
-+ Default: /usr/local/share/clamav/*.cvd -+ -+ClamAVModule only: monitor each of these files for -+changes in size to detect when a ClamAV update has happened. -+This is only used by the "clamavmodule" virus -+scanner, not the "clamav" scanner setting. -+ |
-+
-+ |
-+ Allow Partial Messages |
-+
-+ |
-+ Default: no -+ -+Do you want to allow partial messages, which only contain
-+a fraction of the attachments, not the whole thing? There is
-+no way that "partial messages" can be scanned for
-+viruses properly, as only a fragment of the message is ever
-+processed, never the whole message at once. |
-+
-+ |
-+ Allow External Message Bodies |
-+
-+ |
-+ Default: no -+ -+There is a mechanism, very rarely used, in which the body
-+of a message is contained on a remote server, which the
-+user’s email application should download when it
-+displays the message. Currently, I am only aware of this
-+feature being supported by a few versions of Netscape, and
-+the only people who use it are the IETF. There is no way to
-+guarantee that the fetched file has no viruses in it, as
-+MailScanner never sees it. |
-+
-+ |
-+ Find Phishing Fraud |
-+
-+ |
-+ Default: yes -+ -+Do you want to check for "Phishing" attacks? -+These are attacks that look like a genuine email message -+from your bank, which contain a link to click on to take you -+to the web site where you will be asked to type in personal -+information such as your account number or credit card -+details. Except it is not the real bank’s web site at -+all, it is a very good copy of it run by thieves who want to -+steal your personal information or credit card details. -+These can be spotted because the real address of the link in -+the message is not the same as the text that appears to be -+the link. Note: This does cause significant extra load, -+particularly on systems receiving lots of spam such as -+secondary MX hosts. This *cannot* be the filename of a -+ruleset, it must be ’yes’ or -+’no’. -+ |
-+
-+ |
-+ Also Find Numeric Phishing |
-+
-+ |
-+ Default: yes -+ -+While detecting "Phishing" attacks, do you also -+want to point out links to numeric IP addresses. Genuine -+links to totally numeric IP addresses are very rare, so this -+option is set to "yes" by default. If a numeric IP -+address is found in a link, the same phishing warning -+message is used as in the Find Phishing Fraud option above. -+This value cannot be the name of a ruleset, only a simple -+yes or no. -+ |
-+
-+ |
-+ Allow IFrame Tags |
-+
-+ |
-+ Default: no -+ -+Do you want to allow HTML <IFrame> tags in email -+messages? This is not a good idea as it allows various -+Microsoft Outlook security vulnerabilities to go -+unprotected, but if you have a load of mailing lists sending -+them, then you will want to allow them to keep your users -+happy. This can also be the filename of a ruleset, so you -+can allow them from known mailing lists but ban them from -+everywhere else. Possible Values: -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ yes => Allow these tags to be in the message -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ no => Ban messages containing these tags -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ disarm => Allow these tags, but stop these tags from -+working -+ |
-+
-+ |
-+ Log IFrame Tags |
-+
-+ |
-+ Default: no |
-+
-+ |
-+ You may receive complaints from your users that HTML -+mailing lists they subscribe to have been stopped by the -+"Allow IFrame Tags" option above. So before you -+use the option above, set this option to "yes" and -+MailScanner will log the senders all messages which contain -+IFrame tags. You can then setup a ruleset for the option -+above which will allow IFrame tags in messages sent by well -+known (and trusted) mailing lists, while banning them from -+everywhere else. -+ |
-+
-+ |
-+ Allow Form Tags |
-+
-+ |
-+ Default: disarm -+ -+Do you want to allow <Form> tags in email messages? -+This is a bad idea as these are used as scams to persuade -+people to part with credit card information and other -+personal data. This can also be the filename of a ruleset. -+Possible values: -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ yes => Allow these tags to be in the message -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ no => Ban messages containing these tags -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ disarm => Allow these tags, but stop these tags from -+working -+ |
-+
-+ |
-+ Allow Script Tags |
-+
-+ |
-+ Default: no |
-+
-+ |
-+ Do you want to allow <Script> tags in email -+messages? This is a bad idea as these are used to exploit -+vulnerabilities in email applications and web browsers. This -+can also be the filename of a ruleset. Possible -+values: |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ yes => Allow these tags to be in the message -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ no => Ban messages containing these tags -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ disarm => Allow these tags, but stop these tags from -+working -+ |
-+
-+ |
-+ Allow WebBugs |
-+
-+ |
-+ Default: disarm |
-+
-+ |
-+ Do you want to allow <Img> tags with very small -+images in email messages? This is a bad idea as these are -+used as ’web bugs’ to find out if a message has -+been read. It is not dangerous, it is just used to make you -+give away information. This can also be the filename of a -+ruleset. Possible values: |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ yes => Allow these tags to be in the message -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ no => Ban messages containing these tags -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ disarm => Allow these tags, but stop these tags from -+working -+ |
-+
-+ |
-+ Allow Object Codebase Tags |
-+
-+ |
-+ Default: no |
-+
-+ |
-+ Do you want to allow <Object Codebase=...> tags in -+email messages? This is a bad idea as it leaves you -+unprotected against various Microsoft−specific -+security vulnerabilities. But if your users demand it, you -+can do it. This can also be the filename of a ruleset. -+Possible values: |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ yes => Allow these tags to be in the message -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ no => Ban messages containing these tags -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ disarm => Allow these tags, but stop these tags from -+working -+ |
-+
-+ |
-+ Convert Dangerous HTML To Text |
-+
-+ |
-+ Default: no |
-+
-+ |
-+ This option interacts with the "Allow ... Tags" -+options above like this: -+ -+Allow...Tags Convert Danger... Action If an "Allow ... Tags = yes" is triggered by a -+message, and this "Convert Dangerous HTML To Text" -+is set to "yes", then the HTML message will be -+converted to plain text. This makes the HTML harmless, while -+still allowing your users to see the text content of the -+messages. Note that all graphical content will be -+removed. -+ |
-+
-+ |
-+ Convert HTML To Text |
-+
-+ |
-+ Default: no -+ -+If you have users who are children, or who are offended -+by things like pornographic spam email, you can protect them -+by converting incoming HTML email messages into plain text. -+HTML attachments will not be affected. You could set this to -+be a ruleset so you only convert messages addressed to some -+of your users, or not convert messages from some known -+trusted sources. This can be essential if you have a -+"duty of care" for some of your users. -+ |
-+
-+ |
-+ Allow Form Tags |
-+
-+ |
-+ Default: no -+ -+Do you want to allow <Form> tags in email messages? -+This is a bad idea as these are used as scams to pursuade -+people to part with credit card information and other -+personal data. This can also be the filename of a -+ruleset. -+ |
