diff options
Diffstat (limited to 'mail/mailscanner-devel/files/patch-docs:man:MailScanner.conf.5')
-rw-r--r-- | mail/mailscanner-devel/files/patch-docs:man:MailScanner.conf.5 | 408 |
1 files changed, 397 insertions, 11 deletions
diff --git a/mail/mailscanner-devel/files/patch-docs:man:MailScanner.conf.5 b/mail/mailscanner-devel/files/patch-docs:man:MailScanner.conf.5 index 270f2fd..cb61190 100644 --- a/mail/mailscanner-devel/files/patch-docs:man:MailScanner.conf.5 +++ b/mail/mailscanner-devel/files/patch-docs:man:MailScanner.conf.5 @@ -1,25 +1,411 @@ ---- ../MailScanner-4.29.5.orig/docs/man/MailScanner.conf.5 Tue Mar 23 14:41:54 2004 -+++ docs/man/MailScanner.conf.5 Tue Mar 23 14:42:19 2004 +--- ../MailScanner-install-4.31.3.orig/docs/man/MailScanner.conf.5 Wed May 26 14:39:41 2004 ++++ docs/man/MailScanner.conf.5 Wed May 26 14:40:02 2004 @@ -1,4 +1,4 @@ --.TH "MailScanner.conf" "5" "4.28.5" "Julian Field" "Mail" -+.TH "MailScanner.conf" "5" "4.29.5" "Julian Field" "Mail" +-.TH "MailScanner.conf" "5" "4.30.1" "Julian Field" "Mail" ++.TH "MailScanner.conf" "5" "4.31.4" "Julian Field" "Mail" .SH "NAME" .LP MailScanner.conf \- Main configuration for MailScanner -@@ -1739,6 +1739,16 @@ +@@ -117,16 +117,20 @@ + Directory in which MailScanner should find e\-mail messages for scanning. This can be any of the following: + .br + ++.RS 7 ++.IP 1. 4 ++a directory name. ++.br ++Example: /var/spool/mqueue.in ++.IP 2. 4 ++a wildcard giving directory names. ++.br ++Example: /var/spool/mqueue.in/* ++.IP 3. 4 ++the name of a file containing a list of directory names, which can in turn contain wildcards. + .br +-1. a directory name. Example: /var/spool/mqueue.in +-.br +- +-.br +-2. a wildcard giving directory names. Example: /var/spool/mqueue.in/* +-.br +- +-.br +-3. the name of a file containing a list of directory names, which can in turn contain wildcards. Example: /usr/local/etc/MailScanner/mqueue.in.list.conf ++Example: /usr/local/etc/MailScanner/mqueue.in.list.conf ++.RE + + .TP + \fBOutgoing Queue Dir\fR +@@ -481,7 +485,7 @@ + .br + + .br +-Which Virus Scanning package to use. Possible choices are sophos, sophossavi, mcafee, command, kaspersky, kaspersky\-4.5, kavdaemonclient, inoculate, inoculan, onoculan, nod32, nod32\-1.99, f\-secure, f\-prot, panda, rav, antivir, clamav, clamavmodule, css, trend, bitdefender, none (no virus scanning at all) ++Which Virus Scanning package to use. Possible choices are sophos, sophossavi, mcafee, command, bitdefender, kaspersky, kaspersky\-4.5, kavdaemonclient, inoculate, inoculan, nod32, nod32\-1.99, f\-secure, f\-prot, panda, rav, antivir, clamav, clamavmodule, css, trend, norman, avg, vexira, none (no virus scanning at all) + .br + + .br +@@ -515,17 +519,18 @@ + .br + Messages whose virus reports contain any of the words listed here will be treated as "silent" viruses. No messages will be sent back to the senders of these viruses, and the delivery to the recipient of the message can be controlled by the next option "Still Deliver Silent Viruses". This is primarily designed for viruses such as "Klez" and "Bugbear" which put fake addresses on messages they send, so there is no point informing the sender of the message, as it won't actually be them who sent it anyway. Other words that can be put in this list are the 5 special keywords + .br ++.RS 7 ++.IP \(bu 4 + HTML\-IFrame: inserting this will stop senders being warned about HTML Iframe tags, when they are not allowed. +-.br ++.IP \(bu 4 + HTML\-Codebase: inserting this will stop senders being warned about HTML Object Codebase tags, when they are not allowed. +-.br ++.IP \(bu 4 + Zip\-Password: inserting this will stop senders being warned about password\-protected zip files when they are not allowd. This keyword is not needed if you include All\-Viruses. +-.br ++.IP \(bu 4 + All\-Viruses: inserting this will stop senders being warned about any virus, while still allowing you to warn