1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
|
--- ../MailScanner-4.30.3.orig/docs/man/MailScanner.conf.5 Mon May 3 10:48:25 2004
+++ docs/man/MailScanner.conf.5 Mon May 3 10:48:39 2004
@@ -1,4 +1,4 @@
-.TH "MailScanner.conf" "5" "4.30.1" "Julian Field" "Mail"
+.TH "MailScanner.conf" "5" "4.30.3" "Julian Field" "Mail"
.SH "NAME"
.LP
MailScanner.conf \- Main configuration for MailScanner
@@ -117,16 +117,20 @@
Directory in which MailScanner should find e\-mail messages for scanning. This can be any of the following:
.br
+.RS 7
+.IP 1. 4
+a directory name.
+.br
+Example: /var/spool/mqueue.in
+.IP 2. 4
+a wildcard giving directory names.
+.br
+Example: /var/spool/mqueue.in/*
+.IP 3. 4
+the name of a file containing a list of directory names, which can in turn contain wildcards.
.br
-1. a directory name. Example: /var/spool/mqueue.in
-.br
-
-.br
-2. a wildcard giving directory names. Example: /var/spool/mqueue.in/*
-.br
-
-.br
-3. the name of a file containing a list of directory names, which can in turn contain wildcards. Example: /usr/local/etc/MailScanner/mqueue.in.list.conf
+Example: /usr/local/etc/MailScanner/mqueue.in.list.conf
+.RE
.TP
\fBOutgoing Queue Dir\fR
@@ -515,17 +519,18 @@
.br
Messages whose virus reports contain any of the words listed here will be treated as "silent" viruses. No messages will be sent back to the senders of these viruses, and the delivery to the recipient of the message can be controlled by the next option "Still Deliver Silent Viruses". This is primarily designed for viruses such as "Klez" and "Bugbear" which put fake addresses on messages they send, so there is no point informing the sender of the message, as it won't actually be them who sent it anyway. Other words that can be put in this list are the 5 special keywords
.br
+.RS 7
+.IP \(bu 4
HTML\-IFrame: inserting this will stop senders being warned about HTML Iframe tags, when they are not allowed.
-.br
+.IP \(bu 4
HTML\-Codebase: inserting this will stop senders being warned about HTML Object Codebase tags, when they are not allowed.
-.br
+.IP \(bu 4
Zip\-Password: inserting this will stop senders being warned about password\-protected zip files when they are not allowd. This keyword is not needed if you include All\-Viruses.
-.br
+.IP \(bu 4
All\-Viruses: inserting this will stop senders being warned about any virus, while still allowing you to warn senders about HTML\-based attacks. This includes Zip\-Password so you don't need to include both.
.br
-
-.br
The default of "All\-Viruses" means that no senders of viruses will be notified (as the sender address is always forged these days anyway), but anyone who sends a message that is blocked for other reasons will still be notified.
+.RE
.TP
@@ -580,17 +585,16 @@
.br
.br
-Do you want to allow HTML <IFrame> tags in email messages? This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to go unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy. Possible Values:
-.br
-
+Do you want to allow HTML <IFrame> tags in email messages? This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to go unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy. This can also be the filename of a ruleset, so you can allow them from known mailing lists but ban them from everywhere else. Possible Values:
.br
+.RS 7
+.IP \(bu 4
yes => Allow these tags to be in the message
+.IP \(bu 4
no => Ban messages containing these tags
+.IP \(bu 4
disarm => Allow these tags, but stop these tags from working
-.br
-
-.br
-This can also be the filename of a ruleset, so you can allow them from known mailing lists but ban them from everywhere else.