-+
-+ |
-+ Filename Rules |
-+
-+ |
-+ Default: %etc−dir%/filename.rules.conf -+ -+File in which to store the attachment filename ruleset. -+This can be a ruleset allowing different filename rules to -+apply to different users or domains. The syntax of this file -+is described in section "Attachment Filename -+Ruleset". -+ |
-+
-+ |
-+ Filetype Rules |
-+
-+ |
-+ Default: %etc−dir%/filetype.rules.conf -+ -+Set where to find the attachment filetype ruleset. The -+structure of this file is explained elsewhere, but it is -+used to accept or reject file attachments based on their -+content as determined by the "file" command, -+regardless of whether they are infected or not. This can -+also point to a ruleset, but the ruleset filename must end -+in ".rules" so that MailScanner can determine if -+the filename given a ruleset or not! -+ |
-+
-+ |
-+ Quarantine Infections |
-+
-+ |
-+ Default: yes -+ -+Set this to store infected / dangerous attachments in -+directories created under the quarantine directory. Without -+this, they will be deleted. Due to laws on privacy and data -+protection in your country, you may be forced to set this to -+"no". -+ |
-+
-+ |
-+ Quarantine Silent Viruses |
-+
-+ |
-+ Default: yes -+ -+There is no point quarantining most viruses these days, -+so if you set this to "no" then no infections -+listed in your "Silent Viruses" setting will be -+quarantined, even if you have chosen to quarantine -+infections in general. This is currently set to -+"yes" so the behaviour is the same as it was in in -+previous versions. This can also be the filename of a -+ruleset. -+ |
-+
-+ |
-+ Quarantine Whole Message |
-+
-+ |
-+ Default: no -+ -+When an infected message is stored in the quarantine, a -+copy of the entire message will be saved, in addition to -+copies of the infected attachments. -+ |
-+
-+ |
-+ Quarantine Whole Messages As Queue Files |
-+
-+ |
-+ Default: no -+ -+When an entire message is saved in the quarantine for any -+reason, do you want to save it as the raw data files out of -+the mail queue (which can be processed with the df2mbox -+script, and which is easier to send to its original -+recipients), or do you want a conventional message file -+consisting of the header followed by the body of the -+message. If the previous option is switched off, then this -+will only affect archived mail and quarantined spam. If the -+previous option is on, then this also affects quarantined -+infections. -+ |
-+
-+ |
-+ Keep Spam And MCP Archive Clean |
-+
-+ |
-+ Default: no -+ -+Do you want to stop any virus−infected spam getting -+into the spam or MCP archives? If you have a system where -+users can release messages from the spam or MCP archives, -+then you probably want to stop them being able to release -+any infected messages, so set this to yes. It is set to no -+by default as it causes a small hit in performance, and many -+people don’t allow users to access the spam -+quarantine, so don’t need it. This can also be the -+filename of a ruleset. -+ |
-+
-+ |
-+ Language Strings |
-+
-+ |
-+ Default: %reports−dir%/languages.conf -+ -+Set where to find all the strings used so they can be -+translated into your local language. This can also be the -+filename of a ruleset so you can produce different languages -+for different messages. -+ |
-+
-+ |
-+ Deleted Bad Filename Message Report |
-+
-+ |
-+ Default: -+%reports−dir%/deleted.filename.message.txt -+ -+When an attachment is deleted from a message because the -+filename failed the filename rules in force for the message, -+it is replaced by the contents of this file. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file. -+ |
-+
-+ |
-+ Deleted Virus Message Report |
-+
-+ |
-+ Default: -+%reports−dir%/deleted.virus.message.txt -+ -+When an attachment is deleted from a message because the -+attachment contained a virus or other dangerous content, it -+is replaced by the contents of this file. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file. -+ |
-+
-+ |
-+ Stored Bad Filename Message Report |
-+
-+ |
-+ Default: -+%reports−dir%/stored.filename.message.txt -+ -+When an attachment is deleted and stored from a message -+(and the attachment has been stored in the quarantine) -+because the filename failed the filename rules in force for -+the message, it is replaced by the contents of this file. A -+few variable substitutions can be made in this file, an -+example of each of which is contained in the supplied sample -+file. -+ |
-+
-+ |
-+ Deleted Bad Content Message Report |
-+
-+ |
-+ Default: -+/%reports−dir%/deleted.content.message.txt -+ -+This report is sent when a message is deleted because it -+contained bad or dangerous content. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file. -+ |
-+
-+ |
-+ Stored Bad Content Message Report |
-+
-+ |
-+ Default: -+%reports−dir%/stored.content.message.txt -+ -+This report is sent when a message is stored because it -+contained bad or dangerous content. A few variable -+substitutions can be made in this file, an example of each -+of which is contained in the supplied sample file. -+ |
-+
-+ |
-+ Disinfected Report |
-+
-+ |
-+ Default: %reports−dir%/disinfected.report.txt -+ -+When, for example, a Microsoft Word macro virus has been -+safely removed from a document, leaving the original -+document intact, it is delivered on to the original -+recipient. The contents of this text file will be put in the -+body of the new message, explaining to the user what has -+happened. -+ |
-+
-+ |
-+ Inline HTML Signature |
-+
-+ |
-+ Default: %reports−dir%/inline.sig.html -+ -+If the "Sign Clean Messages" option is set, -+then the contents of this file will be appended to the end -+of the body of every message that is scanned by MailScanner. -+You can use this to inform your users that MailScanner has -+scanned it, and you can also add any disclaimers you feel -+should be on mail travelling through your servers. This -+option corresponds to the contents that is appended to HTML -+messages. -+ |
-+
-+ |
-+ Inline Text Signature |
-+
-+ |
-+ Default: %reports−dir%/inline.sig.txt -+ -+If the "Sign Clean Messages" option is set, -+then the contents of this file will be appended to the end -+of the body of every message that is scanned by MailScanner. -+You can use this to inform your users that MailScanner has -+scanned it, and you can also add any disclaimers you feel -+should be on mail travelling through your servers. This -+option corresponds to the contents that is appended to text -+messages. -+ |
-+
-+ |
-+ Sender Error Report |
-+
-+ |
-+ Default: %reports−dir%/sender.error.report.txt -+ -+When a message could not be processed completely for some -+reason, such as bad message structure or unreadable -+winmail.dat TNEF attachments, this message is sent back to -+the sender. Read the example file supplied for a -+demonstration of what variables can be used inside the -+file. -+ |
-+
-+ |
-+ Sender Bad Filename Report |
-+
-+ |
-+ Default: -+%reports−dir%/sender.filename.report.txt -+ -+When an attachment is trapped by the filename rules, this -+message is sent back to the sender. -+ |
-+
-+ |
-+ Sender Virus Report |
-+
-+ |
-+ Default: %reports−dir%/sender.virus.report.txt -+ -+When an attachment is removed because of a virus, this -+message is sent back to the sender. -+ |
-+
-+ |
-+ Hide Incoming Work Dir |
-+
-+ |
-+ Default: yes -+ -+When this option is set, the full directory in which the -+virus was found will be removed from report messages sent to -+users. This makes the infection reports a lot easier to -+understand. -+ |
-+