senders about HTML\-based attacks. This includes Zip\-Password so you don't need to include both. + .br +- +-.br + The default of "All\-Viruses" means that no senders of viruses will be notified (as the sender address is always forged these days anyway), but anyone who sends a message that is blocked for other reasons will still be notified. ++.RE + + + .TP +@@ -580,17 +585,16 @@ + .br + + .br +-Do you want to allow HTML <IFrame> tags in email messages? This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to go unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy. Possible Values: +-.br +- ++Do you want to allow HTML <IFrame> tags in email messages? This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to go unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy. This can also be the filename of a ruleset, so you can allow them from known mailing lists but ban them from everywhere else. Possible Values: + .br ++.RS 7 ++.IP \(bu 4 + yes => Allow these tags to be in the message ++.IP \(bu 4 + no => Ban messages containing these tags ++.IP \(bu 4 + disarm => Allow these tags, but stop these tags from working +-.br +- +-.br +-This can also be the filename of a ruleset, so you can allow them from known mailing lists but ban them from everywhere else. ++.RE + .TP + \fBLog IFrame Tags\fR +@@ -606,13 +610,50 @@ .br - This is the directory in which lock files are placed to stop the virus scanners used while they are in the middle of updating themselves with new virus definitions. If you change this at all, you will need to edit the "autoupdate" scripts for all your virus scanners. + + .br +-Do you want to allow <Form> tags in email messages? This is a bad idea as these are used as scams to pursuade people to part with credit card information and other personal data. This can also be the filename of a ruleset. Possible values: ++Do you want to allow <Form> tags in email messages? This is a bad idea as these are used as scams to persuade people to part with credit card information and other personal data. This can also be the filename of a ruleset. Possible values: ++.br ++.RS 7 ++.IP \(bu 4 ++yes => Allow these tags to be in the message ++.IP \(bu 4 ++no => Ban messages containing these tags ++.IP \(bu 4 ++disarm => Allow these tags, but stop these tags from working ++.RE ++ ++.TP ++\fBAllow Script Tags\fR ++Default: no ++.br ++ ++.br ++Do you want to allow <Script> tags in email messages? This is a bad idea as these are used to exploit vulnerabilities in email applications and web browsers. This can also be the filename of a ruleset. Possible values: ++.br ++.RS 7 ++.IP \(bu 4 ++yes => Allow these tags to be in the message ++.IP \(bu 4 ++no => Ban messages containing these tags ++.IP \(bu 4 ++disarm => Allow these tags, but stop these tags from working ++.RE + +.TP -+\fBCustom Functions Dir\fR -+Default: /opt/MailScanner/lib/MailScanner/CustomFunctions ++\fBAllow WebBugs\fR ++Default: disarm + .br + + .br ++Do you want to allow <Img> tags with very small images in email messages? This is a bad idea as these are used as 'web bugs' to find out if a message has been read. It is not dangerous, it is just used to make you give away information. This can also be the filename of a ruleset. Possible values: +.br -+Default FreeBSD: /usr/local/lib/MailScanner/MailScanner/CustomFunctions ++.RS 7 ++.IP \(bu 4 + yes => Allow these tags to be in the message ++.IP \(bu 4 + no => Ban messages containing these tags ++.IP \(bu 4 + disarm => Allow these tags, but stop these tags from working ++.RE + + .TP + \fBAllow Object Codebase Tags\fR +@@ -622,11 +663,14 @@ + .br + Do you want to allow <Object Codebase=...