# ---------------------------------------------------------------- # policyd-weight configuration (defaults) Version 0.1.14 beta # ---------------------------------------------------------------- $DEBUG = 0; # 1 or 0 - don't comment $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; $REJECTLEVEL = 1; # Mails with scores which exceed this # REJECTLEVEL will be rejected $DEFER_STRING = 'IN_SPAMCOP= BOGUS_MX='; # A space separated case-sensitive list of # strings on which if found in the $RET # logging-string policyd-weight changes # its action to $DEFER_ACTION in case # of rejects. # USE WITH CAUTION! # DEFAULT: "IN_SPAMCOP= BOGUS_MX=" $DEFER_ACTION = '450'; # Possible values: DEFER_IF_PERMIT, # DEFER_IFREJECT, # 4xx response codes. See also access(5) # DEFAULT: 450 $DEFER_LEVEL = 5; # DEFER mail only up to this level # scores greater than DEFER_LEVEL will be # rejected # DEFAULT: 5 $DNSERRMSG = '450 No DNS entries for your MTA, HELO and Domain. Contact YOUR administrator'; $dnsbl_checks_only = 0; # 1: ON, 0: OFF (default) $LOG_BAD_RBL_ONLY = 1; # 1: ON (default), 0: OFF ## DNSBL settings @dnsbl_score = ( # HOST, BAD SCORE, GOOD SCORE, LOG NAME 'dynablock.njabl.org', 3.25, 0, 'DYN_NJABL', 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', 'list.dsbl.org', 4.35, 0, 'DSBL_ORG', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU', ); $MAXDNSBLHITS = 4; # If Client IP is listed in MORE # DNSBLS than this var, it gets # REJECTed immediately $MAXDNSBLSCORE = 16; # alternatively, if the score of # DNSBLs is ABOVE this # level, reject immediately $MAXDNSBLMSG = '550 Your MTA is listed in too many DNSBLs'; ## RHSBL settings @rhsbl_score = ( 'multi.surbl.org', 4, 0, 'SURBL', 'rhsbl.ahbl.org', 1.8, 0, 'AHBL', 'dsn.rfc-ignorant.org', 3.2, 0, 'DSN_RFCI', 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' ); ## cache stuff $LOCKPATH = '/tmp/.policyd-weight/'; # must be a directory (add # trailing slash) $SPATH = $LOCKPATH.'/polw.sock'; $MAXIDLECACHE = 60; # how many seconds the cache may be idle # before starting maintenance routines # NOTE: standard maintenance jobs happen # regardless of this setting. $MAINTENANCE_LEVEL = 5; # after this number of requests do following # maintenance jobs: # checking for config changes # negative (i.e. SPAM) result cache settings ################################## $CACHESIZE = 320; # set to 0 to disable caching for spam results. # To this level the cache gets shrunked on cleanups $CACHEMAXSIZE = 480; # at this number of entries cleanup takes place $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; $NTTL = 1; # after NTTL retries the cache entry is deleted $NTIME = 30; # client MUST NOT retry within this seconds in order # to decrease TTL counter # positve (i.,e. HAM) result cache settings ################################### $POSCACHESIZE = 320; # set to 0 to disable caching of HAM. On this level # the cache gets shrunk on cleanups $POSCACHEMAXSIZE = 480; # at this number of entries cleanup takes place $POSCACHEMSG = 'using cached result'; $PTTL = 60; # after PTTL request the HAM entry is deletet # from cache and it must been reverified ## DNS settings $DNS_RETRIES = 2; $DNS_RETRY_IVAL = 2; $MAXDNSERR = 3; # max error count for unresponded queries $MAXDNSERRMSG = 'passed - too many local DNS-errors'; $PUDP = 0; # persistent udp connection for DNS queries. # broken in Net::DNS version 0.51. Works with # Net::DNS 0.53; DEFAULT: off $USE_NET_DNS = 0; # Force the usage of Net::DNS for RBL lookups. # Normally policyd-weight tries to use a faster # RBL lookup routine instead of Net::DNS $IPC_TIMEOUT = 2; # timeout for receiving from cache instance # scores for checks, WARNING: they may manipulate eachother # or be factors for other scores. # Bad score, Good Score @client_ip_eq_helo_score = (1.5, -1.25 ); @helo_score = (1.5, -2 ); @helo_from_mx_eq_ip_score = (1.5, -3.1 ); @helo_numeric_score = (1.5, 0 ); @from_match_regex_verified_helo = (1, -2 ); @from_match_regex_unverified_helo = (1.6, -1.5 ); @from_match_regex_failed_helo = (2.5, 0 ); @helo_seems_dialup = (1, 0 ); @failed_helo_seems_dialup = (2, 0 ); @helo_ip_in_client_subnet = (0, -1.2 ); @helo_ip_in_cl16_subnet = (0, -0.41 ); @client_seems_dialup_score = (3.75, 0 ); @from_multiparted = (1.09, 0 ); @from_anon = (1.17, 0 ); @bogus_mx_score = (2.1, 0 ); @random_sender_score = (0.25, 0 ); @rhsbl_penalty_score = (3.1, 0 ); $VERBOSE = 0; $ADD_X_HEADER = 1; # switch on or off an additional # X-policyd-weight: header # DEFAULT: on $DEFAULT_RESPONSE = 'DUNNO default'; # # Syslogging options for verbose mode and for fatal errors. # NOTE: comment out the $syslog_socktype line if syslogging does not # work on your system. # $syslog_socktype = 'unix'; # inet, unix, stream, console $syslog_facility = "mail"; $syslog_options = "pid"; $syslog_priority = "info"; $syslog_ident = "postfix/policyd-weight"; # # Process Options # $USER = "polw"; # User must be a username, no UID $GROUP = ""; # specify GROUP if necessary # DEFAULT: empty, will be initialized as # $USER $MAX_PROC = 50; # Upper limit if child processes $MIN_PROC = 3; # keep that minimum processes alive $TCP_PORT = 12525; # The TCP port on which policyd-weight # listens for policy requests from postfix $BIND_ADDRESS = '127.0.0.1'; # IP-Address on which policyd-weight will # listen for requests. # You may only list ONE IP here, if you want # to listen on all IPs you need to say 'all' # here. Default is '127.0.0.1'. # You need to restart policyd-weight if you # change this. $SOMAXCONN = 1024; # Maximum of client connections # policyd-weight accepts # Default: 1024 $CHILDIDLE = 240; # how many seconds a child may be idle before # it dies. $PIDFILE = "/var/run/policyd-weight.pid";