-+ |
-+ Include Scanner Name in Reports |
-+
-+ |
-+ Default: yes -+ -+Include the name of the virus scanner in each of the
-+scanner reports. This also includes the translation of
-+"MailScanner" in each of the report lines
-+resulting from one of MailScanner’s own checks such as
-+filename, filetype or dangerous HTML content. To change the
-+name "MailScanner", look in
-+reports/...../languages.conf. |
-+
-+ |
-+ Mail Header |
-+
-+ |
-+ Default: X−MailScanner: -+ -+Extra header that should be added to all scanned messages -+to show they have been scanned. You might want to add an -+abbreviation of your site name to this, so that you can find -+headers that are added by your MailScanner server. -+ |
-+
-+ |
-+ Spam Header |
-+
-+ |
-+ Default: X−MailScanner−SpamCheck: -+ -+Name of the header to add to mail detected as spam. The -+text of the header is a list of the causes that think the -+message is spam. -+ |
-+
-+ |
-+ Spam Score Header |
-+
-+ |
-+ Default: X−MailScanner−SpamScore: -+ -+If the option "Spam Score" is set, this is the -+name of the header that is used to contain the list of -+characters. -+ |
-+
-+ |
-+ Information Header |
-+
-+ |
-+ Default: X−MailScanner−Information: -+ -+Name of the header to add to all messages, to be used for -+simply providing a URL or contact information for anyone -+receiving mail that has gone through MailScanner. If you do -+not want this header, simply set it blank. -+ |
-+
-+ |
-+ Add Envelope From Header |
-+
-+ |
-+ Default: yes -+ -+Do you want to add the Envelope−From: header? This -+is very useful for tracking where spam came from as it -+contains the envelope sender address. This can also be the -+filename of a ruleset. -+ |
-+
-+ |
-+ Add Envelope To Header |
-+
-+ |
-+ Default: no -+ -+Do you want to add the Envelope−To: header? This -+can be useful for tracking span destinations, but should be -+used with care due to possible privacy concerns with the use -+of Bcc: headers by users. This can also be the filename of a -+ruleset. -+ |
-+
-+ |
-+ Evelope From Header |
-+
-+ |
-+ Default: -+X−%org−name%−MailScanner−From: -+ -+This is the name of the Envelope From header controlled -+by the option above. This can also be the filename of a -+ruleset. -+ |
-+
-+ |
-+ Evelope To Header |
-+
-+ |
-+ Default: -+X−%org−name%−MailScanner−To: -+ -+This is the name of the Envelope To header controlled by -+the option above. This can also be the filename of a -+ruleset. -+ |
-+
-+ |
-+ Detailed Spam Report |
-+
-+ |
-+ Default: yes -+ -+If this is set to yes then you get the normal fully -+detailed spam report in spam messages. If this is set to no -+then you simply get a "spam" or "not -+spam" report. The exact text inserted can be configured -+in the languages.conf file for your language. -+ |
-+
-+ |
-+ Include Scores In SpamAssassin Report |
-+
-+ |
-+ Default: yes -+ -+Do you want to include the numerical scores in the -+detailed SpamAssassin report, or just list the names of the -+scores? -+ |
-+
-+ |
-+ Spam Score Character |
-+
-+ |
-+ Default: s -+ -+If the option "Spam Score" is set, this is the -+character that will be repeated in the "Spam Score -+Header", one letter for each point in the SpamAssassin -+score. -+ |
-+
-+ |
-+ SpamScore Number Instead Of Stars |
-+
-+ |
-+ Default: no -+ -+If this option is set to yes, you will get a -+spam−score header saying just the value of the spam -+score, instead of the row of characters representing the -+score. This can also be the filename of a ruleset. -+ |
-+
-+ |
-+ Minimum Stars If on Spam List |
-+
-+ |
-+ Default: 0 -+ -+This sets the minimum number of "Spam Score -+Characters" which will appear if a message triggered -+the "Spam List" setting but received a very low -+SpamAssassin score. This means that people who only filter -+on the "Spam Stars" will still be able to catch -+messages which receive a very low SpamAssassin score. Set -+this value to 0 to disable it. This can also be the filename -+of a ruleset. -+ |
-+
-+ |
-+ Clean header Value |
-+
-+ |
-+ Default: Found to be clean -+ -+This is the text that is added to the "Mail -+Header" when a message is found to be clean and free of -+viruses and other dangerous content. -+ |
-+
-+ |
-+ Infected Header Value |
-+
-+ |
-+ Default: Found to be infected -+ -+This is the text that is added to the "Mail -+Header" when a message is found to be infected with a -+virus or other dangerous content. -+ |
-+
-+ |
-+ Disinfected Header Value |
-+
-+ |
-+ Default: Disinfected -+ -+This is the text that is added to the "Mail -+Header" of a message that is created by MailScanner to -+contain disinfected documents containing macro viruses that -+could be completely removed, leaving the original document -+intact. -+ |
-+
-+ |
-+ Information Header Value |
-+
-+ |
-+ Default: Please contact the ISP for more information -+ -+This is the text that is added to the "Information -+Header" of a message that has passed through -+MailScanner at all. It could be used to provide a URL or -+contact address for recipients if they have any queries -+about the messages they have received. If the setting -+"Information Header" is blank, this message will -+not be added to the Mail Header. -+ |
-+
-+ |
-+ Multiple Headers |
-+
-+ |
-+ Default: append -+ -+When a message passes through more than one MailScanner -+server on your site, they will each try to add their own -+headers. This option controls what should happen when trying -+to add a MailScanner header that already exists in the -+message. Valid options are append (append the new data to -+the existing header), add (add a new header) and replace -+(replace the old data with the new data). -+ |
-+
-+ |
-+ Hostname |
-+
-+ |
-+ Default: the MailScanner -+ -+This is the name of the MailScanner server that is put in -+messages to users. If you have more than one MailScanner -+server on your site, you will want to change this on each -+server so that you can tell them apart. -+ |
-+
-+ |
-+ Sign Messages Already Processed |
-+
-+ |
-+ Default: no -+ -+If a message has already been processed by another -+MailScanner server on your site, then the "Inline -+HTML/Text Signature" is not added to the message again -+if this option is set. Without it, you will get one -+signature added for every MailScanner server that processes -+the message. -+ |
-+
-+ |
-+ Sign Clean Messages |
-+
-+ |
-+ Default: no -+ -+If this option is set, then the "Inline HTML/Text -+Signature" will be added to the end of every clean -+message processed by MailScanner. You can use this to inform -+the recipient that the message has been checked, and also to -+add any legal disclaimer or copyright statement you want to -+add to every message. Using a ruleset for this option, you -+could very simply set it so that only messages leaving your -+site are signed, for example. -+ |
-+
-+ |
-+ Mark Infected Messages |
-+
-+ |
-+ Default: yes -+ -+If this option is set, then the "Inline HTML/Text -+Warning" is added to the start of every message that is -+found to be infected or has had attachments removed for any -+reason. This can be used to guide the recipients to read the -+infection reports contained in the replacement -+attachments. -+ |
-+
-+ |
-+ Mark Unscanned Messages |
-+
-+ |
-+ Default: yes -+ -+If this option is set, then any message which is not -+scanned by MailScanner gets the "Mail Header" -+added to it with the string contained in the "Unscanned -+Header Value" option. This can be used to advertise -+your MailScanner service to customers/clients who are -+currently not using it. -+ |
-+
-+ |
-+ Unscanned Header Value |
-+
-+ |