> tags in email messages? This is a bad idea as it leaves you unprotected against various Microsoft\-specific security vulnerabilities. But if your users demand it, you can do it. This can also be the filename of a ruleset. Possible values: + .br +- +-.br ++.RS 7 ++.IP \(bu 4 + yes => Allow these tags to be in the message ++.IP \(bu 4 + no => Ban messages containing these tags ++.IP \(bu 4 + disarm => Allow these tags, but stop these tags from working ++.RE + + .TP + \fBConvert Dangerous HTML To Text\fR +@@ -701,6 +745,14 @@ + Set this to store infected / dangerous attachments in directories created under the quarantine directory. Without this, they will be deleted. Due to laws on privacy and data protection in your country, you may be forced to set this to "no". + + .TP ++\fBQuarantine Silent Viruses\fR ++Default: yes +.br + +.br -+Where to put the code for your "Custom Functions". No code in this directory should be over\-written by the installation or upgrade process. All files starting with "." or ending with ".rpmnew" will be ignored, all other files will be compiled and may be used with Custom Functions. ++There is no point quarantining most viruses these days, so if you set this to "no" then no infections listed in your "Silent Viruses" setting will be quarantined, even if you have chosen to quarantine infections in general. This is currently set to "yes" so the behaviour is the same as it was in in previous versions. This can also be the filename of a ruleset. ++ ++.TP + \fBQuarantine Whole Message\fR + Default: no + .br +@@ -1348,6 +1400,14 @@ + If a "Spam List" lookup times out for this many consecutive checks without ever succeeding, then the particular "Spam List" entry will not be used any more, as it appears to be unreachable. When MailScanner restarts itself after a few hours, MailScanner will try to use the entry again, in case service has resumed properly. .TP - \fBLock Type\fR ++\fBSpam List Timeouts History\fR ++Default: 10 ++.br ++ ++.br ++The total number of Spam List attempts during which "Max Spam List Timeouts" will cause the spam list fo be marked as "unavailable". See the previous comment for more information. The default values of 5 and 10 mean that 5 timeouts in any sequence of 10 attempts will cause the list to be marked as "unavailable" until the next periodic restart (see "Restart Every"). ++ ++.TP + \fBIs Definitely Not Spam\fR + Default: %rules\-dir%/spam.whitelist.rules + .br +@@ -1371,6 +1431,14 @@ + .br + Setting this to yes means that spam found in the blacklist is treated as "High Scoring Spam" in the "Spam Actions" section below. Setting it to no means that it will be treated as "normal" spam. This can also be the filename of a ruleset. + ++ ++.TP ++\fBIgnore Spam Whitelist If Recipients Exceed\fR ++Default: 20 ++.br ++ ++.br ++Spammers have learnt that they can get their message through by sending a message with lots of recipients, one of which chooses to whitelist everything coming to them, including the spammer. So if a message arrives with more than this number of recipients, ignore the "Is Definitely Not Spam" whitelist. + .SH "SpamAssassin" + .TP + \fBUse SpamAssassin\fR +@@ -1420,11 +1488,7 @@ + + .TP + \fBSpamAssassin Prefs File\fR +-Default: /opt/MailScanner/etc/spam.assassin.prefs.conf +-.br +-Default Linux: /etc/MailScanner/spam.assassin.prefs.conf +-.br +-Default FreeBSD: /usr/local/etc/MailScanner/spam.assassin.prefs.conf ++Default: %etc\-dir%/spam.assassin.prefs.conf + .br + + .br +@@ -1447,6 +1511,14 @@ + If several consecutive calls to SpamAssassin time out, then MailScanner decides that there is something stopping SpamAssassin from working properly. It will therefore be disabled for the next few hours until MailScanner restarts itself, at which point it will be tried again. + + .TP ++\fBSpamAssassin Timeouts History\fR ++Default: 30 ++.br ++ ++.br ++The total number of SpamAssassin attempts during which "Max SpamAssassin Timeouts" will cause SpamAssassin to be marked as "unavailable". See the previous comment for more information. The default values of 10 and 20 mean that 10 timeouts in any sequence of 20 attempts will trigger the behaviour described above, until the next periodic restart (see "Restart Every"). ++ ++.TP + \fBCheck SpamAssassin If On Spam List\fR + Default: yes + .br +@@ -1462,7 +1534,6 @@ + .br + If this option is set, then the "Spam Header" will be included in the header of every message, so its presence cannot be used to filter out spam by your users' e\-mail applications. + +- + .TP + \fBSpam Score\fR + Default: yes +@@ -1480,7 +1551,6 @@ + .br + If you are using the Bayesian statistics engine on a busy server, you may well need to force a Bayesian database rebuild and expiry at regular intervals. This is measures in seconds. 