+.RE
.TP
\fBLog IFrame Tags\fR
@@ -608,11 +612,14 @@
.br
Do you want to allow <Form> tags in email messages? This is a bad idea as these are used as scams to pursuade people to part with credit card information and other personal data. This can also be the filename of a ruleset. Possible values:
.br
-
-.br
+.RS 7
+.IP \(bu 4
yes => Allow these tags to be in the message
+.IP \(bu 4
no => Ban messages containing these tags
+.IP \(bu 4
disarm => Allow these tags, but stop these tags from working
+.RE
.TP
\fBAllow Object Codebase Tags\fR
@@ -622,11 +629,14 @@
.br
Do you want to allow <Object Codebase=...> tags in email messages? This is a bad idea as it leaves you unprotected against various Microsoft\-specific security vulnerabilities. But if your users demand it, you can do it. This can also be the filename of a ruleset. Possible values:
.br
-
-.br
+.RS 7
+.IP \(bu 4
yes => Allow these tags to be in the message
+.IP \(bu 4
no => Ban messages containing these tags
+.IP \(bu 4
disarm => Allow these tags, but stop these tags from working
+.RE
.TP
\fBConvert Dangerous HTML To Text\fR
@@ -1348,6 +1358,14 @@
If a "Spam List" lookup times out for this many consecutive checks without ever succeeding, then the particular "Spam List" entry will not be used any more, as it appears to be unreachable. When MailScanner restarts itself after a few hours, MailScanner will try to use the entry again, in case service has resumed properly.
.TP
+\fBSpam List Timeouts History\fR
+Default: 10
+.br
+
+.br
+The total number of Spam List attempts during which "Max Spam List Timeouts" will cause the spam list fo be marked as "unavailable". See the previous comment for more information. The default values of 5 and 10 mean that 5 timeouts in any sequence of 10 attempts will cause the list to be marked as "unavailable" until the next periodic restart (see "Restart Every").
+
+.TP
\fBIs Definitely Not Spam\fR
Default: %rules\-dir%/spam.whitelist.rules
.br
@@ -1371,6 +1389,14 @@
.br
Setting this to yes means that spam found in the blacklist is treated as "High Scoring Spam" in the "Spam Actions" section below. Setting it to no means that it will be treated as "normal" spam. This can also be the filename of a ruleset.
+
+.TP
+\fBIgnore Spam Whitelist If Recipients Exceed\fR
+Default: 20
+.br
+
+.br
+Spammers have learnt that they can get their message through by sending a message with lots of recipients, one of which chooses to whitelist everything coming to them, including the spammer. So if a message arrives with more than this number of recipients, ignore the "Is Definitely Not Spam" whitelist.
.SH "SpamAssassin"
.TP
\fBUse SpamAssassin\fR
@@ -1420,11 +1446,7 @@
.TP
\fBSpamAssassin Prefs File\fR
-Default: /opt/MailScanner/etc/spam.assassin.prefs.conf
-.br
-Default Linux: /etc/MailScanner/spam.assassin.prefs.conf
-.br
-Default FreeBSD: /usr/local/etc/MailScanner/spam.assassin.prefs.conf
+Default: %etc\-dir%/spam.assassin.prefs.conf
.br
.br
@@ -1447,6 +1469,14 @@
If several consecutive calls to SpamAssassin time out, then MailScanner decides that there is something stopping SpamAssassin from working properly. It will therefore be disabled for the next few hours until MailScanner restarts itself, at which point it will be tried again.
.TP
+\fBSpamAssassin Timeouts History\fR
+Default: 30
+.br
+
+.br
+The total number of SpamAssassin attempts during which "Max SpamAssassin Timeouts" will cause SpamAssassin to be marked as "unavailable". See the previous comment for more information. The default values of 10 and 20 mean that 10 timeouts in any sequence of 20 attempts will trigger the behaviour described above, until the next periodic restart (see "Restart Every").
+
+.TP
\fBCheck SpamAssassin If On Spam List\fR
Default: yes
.br
@@ -1462,7 +1492,6 @@
.br
If this option is set, then the "Spam Header" will be included in the header of every message, so its presence cannot be used to filter out spam by your users' e\-mail applications.
-
.TP
\fBSpam Score\fR
Default: yes
@@ -1480,7 +1509,6 @@
.br
If you are using the Bayesian statistics engine on a busy server, you may well need to force a Bayesian database rebuild and expiry at regular intervals. This is measures in seconds. 24 hours = 86400 seconds. To disable this feature set this to 0.
-
.TP
\fBWait During Bayes Rebuild\fR
Default: no
@@ -1502,35 +1530,25 @@
.br
This can be any combination of 1 or more of the following keywords, and these actions are applied to any message which is spam.