-+ Default: Not scanned: please contact your Internet -+E−Mail Service Provider for details -+ -+This supplies the text that is placed in the "Mail -+Header" of messages that have not been scanned, if the -+option "Mark Unscanned Messages" is set. It is a -+useful place to advertise your MailScanner service to new -+customers/clients. -+ |
-+
-+ |
-+ Remove These Headers |
-+
-+ |
-+ Default: -+ -+If any of these headers are included in a a message, they -+will be deleted. This is very useful for removing -+return−receipt requests and any headers which mean -+special things to your email client application, such as # -+X−Mozilla−Status. Each header should end in a -+":", but MailScanner will add it if you forget. -+Headers should be separated by commas or spaces. This can -+also be the filename of a ruleset. -+ |
-+
-+ |
-+ Deliver Cleaned Messages |
-+
-+ |
-+ Default: yes -+ -+Once a message has had all viruses and dangerous content -+removed from it, it will then be delivered to the original -+recipients if this option is set. If you want the behaviour -+from previous versions of MailScanner that had the -+"Deliver From Local Domains" keyword, then you -+should set this to be a ruleset that only returns -+"yes" for messages destined for inside your site, -+and "no" for messages going out of your site. -+ |
-+
-+ |
-+ Notifiy Senders |
-+
-+ |
-+ Default: yes -+ -+Do you want to notify the people who sent you messages -+containing viruses or badly−named filenames? The -+default value has been changed to "no" as most -+viruses now fake sender addresses and therefore should be on -+the "Silent Viruses" list. This can also be the -+filename of a ruleset. -+ |
-+
-+ |
-+ Notify Senders Of Blocked Filenames Or -+Filetypes |
-+
-+ |
-+ Default: yes -+ -+*If* "Notify Senders" is set to yes, do you -+want to notify people who sent you messages containing -+attachments that are blocked due to their filename or file -+contents? This can also be the filename of a ruleset. -+ |
-+
-+ |
-+ Notify Senders Of Other Blocked Content |
-+
-+ |
-+ Default: yes -+ -+*If* "Notify Senders" is set to yes, do you -+want to notify people who sent you messages containing other -+blocked content, such as partial messages or messages with -+external bodies? This can also be the filename of a -+ruleset. -+ |
-+
-+ |
-+ Notify Senders Of Viruses |
-+
-+ |
-+ Default: no -+ -+*If* "Notify Senders" is set to yes, do you -+want to notify people who sent you messages containing -+viruses? This can also be the filename of a ruleset. -+ |
-+
-+ |
-+ Never Notify Senders Of Precedence |
-+
-+ |
-+ Default: list bulk -+ -+If you supply a space−separated list of message -+"precedence" settings, then senders of those -+messages will not be warned about anything you rejected. -+This is particularly suitable for mailing lists, so that any -+MailScanner responses do not get sent to the entire -+list. -+ |
-+
-+ |
-+ Scanned Modify Subject |
-+
-+ |
-+ Default: no # end -+ -+If this is set to "start" or "end" -+then the "Scanned Subject Text" is inserted at the -+start or the end of the Subject: line. This only happens if -+the Subject: line has not already been modified for any -+other reason. -+ |
-+
-+ |
-+ Scanned Subject Text |
-+
-+ |
-+ Default: {Scanned} -+ -+This is the text inserted at the start or the end of the -+Subject: line if the "Scanned Modify Subject" -+option above is in effect. -+ |
-+
-+ |
-+ Virus Modify Subject |
-+
-+ |
-+ Default: yes -+ -+If this is set, then the "Subject:" line of a -+message that was infected with a virus will have the -+"Virus Subject Text" text inserted at the -+start. -+ |
-+
-+ |
-+ Virus Subject Text |
-+
-+ |
-+ Default: {Virus?} -+ -+This is the text inserted at the start of the -+"Subject:" line if the "Virus Modify -+Subject" option is set. -+ |
-+
-+ |
-+ Filename Modify Subject |
-+
-+ |
-+ Default: yes -+ -+If this is set, then the "Subject:" line of a -+message that had an attachment with a dangerous filename -+will have the "Filename Subject Text" text -+inserted at the start. -+ |
-+
-+ |
-+ Filename Subject Text |
-+
-+ |
-+ Default: {Virus?} -+ -+This is the text inserted at the start of the -+"Subject:" line if the "Filename Modify -+Subject" option is set. -+ |
-+
-+ |
-+ Content Modify Subject |
-+
-+ |
-+ Default: yes -+ -+If this is set, then the "Subject:" line of a -+message that triggered a content check without anything else -+wrong in the message will have the "Content Subject -+Text" text inserted at the start. -+ |
-+
-+ |
-+ Content Subject Text |
-+
-+ |
-+ Default: {Filename?} -+ -+This is the text inserted at the start of the -+"Subject:" line if the "Content Modify -+Subject" option is set. -+ |
-+
-+ |
-+ Spam Modify Subject |
-+
-+ |
-+ Default: yes -+ -+If this is set, then the "Subject:" line of a -+message that was determined to be spam will have the -+"Spam Subject Text" text inserted at the -+start. -+ |
-+
-+ |
-+ Spam Subject Text |
-+
-+ |
-+ Default: {Spam?} -+ -+This is the text to add to the start of the subject if -+the "Spam Modify Subject" option is set. The exact -+string "_SCORE_" will be replaced by the numeric -+SpamAssassin score. This can also be the filename of a -+ruleset. -+ |
-+
-+ |
-+ High Scroing Spam Modify Subject |
-+
-+ |
-+ Default: yes -+ -+If this is set, then the "Subject:" line of a -+message that was determined to be spam, and had a -+SpamAssassin score greater than the "High SpamAssassin -+Score" will have the "High Scoring Spam Subject -+Text" text inserted at the start. -+ |
-+
-+ |
-+ High Scoring Spam Subject Text |
-+
-+ |
-+ Default: {Spam?} -+ -+This is just like the "Spam Subject Text" -+option above, except that it applies then the score from -+SpamAssassin is higher than the "High SpamAssassin -+Score" value. The exact string "_SCORE_" will -+be replaced by the numeric SpamAssassin score. This can also -+be the filename of a ruleset. -+ |
-+
-+ |
-+ Warning Is Attachment |
-+
-+ |
-+ Default: yes -+ -+When an infected or dangerous attachment is replaced with -+a text message containing the infection report, should the -+replacement be an attachment (yes) or should it be included -+inline in the main text of the message (no). -+ |
-+
-+ |
-+ Attachment Warning Filename |
-+
-+ |
-+ Default: -+%org−name%−Attachment−Warning.txt -+ -+What an infected or dangerous attachment is replaced with -+a text message containing the infection report, this is the -+filename of the attachment that appears in the message. -+ |
-+
-+ |
-+ Attachment Encoding Charset |
-+
-+ |
-+ Default: ISO−8859−1 -+ -+This is the name of the encoding character set used for -+the contents of "VirusWarning.txt" -+attachments. -+ |
-+
-+ |
-+ Archive Mail |
-+
-+ |
-+ Default: -+ -+Space−separated list of any combination of |
-+
-+ |
-+
-+ 1. email addresses to which mail should be -+forwarded, -+ |
-+
-+ |
-+
-+ 2. directory names where you want mail to be stored, -+ |
-+
-+ |
-+
-+ 3. file names to which mail will be appended. -+ |
-+
-+ |
-+ The files (option 3) are using the "mbox" -+format suitable for most Unix mail systems. These files must -+already exist since MailScanner will not create them! -+ -+If you give this option a ruleset, you can control -+exactly whose mail is archived or forwarded. If you do this, -+beware of the legal implications as this could be deemed to -+be illegal interception unless the police have asked you to -+do this. -+ -+Any of the items above can contain the magic string -+_DATE_ in them which will be replaced with the current date -+in yyyymmdd format. This will make archive−rolling and -+maintenance much easier, as you can guarantee that -+yesterday’s mail archive will not be in active use -+today. -+ |
-+
-+ |
-+ Send Notices |
-+
-+ |