24 hours = 86400 seconds. To disable this feature set this to 0. + +- + .TP + \fBWait During Bayes Rebuild\fR + Default: no +@@ -1502,35 +1572,25 @@ + .br + This can be any combination of 1 or more of the following keywords, and these actions are applied to any message which is spam. + .br +- +-.br ++.RS 7 ++.IP \(bu 4 + "deliver" \- the message is delivered to the recipient as normal +-.br +- +-.br ++.IP \(bu 4 + "delete" \- the message is deleted +-.br +- +-.br ++.IP \(bu 4 + "store" \- the message is stored in the quarantine +-.br + +-.br ++.IP \(bu 4 + "forward" \- an email address is supplied, to which the message is forwarded +-.br +- +-.br ++.IP \(bu 4 + "notify" \- Send the recipients a short notification that spam addressed to them was not delivered. They can then take action to request retrieval of the orginal message if they think it was not spam. +-.br +- +-.br ++.IP \(bu 4 + "striphtml" \- convert all in\-line HTML content in the message to be stripped to plain text, which removes all images and scripts and so can be used to protect your users from offensive spam. Note that using this action on its own does not imply that the message will be delivered, you will need to specify "deliver" or "forward" to actually deliver the message. +- +-.br ++.IP \(bu 4 + "attachment" \- Convert the original message into an attachment of the message. This means the user has to take an extra step to open the spam, and stops "web bugs" very effectively. +- +-.br ++.IP \(bu 4 + "bounce" \- bounce the spam message. This option should not be used and must be enabled with the "Enable Spam Bounce" option first. ++.RE + + .TP + \fBHigh Scoring Spam Actions\fR +@@ -1654,10 +1714,12 @@ + + .br + The per\-user files (bayes, auto\-whitelist, user_prefs) are looked for here and in ~/.spamassassin/. Note the files are mutable. If this is unset then no extra places are searched for. If using Postfix, you probably want to set this to /var/spool/MailScanner/spamassassin and do +-.br +- mkdir /var/spool/MailScanner/spamassassin ++ ++.RS 10 ++mkdir /var/spool/MailScanner/spamassassin + .br +- chown postfix.postfix /var/spool/MailScanner/spamassassin ++chown postfix.postfix /var/spool/MailScanner/spamassassin ++.RE + + .TP + \fBSpamAssassin Install Prefix\fR +@@ -1673,7 +1735,21 @@ + .br + + .br +-The site\-local rules are searched for here, and in prefix /etc/spamassassin, prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, /etc/mail/spamassassin, and maybe others. If this is set then it adds to the list of places that are searched; otherwise it has no effect. ++This tells MailScanner where to look for the site\-local rules. If this is set it adds to the list of places that are searched. MailScanner will always look at the following places (even if this option is not set): ++.RS 7 ++.IP \(bu 4 ++prefix/etc/spamassassin ++.IP \(bu 4 ++prefix/etc/mail/spamassassin ++.IP \(bu 4 ++/usr/local/etc/spamassassin ++.IP \(bu 4 ++/etc/spamassassin ++.IP \(bu 4 ++/etc/mail/spamassassin ++.IP \(bu 4 ++maybe others as well ++.RE + + .TP + \fBSpamAssassin Default Rules Dir\fR +@@ -1681,7 +1757,17 @@ + .br + + .br +-The default rules are searched for here, and in prefix/share/spamassassin, /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. If this is set then it adds to the list of places that are searched; otherwise it has