-+ Default: yes -+ -+Should system administrators listed in the "Notices -+To" option be notified of every infection found? -+ |
-+
-+ |
-+ Notices Include Full Headers |
-+
-+ |
-+ Default: no -+ -+If this option is set, then the system administrator -+notices will include the full headers of every infected -+message. If this option is set to "no" then only a -+restricted set of headers is included in the notices. -+ |
-+
-+ |
-+ Hide Incoming Work Dir in Notices |
-+
-+ |
-+ Default: no -+ -+When this option is set, the full directory in which the -+virus was found will be removed from report messages sent to -+administrators. This makes the infection reports a lot -+easier to understand. It is also very useful if your notices -+go to your customer sites. -+ |
-+
-+ |
-+ Notice Signature |
-+
-+ |
-+ Default: −− \nMailScanner\nEmail Virus -+Scanner\nwww.mailscanner.info -+ -+This string is added to the bottom of all system -+administrator notices, and is intended to be the signature -+of your MailScanner system. To insert -+"line−breaks" or "newline" -+characters, use the sequence 0 -+ |
-+
-+ |
-+ Notices From |
-+
-+ |
-+ Default: MailScanner -+ -+The visible part of the email address used in the -+"From:" line of the notices. The -+<user@domain> part of the email address is set to the -+"Local Postmaster" setting. -+ |
-+
-+ |
-+ Notices To |
-+
-+ |
-+ Default: postmaster -+ -+This option provides a list of the addresses to which -+virus notices should be sent. You may want to set this to be -+a ruleset, providing different notification addresses for -+different domains that you administer. -+ |
-+
-+ |
-+ Local Postmaster |
-+
-+ |
-+ Default: postmaster -+ -+When virus warnings are sent to any users, this is the -+email address used as the "From:" header in the -+messages. -+ |
-+
-+ |
-+ Spam List Definitions |
-+
-+ |
-+ Default: %etc−dir%/spam.lists.conf -+ -+This file contains all the definitions of the "Spam -+Lists" (also known as RBL’s or DNSBL’s) -+which can be used to try to detect spam based on where each -+message came from. Many more spam lists can be added to this -+file, but it contains the most popular ones to get you -+started. -+ |
-+
-+ |
-+ Virus Scanner Definitions |
-+
-+ |
-+ Default: %etc−dir%/virus.scanners.conf -+ -+This file contains the locations of all the commands that -+are run for each virus scanner. Check this file before -+starting MailScanner to make sure it will run the correct -+command or wrapper script. -+ |
-+
-+ |
-+ Spam Checks |
-+
-+ |
-+ Default: yes -+ -+If this option is set, messages will be checked to see if -+they are spam. -+ |
-+
-+ |
-+ Spam List |
-+
-+ |
-+ Default: ORDB−RBL Infinite−Monkeys -+ -+This provides a space−separated list of "Spam -+Lists" (or RBL’s or DNSBL’s) which are -+checked for each message. These lists are based on the -+numeric IP address of the server that sent the message to -+your MailScanner server. Every list used here must be -+defined in the "Spam List Definitions" file -+mentioned above. -+ |
-+
-+ |
-+ Spam Domain List |
-+
-+ |
-+ Default: -+ -+This provides a space−separated list of "Spam -+Lists" (or RBL’s or DNSBL’s) which are -+checked for each message. These lists are based on the -+domain name of the sender address of each message. Every -+list used here must be defined in the "Spam List -+Definitions" file mentioned above. -+ |
-+
-+ |
-+ Spam Lists To Reach High Score |
-+
-+ |
-+ Default: 5 -+ -+If a message appears in at least this number of -+"Spam Lists" (as defined above), then the message -+will be treated as "High Scoring Spam" and so the -+"High Scoring Spam Actions" will happen. You -+probably want to set this to 2 if you are actually using -+this feature. 5 is high enough that it will never happen -+unless you use lots of "Spam Lists". This can also -+be the filename of a ruleset. -+ |
-+
-+ |
-+ Spam List Timeout |
-+
-+ |
-+ Default: 10 -+ -+This is the number of seconds to wait for each "Spam -+List" lookup to complete. If the lookup takes longer -+than this, it is killed and ignored. -+ |
-+
-+ |
-+ Max Spam List Timeouts |
-+
-+ |
-+ Default: 7 -+ -+If a "Spam List" lookup times out for this many -+consecutive checks without ever succeeding, then the -+particular "Spam List" entry will not be used any -+more, as it appears to be unreachable. When MailScanner -+restarts itself after a few hours, MailScanner will try to -+use the entry again, in case service has resumed -+properly. -+ |
-+
-+ |
-+ Spam List Timeouts History |
-+
-+ |
-+ Default: 10 -+ -+The total number of Spam List attempts during which -+"Max Spam List Timeouts" will cause the spam list -+fo be marked as "unavailable". See the previous -+comment for more information. The default values of 5 and 10 -+mean that 5 timeouts in any sequence of 10 attempts will -+cause the list to be marked as "unavailable" until -+the next periodic restart (see "Restart -+Every"). -+ |
-+
-+ |
-+ Is Definitely Not Spam |
-+
-+ |
-+ Default: %rules−dir%/spam.whitelist.rules -+ -+This option would normally be a ruleset. Any messages for -+which the ruleset result is "yes" will never be -+marked as spam. This is used to create a spam -+"whitelist" of addresses which are never spam. You -+will probably want to include your own site (or your own -+site’s IP addresses) in this ruleset. -+ |
-+
-+ |
-+ Is Definitely Spam |
-+
-+ |
-+ Default: no -+ -+This option would normally be a ruleset. Any messages for -+which the ruleset result is "yes" will always be -+marked as spam. This is used to create a spam -+"blacklist" of addresses of known spammers. -+ |
-+
-+ |
-+ Definite Spam Is High Scoring |
-+
-+ |
-+ Default: no -+ -+Setting this to yes means that spam found in the -+blacklist is treated as "High Scoring Spam" in the -+"Spam Actions" section below. Setting it to no -+means that it will be treated as "normal" spam. -+This can also be the filename of a ruleset. -+ |
-+
-+ |
-+ Ignore Spam Whitelist If Recipients -+Exceed |
-+
-+ |
-+ Default: 20 -+ -+Spammers have learnt that they can get their message -+through by sending a message with lots of recipients, one of -+which chooses to whitelist everything coming to them, -+including the spammer. So if a message arrives with more -+than this number of recipients, ignore the "Is -+Definitely Not Spam" whitelist. -+ |
-+
-+ |
-+ Use SpamAssassin |
-+
-+ |
-+ Default: no -+ -+Do you want to detect spam using the very good
-+SpamAssassin package? You must have installed SpamAssassin
-+before using this option, otherwise MailScanner will not
-+start properly. |
-+
-+ |
-+ Max SpamAssassin Size |
-+
-+ |
-+ Default: 90000 -+ -+SpamAssassin is quite slow when processing very large -+messages. To work round this problem, this option provides a -+maximum size for messages that are processed with -+SpamAssassin. Most real spam is usually less than about -+50,000 bytes per message. -+ |
-+
-+ |
-+ Required Spam Assassin Score |
-+
-+ |
-+ Default: 6 -+ -+This gives the minimum SpamAssassin score value above -+which messages are spam. This replaces SpamAssassin’s -+own "required_hits" value, so that it can be a -+ruleset and set to different values for different -+users/domains. -+ |
-+
-+ |
-+ High SpamAssassin Score |
-+
-+ |
-+ Default: 20 -+ -+Messages with a SpamAssassin score greater than this -+value are labelled as being "High Scoring Spam", -+and a different set of "Spam Actions" are applied -+to messages scoring at least this value. -+ |
-+
-+ |
-+ SpamAssassin Auto Whitelist |
-+
-+ |
-+ Default: no -+ -+SpamAssassin has a feature which measures the ratio of -+spam to non−spam originating from different addresses, -+and will automatically add addresses to its own internal -+"whitelist" if most of the messages from an -+address is not spam. This option enables this feature of -+SpamAssassin. Please read their documentation for more -+information. -+ |
-+
-+ |
-+ SpamAssassin Prefs File |
-+
-+ |
-+ Default: %etc−dir%/spam.assassin.prefs.conf -+ -+SpamAssassin uses a "user preferences" file -+which can be used to set the values of various SpamAssassin -+options. This is the name of that file. Its most useful -+feature is that the RBL/DNSBL/"Spam List" checks -+done by SpamAssassin can be disabled as MailScanner already -+does them and there is little to be gained by doing these -+checks twice for every message. -+ |
-+
-+ |
-+ SpamAssassin Timeout |
-+
-+ |
-+ Default: 30 -+ -+This option sets the maximum number of seconds to wait -+for SpamAssassin to process a message. This is a useful -+protection against occasional bugs in SpamAssassin that can -+cause it to take hours to process a single message. -+ |
-+
-+ |
-+ Max SpamAssasin Timeouts |
-+
-+ |
-+ Default: 20 -+ -+If several consecutive calls to SpamAssassin time out, -+then MailScanner decides that there is something stopping -+SpamAssassin from working properly. It will therefore be -+disabled for the next few hours until MailScanner restarts -+itself, at which point it will be tried again. -+ |
-+
-+ |
-+ SpamAssassin Timeouts History |
-+
-+ |
-+ Default: 30 -+ -+The total number of SpamAssassin attempts during which -+"Max SpamAssassin Timeouts" will cause -+SpamAssassin to be marked as "unavailable". See -+the previous comment for more information. The default -+values of 10 and 20 mean that 10 timeouts in any sequence of -+20 attempts will trigger the behaviour described above, -+until the next periodic restart (see "Restart -+Every"). -+ |
-+
-+ |
-+ Check SpamAssassin If On Spam List |
-+
-+ |
-+ Default: yes -+ -+If a message has already triggered any of the "Spam -+List" checks, the SpamAssassin check will be skipped if -+this option is set to "no". This can help reduce -+the load on your server if SpamAssassin checks take a long -+time for some reason. -+ |
-+
-+ |
-+ Always Include SpamAssasin Report |
-+
-+ |
-+ Default: no -+ -+If this option is set, then the "Spam Header" -+will be included in the header of every message, so its -+presence cannot be used to filter out spam by your -+users’ e−mail applications. -+ |
-+
-+ |
-+ Spam Score |
-+
-+ |
-+ Default: yes -+ -+If a message is spam, and this option is set, then a -+header will be added to the message containing 1 character -+for each point in the SpamAssassin score. This allows users -+to choose for themselves the SpamAssassin scores at which -+they want to do different things with the message, such as -+file it or delete it. -+ |
-+
-+ |
-+ Rebuild Bayes Every |
-+
-+ |
-+ Default: 0 -+ -+If you are using the Bayesian statistics engine on a busy -+server, you may well need to force a Bayesian database -+rebuild and expiry at regular intervals. This is measures in -+seconds. 24 hours = 86400 seconds. To disable this feature -+set this to 0. -+ |
-+
-+ |
-+ Wait During Bayes Rebuild |
-+
-+ |
-+ Default: no -+ -+# The Bayesian database rebuild and expiry may take a 2 -+or 3 minutes # to complete. During this time you can either -+wait, or simply # disable SpamAssassin checks until it has -+completed. WaitDuringBayesRebuild = no -+ |
-+
-+ |
-+ Spam Actions |
-+
-+ |
-+ Default: deliver -+ -+This can be any combination of 1 or more of the following -+keywords, and these actions are applied to any message which -+is spam. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ deliver − the message is delivered to the -+recipient as normal -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ delete − the message is deleted -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ store − the message is stored in the -+quarantine -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ forward − an email address is supplied, to which -+the message is forwarded -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ notify − Send the recipients a short notification -+that spam addressed to them was not delivered. They can then -+take action to request retrieval of the orginal message if -+they think it was not spam. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ striphtml − convert all in−line HTML content -+in the message to be stripped to plain text, which removes -+all images and scripts and so can be used to protect your -+users from offensive spam. Note that using this action on -+its own does not imply that the message will be delivered, -+you will need to specify "deliver" or -+"forward" to actually deliver the message. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ attachment − Convert the original message into an -+attachment of the message. This means the user has to take -+an extra step to open the spam, and stops "web -+bugs" very effectively. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ bounce − bounce the spam message. This option -+should not be used and must be enabled with the "Enable -+Spam Bounce" option first. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ header "name: value" − Add the header -+"name: value" to the message. name must not -+contain any spaces. -+ |
-+
-+ |
-+ High Scoring Spam Actions |
-+
-+ |
-+ Default: deliver |
-+
-+ |
-+ This is the same as the "Spam Actions" option -+above, but it gives the actions to apply to any message -+whose SpamAssassin score is above the "High -+Scoring" threshold described above. -+ |
-+
-+ |
-+ Non Spam Actions |
-+
-+ |
-+ Default: deliver -+ -+This is the same as the "Spam Actions" option -+above, except that it applies to messages that are NOT spam. -+The bounce option does not make much sense here so do not -+use it. -+ |
-+
-+ |
-+ Sender Spam Report |
-+
-+ |
-+ Default: %reports−dir%/sender.spam.report.txt -+ -+When the "bounce" spam action is applied to a -+message that triggered both a "Spam List" check -+and SpamAssassin, this file gives the text to put in that -+message. -+ |
-+
-+ |
-+ Sender Spam List Report |
-+
-+ |
-+ Default: -+%reports−dir%/sender.spam.rbl.report.txt -+ -+When the "bounce" spam action is applied to a -+message that triggered a "Spam List" check, this -+file gives the text to put in that message. -+ |
-+
-+ |
-+ Sender SpamAssassin Report |
-+
-+ |
-+ Default: -+%reports−dir%/sender.spam.sa.report.txt -+ -+When the "bounce" spam action is applied to a -+message that triggered SpamAssassin, this file gives the -+text to put in that message. -+ |
-+
-+ |
-+ Inline Spam Warning |
-+
-+ |
-+ Default: %reports−dir%/inline.spam.warning.txt -+ -+If you use the ’attachment’ Spam Action or -+High Scoring Spam Action then this is the location of inline -+spam report that is inserted at the top of the message. -+ |
-+
-+ |
-+ Recipient Spam Report |
-+
-+ |
-+ Default: -+%reports−dir%/recipient.spam.report.txt -+ -+If you use the ’notify’ Spam Action or High -+Scoring Spam Action then this is the location of the -+notification message that is sent to the original recipients -+of the message. -+ |
-+
-+ |
-+ Enable Spam Bounce |
-+
-+ |
-+ Default: %rules−dir%/bounce.rules -+ -+You can use this ruleset to enable the "bounce" -+Spam Action. You must *only* enable this for mail from sites -+with which you have agreed to bounce possible spam. Use it -+on low−scoring spam only (<10) and only to your -+regular customers for use in the rare case that a message is -+mis−tagged as spam when it shouldn’t have been. -+Beware that many sites will automatically delete the bounce -+messages created by using this option unless you have agreed -+this with them in advance. -+ |
-+
-+ |