no effect. ++This tells MailScanner where to look for the default rules. If this is set it adds to the list of places that are searched. MailScanner will always look at the following places (even if this option is not set): ++.RS 7 ++.IP \(bu 4 ++prefix/share/spamassassin ++.IP \(bu 4 ++/usr/local/share/spamassassin ++.IP \(bu 4 ++/usr/share/spamassassin ++.IP \(bu 4 ++maybe others as well ++.RE + .SH "Advanced Settings" + .TP + \fBDebug\fR +@@ -1768,8 +1854,20 @@ + .br + + .br +-Some of the virus scanners are not supported by the authors of MailScanner, and they may use code contributed by another user. If this option is set to the wrong value for your virus scanners, then you will get an error message in your maillog (syslog) telling you tha# Are you using Exim with split spool directories? If you don't understand # this, the answer is probably "no". Refer to the Exim documentation for # more information about split spool directories. +-Split Exim Spool = yes ++Minimum acceptable code stability status \-\- if we come across code that's not at least as stable as this, we barf. This is currently only used to check that you don't end up using untested virus scanner support code without realising it. Don't even *think* about setting this to anything other than "beta" or "supported" on a system that receives real mail until you have tested it yourself and are happy that it is all working as you expect it to. Don't set it to anything other than "supported" on a system that could ever receive important mail. Levels used are: ++ ++.RS 7 ++.IP \(bu 4 ++none \- there may not even be any code. ++.IP \(bu 4 ++unsupported \- code may be completely untested, a contributed dirty hack, anything, really. ++.IP \(bu 4 ++alpha \- code is pretty well untested. Don't assume it will work. ++.IP \(bu 4 ++beta \- code is tested a bit. It should work. ++.IP \(bu 4 ++supported \- code *should* be reliable. ++.RE + + .TP + \fBSplit Exim Spool\fR +@@ -1785,20 +1883,17 @@ + .br + + .br +-When trying to work out the value of configuration parameters which are using a ruleset, this controls the behaviour when a rule is checking the "To:" addresses. If this option is set to "yes", then the following happens when checking the ruleset: +-.br +- +-.br +-a) 1 recipient. Same behaviour as normal. ++When trying to work out the value of configuration parameters which are using a ruleset, this controls the behaviour when a rule is checking the "To:" addresses. If this option is set to "no", then some rules will use the result they get from the first matching rule for any of the recipients of a message, so the exact value cannot be predicted for messages with more than 1 recipient. This value *cannot* be the filename of a ruleset. + .br +-b) Several recipients, but all in the same domain (domain.com for example). The rules are checked for one that matches the string "*@domain.com". +-.br +-c) Several recipients, not all in the same domain. The rules are checked for one that matches the string "*@*". +-.br +- +-.br +-If this option is set to "no", then some rules will use the result they get from the first matching rule for any of the recipients of a message, so the exact value cannot be predicted for messages with more than 1 recipient. This value *cannot* be the filename of a ruleset. +- ++If this option is set to "yes", then the following happens when checking the ruleset: ++.RS 7 ++.IP a) 4 ++1 recipient. Same behaviour as normal. ++.IP b) 4 ++Several recipients, but all in the same domain (domain.com for example). The rules are checked for one that matches the string "*@domain.com". ++.IP c) 4 ++Several recipients, not all in the same domain. The rules are checked for one that matches the string "*@*". ++.RE + .SH "RULESETS" + .LP + Ruleset files should all be put in /opt/MailScanner/etc/rules (FreeBSD: /usr/local/etc/MailScanner/rules) and their filename should end in ".rules" wherever possible. |