-+ Syslog Facility |
-+
-+ |
-+ Default: mail -+ -+This is the name of the "facility" used by -+syslogd to log MailScanner’s messages. If this -+doesn’t mean anything to you, then either leave it -+alone or else read the "syslogd" man page. -+ |
-+
-+ |
-+ Log Speed |
-+
-+ |
-+ Default: no -+ -+Do you want to log the processing speed for each section -+of the code for a batch? This can be very useful for -+diagnosing speed problems, particularly in spam -+checking. -+ |
-+
-+ |
-+ Log Spam |
-+
-+ |
-+ Default: no -+ -+If this option is set, then every spam message will be -+logged to syslog. If you get a lot of spam, or your server -+load is high, you will want to leave this option switched -+off. But if you are having trouble with spam detection, -+setting this to "yes" temporarily can provide -+useful debugging output. -+ |
-+
-+ |
-+ Log Non Spam |
-+
-+ |
-+ Default: no -+ -+Do you want all non−spam to be logged? Useful if -+you want to see all the SpamAssassin reports of mail that -+was marked as non−spam. Note: It will generate a lot -+of log traffic. -+ |
-+
-+ |
-+ Log Permitted Filenames |
-+
-+ |
-+ Default: no -+ -+If this option is set, then every attachment filename -+that passes the "filename rules" checks will be -+logged to syslog. Normally this is of no interest. But if -+you are having trouble getting your filename rules correct, -+setting, this can provide useful debugging output. -+ |
-+
-+ |
-+ Log Permitted Filetypes |
-+
-+ |
-+ Default: no -+ -+Log all the filenames that are allowed by the Filetype -+Rules, or just the filetypes that are denied? This can also -+be the filename of a ruleset. -+ |
-+
-+ |
-+ Log Silent Viruses |
-+
-+ |
-+ Default: no -+ -+Log all occurrences of "Silent Viruses" as -+defined above? This can only be a simple yes/no value, not a -+ruleset. -+ |
-+
-+ |
-+ If you are using Postfix you may well need to use some of -+the settings below, as the home directory for the -+"postfix" user cannot be written to by the -+"postfix" user. You may also need to use these if -+you have installed SpamAssassin somewhere other than the -+default location. -+ |
-+
-+ |
-+ SpamAssassin User State Dir |
-+
-+ |
-+ Default: -+ -+The per−user files (bayes, auto−whitelist, -+user_prefs) are looked for here and in ~/.spamassassin/. -+Note the files are mutable. If this is unset then no extra -+places are searched for. NOTE: SpamAssassin is always called -+from MailScanner as the same user, and that is the "Run -+As" user specified in MailScanner.conf. So you can only -+have 1 set of "per−user" files, it’s -+just that you might possibly need to modify this location. -+You should not normally need to set this at all. If using -+Postfix, you probably want to set this to -+/var/spool/MailScanner/spamassassin and do -+ |
-+
-+ |
-+ mkdir /var/spool/MailScanner/spamassassin |
-+
-+ |
-+ SpamAssassin Install Prefix |
-+
-+ |
-+ Default: -+ -+This setting is useful if SpamAssassin is installed in an -+unusual place, e.g. /opt/MailScanner. The install prefix is -+used to find some fallback directories if neither of the -+following two settings work. If this is set then it adds to -+the list of places that are searched; otherwise it has no -+effect. -+ |
-+
-+ |
-+ SpamAssassin Local Rules Dir |
-+
-+ |
-+ Default: -+ -+This tells MailScanner where to look for the -+site−local rules. If this is set it adds to the list -+of places that are searched. MailScanner will always look at -+the following places (even if this option is not set): -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ prefix/etc/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ prefix/etc/mail/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ /usr/local/etc/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ /etc/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ /etc/mail/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ maybe others as well -+ |
-+-+ | -+
-+ |
-+ SpamAssassin Default Rules Dir |
-+
-+ |
-+ Default: |
-+
-+ |
-+ This tells MailScanner where to look for the default -+rules. If this is set it adds to the list of places that are -+searched. MailScanner will always look at the following -+places (even if this option is not set): |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ prefix/share/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ /usr/local/share/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ /usr/share/spamassassin -+ |
-+-+ | -+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ maybe others as well -+ |
-+-+ | -+
-+ |
-+ Spam Score Number Format |
-+
-+ |
-+ Default: %d -+ -+When putting the value of the spam score of a message -+into the headers, how do you want to format it. If you -+don’t know how to use sprintf() or printf() in C, -+please *do not modify* this value. This can also be the -+filename of a ruleset. A few examples for you: -+ |
-+
-+ |
-+
-+ %d -+ |
-+-+ |
-+
-+ ==> 12 -+ |
-+-+ | -+
-+ |
-+
-+ %5.2f -+ |
-+-+ |
-+
-+ ==> 12.34 -+ |
-+-+ | -+
-+ |
-+
-+ %05.1f -+ |
-+-+ |
-+
-+ ==> 012.3 -+ |
-+-+ | -+
-+ |
-+
-+ Debug -+ |
-+-+ | -+ | -+ | -+
-+ |
-+ Default: no |
-+
-+ |
-+ Not for use by normal users. Setting this option to -+"yes" will put MailScanner into debugging mode, in -+which it creates slightly more output and will not become a -+daemon. -+ |
-+
-+ |
-+ Debug SpamAssassin |
-+
-+ |
-+ Default: no -+ -+Do you want to debug SpamAssassin from within -+MailScanner? -+ |
-+
-+ |
-+ Run In Foreground |
-+
-+ |
-+ Default: no -+ -+Set Run In Foreground to "yes" if you want -+MailScanner to operate normally in foreground (and not as a -+background daemon). Use this if you are controlling the -+execution of MailScanner with a tool like DJB’s -+’supervise’ (see -+http://cr.yp.to/daemontools.html). -+ |
-+
-+ |
-+ LDAP Server |
-+
-+ |
-+ Default: -+ -+If you are using an LDAP server to read the -+configuration, these are the details required for the LDAP -+connection. The connection is anonymous. Example: -+localhost -+ |
-+
-+ |
-+ LDAP Base |
-+
-+ |
-+ Default: -+ -+If you are using an LDAP server to read the -+configuration, these are the details required for the LDAP -+connection. The connection is anonymous. Example: o=fsl -+ |
-+
-+ |
-+ LDAP Site |
-+
-+ |
-+ Default: -+ -+If you are using an LDAP server to read the -+configuration, these are the details required for the LDAP -+connection. The connection is anonymous. Example: -+default -+ |
-+
-+ |
-+ Always Looked Up Last |
-+
-+ |
-+ Default: no -+ -+The value of the option is actually never used, but it is -+evaluated at the end of processing a batch of messages. It -+is designed to be used in conjunction with a Custom -+Function. The Custom Function should then be written to have -+a "side effect" of doing something useful such as -+logging lots of information about the batch of messages to a -+file or an SQL database. -+ |
-+
-+ |
-+ Deliver in Background |
-+
-+ |
-+ Default: yes -+ -+When attempting delivery of any messages (when the -+"Delivery Method = batch") the sendmail/Exim -+command will be run in the background so that MailScanner -+does not have to wait for the delivery attempt to complete. -+There are very few good reasons for setting this to -+"no". -+ |
-+
-+ |
-+ Lockfile Dir |
-+
-+ |
-+ Default: /tmp -+ -+This is the directory in which lock files are placed to -+stop the virus scanners used while they are in the middle of -+updating themselves with new virus definitions. If you -+change this at all, you will need to edit the -+"autoupdate" scripts for all your virus -+scanners. -+ |
-+
-+ |
-+ Custom Functions Dir |
-+
-+ |
-+ Default:
-+/opt/MailScanner/lib/MailScanner/CustomFunctions Where to put the code for your "Custom -+Functions". No code in this directory should be -+over−written by the installation or upgrade process. -+All files starting with "." or ending with -+".rpmnew" will be ignored, all other files will be -+compiled and may be used with Custom Functions. -+ |
-+
-+ |
-+ Lock Type |
-+
-+ |
-+ Do not set this option to anything unless you know -+exactly what you are doing. For sendmail and Exim, -+MailScanner will choose the correct value by default. This -+affects how mail queue files are locked, and your mail will -+be totally screwed up if you set this option to anything -+other than the correct value for your MTA. So leave it alone -+and let MailScanner choose the correct value for you. -+ |
-+
-+ |
-+ Minimum Code Status |
-+
-+ |
-+ Default: supported -+ -+Minimum acceptable code stability status −− -+if we come across code that’s not at least as stable -+as this, we barf. This is currently only used to check that -+you don’t end up using untested virus scanner support -+code without realising it. Don’t even *think* about -+setting this to anything other than "beta" or -+"supported" on a system that receives real mail -+until you have tested it yourself and are happy that it is -+all working as you expect it to. Don’t set it to -+anything other than "supported" on a system that -+could ever receive important mail. Levels used are: -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ none − there may not even be any code. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ unsupported − code may be completely untested, a -+contributed dirty hack, anything, really. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ alpha − code is pretty well untested. Don’t -+assume it will work. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ beta − code is tested a bit. It should work. -+ |
-+
-+ |
-+
-+ • -+ |
-+-+ |
-+
-+ supported − code *should* be reliable. -+ |
-+
-+ |
-+ Split Exim Spool |
-+
-+ |
-+ Default: yes |
-+
-+ |
-+ Are you using Exim with split spool directories? If you -+don’t understand this, the answer is probably -+"no". Refer to the Exim documentation for more -+information about split spool directories. -+ |
-+
-+ |
-+ Use Default Rules With Multiple -+Recipients |
-+
-+ |
-+ Default: no -+ -+When trying to work out the value of configuration
-+parameters which are using a ruleset, this controls the
-+behaviour when a rule is checking the "To:"
-+addresses. If this option is set to "no", then
-+some rules will use the result they get from the first
-+matching rule for any of the recipients of a message, so the
-+exact value cannot be predicted for messages with more than
-+1 recipient. This value *cannot* be the filename of a
-+ruleset. |
-+
-+ |
-+
-+ a) -+ |
-+-+ |
-+
-+ 1 recipient. Same behaviour as normal. -+ |
-+
-+ |
-+
-+ b) -+ |
-+-+ |
-+
-+ Several recipients, but all in the same domain -+(domain.com for example). The rules are checked for one that -+matches the string "*@domain.com". -+ |
-+
-+ |
-+
-+ c) -+ |
-+-+ |
-+
-+ Several recipients, not all in the same domain. The -+rules are checked for one that matches the string -+"*@*". -+ |
-+
-+ |
-+ Ruleset files should all be put in -+/opt/MailScanner/etc/rules (FreeBSD: -+/usr/local/etc/MailScanner/rules) and their filename should -+end in ".rules" wherever possible. -+ -+All blank lines are ignored, and comments start with -+"#" and continue to the end of the line, like -+this: # This line is just a comment -+ -+Other than that, every line is a rule and looks like this -+example: From: john.doe@domain.com yes -+ -+As you can see, each rule has 3 fields: 1. Direction should be one of the following: -+ |
-+
-+ |
-+
-+ From: -+ |
-+-+ |
-+
-+ Matches when the message is from a matching address -+ |
-+-+ | -+
-+ |
-+
-+ To: -+ |
-+-+ |
-+
-+ Matches when the message is to a matching address -+ |
-+-+ | -+
-+ |
-+ FromOrTo: |
-+
-+ |
-+ Matches when the message is from or to a matching -+address -+ |
-+
-+ |
-+ FromAndTo: |
-+
-+ |
-+ Matches when the message is from and to a matching -+address -+ |
-+
-+ |
-+ The syntax of these is very loosely defined. Any word -+containing "from", any word containing -+"to", any word containing "from" and -+"to" (in either order), and any word containing -+"and" will work just fine. You can put them in -+upper or lower case, it doesn’t matter. And any -+additional punctuation will be ignored. |
-+
-+ |
-+ This specifies the whether the rule should be matched -+against the sender’s address (or IP address), or the -+recipient’s address. -+ |
-+
-+ |
-+ 2. The pattern describes what messages should match this -+rule. Some examples are: -+ -+user@sub.domain.com # Individual address You should be able to do just about anything with -+that. -+ -+3. The result value is what you could have put in the -+entry in the main mailscanner.conf file had you not given -+the filename of a ruleset instead. -+ -+See the file EXAMPLES for a few ideas on how to do things -+with this system. -+ |
-+
-+ |
-+ This is held in the filename pointed to by the -+configuration option Filename rules. It contains a set of -+rules that are used to judge whether any given file -+attachment should be accepted or rejected on the basis of -+its filename, regardless of whether it is found to be -+virus−infected or not. This can not only be used for -+draconian measures such as banning all .exe attachments, but -+it can be used with any Perl regular expression to provide -+facilities such as detection of attempts at hiding -+filenames. -+ -+Many Windows e−mail programs (eg. Microsoft -+Outlook) hide common file extensions in an attempt to not -+baffle the user. The result is that while an attachment -+called "Your Document.doc" is helpfully displayed -+as "Your Document", a more sinister attachment -+just as "Looks Safe.txt.pif" will appear simply as -+"Looks Safe.txt". Many users recognise the .txt -+filename extension as applying to plain text files, which -+they know are safe. So even an experienced user may well -+double−click on this attachment thinking it is just -+going to start Notepad and display the text file. However, -+the file is really an MS−Dos shortcut (.pif file) and -+can execute any arbitrary commands the author wanted: all -+without any indication to the unwitting user. -+ -+The rules are matched in order from the top to the bottom -+of the file, and the first rule containing a matching -+regular expression is used. Each line of the file is either -+blank, a comment (in which case it starts with a -+’#’ character) or is a rule made up of 4 fields -+separated by one or more TAB characters: -+ |
-+
-+ |
-+ allow / deny |
-+
-+ |
-+ Accept or reject the attachment if its filename matches -+the regular expression -+ |
-+
-+ |
-+ regular expression |
-+
-+ |
-+ The rule is executed if the attachment matches this -+expression. It may optionally be surrounded in -+’/’ characters. -+ |
-+
-+ |
-+ log text |
-+
-+ |
-+ If the rule matches, this text is placed in the syslog. -+If the text is "−", no string is logged. -+ |
-+
-+ |
-+ user text |
-+
-+ |
-+ If the rule matches, this text is placed in the text -+message sent to the user. If the text is -+"−", no text is used. -+ |
-+
-+ |
-+ Please have a look at the filename.rules.conf or -+filename.rules.conf.sample file provided with this -+distribution/package/port. -+ |
-+
-+ |
-+ MailScanner(8) -+ |
-+
Default: no
++Log all occurrences of HTML tags found in messages, that can
++be blocked. This will help you build up your whitelist of
++message sources for which particular HTML tags should be
++allowed, such as mail from newsletters and daily cartoon
++strips. This can also be the filename of a ruleset.