.br
-
-.br
+.RS 7
+.IP \(bu 4
"deliver" \- the message is delivered to the recipient as normal
-.br
-
-.br
+.IP \(bu 4
"delete" \- the message is deleted
-.br
-
-.br
+.IP \(bu 4
"store" \- the message is stored in the quarantine
-.br
-.br
+.IP \(bu 4
"forward" \- an email address is supplied, to which the message is forwarded
-.br
-
-.br
+.IP \(bu 4
"notify" \- Send the recipients a short notification that spam addressed to them was not delivered. They can then take action to request retrieval of the orginal message if they think it was not spam.
-.br
-
-.br
+.IP \(bu 4
"striphtml" \- convert all in\-line HTML content in the message to be stripped to plain text, which removes all images and scripts and so can be used to protect your users from offensive spam. Note that using this action on its own does not imply that the message will be delivered, you will need to specify "deliver" or "forward" to actually deliver the message.
-
-.br
+.IP \(bu 4
"attachment" \- Convert the original message into an attachment of the message. This means the user has to take an extra step to open the spam, and stops "web bugs" very effectively.
-
-.br
+.IP \(bu 4
"bounce" \- bounce the spam message. This option should not be used and must be enabled with the "Enable Spam Bounce" option first.
+.RE
.TP
\fBHigh Scoring Spam Actions\fR
@@ -1654,10 +1672,12 @@
.br
The per\-user files (bayes, auto\-whitelist, user_prefs) are looked for here and in ~/.spamassassin/. Note the files are mutable. If this is unset then no extra places are searched for. If using Postfix, you probably want to set this to /var/spool/MailScanner/spamassassin and do
-.br
- mkdir /var/spool/MailScanner/spamassassin
+
+.RS 10
+mkdir /var/spool/MailScanner/spamassassin
.br
- chown postfix.postfix /var/spool/MailScanner/spamassassin
+chown postfix.postfix /var/spool/MailScanner/spamassassin
+.RE
.TP
\fBSpamAssassin Install Prefix\fR
@@ -1673,7 +1693,21 @@
.br
.br
-The site\-local rules are searched for here, and in prefix /etc/spamassassin, prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, /etc/mail/spamassassin, and maybe others. If this is set then it adds to the list of places that are searched; otherwise it has no effect.
+This tells MailScanner where to look for the site\-local rules. If this is set it adds to the list of places that are searched. MailScanner will always look at the following places (even if this option is not set):
+.RS 7
+.IP \(bu 4
+prefix/etc/spamassassin
+.IP \(bu 4
+prefix/etc/mail/spamassassin
+.IP \(bu 4
+/usr/local/etc/spamassassin
+.IP \(bu 4
+/etc/spamassassin
+.IP \(bu 4
+/etc/mail/spamassassin
+.IP \(bu 4
+maybe others as well
+.RE
.TP
\fBSpamAssassin Default Rules Dir\fR
@@ -1681,7 +1715,17 @@
.br
.br
-The default rules are searched for here, and in prefix/share/spamassassin, /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. If this is set then it adds to the list of places that are searched; otherwise it has no effect.
+This tells MailScanner where to look for the default rules. If this is set it adds to the list of places that are searched. MailScanner will always look at the following places (even if this option is not set):
+.RS 7
+.IP \(bu 4
+prefix/share/spamassassin
+.IP \(bu 4
+/usr/local/share/spamassassin
+.IP \(bu 4
+/usr/share/spamassassin
+.IP \(bu 4
+maybe others as well
+.RE
.SH "Advanced Settings"
.TP
\fBDebug\fR
@@ -1768,8 +1812,20 @@
.br
.br
-Some of the virus scanners are not supported by the authors of MailScanner, and they may use code contributed by another user. If this option is set to the wrong value for your virus scanners, then you will get an error message in your maillog (syslog) telling you tha# Are you using Exim with split spool directories? If you don't understand # this, the answer is probably "no". Refer to the Exim documentation for # more information about split spool directories.
-Split Exim Spool = yes
+Minimum acceptable code stability status \-\- if we come across code that's not at least as stable as this, we barf. This is currently only used to check that you don't end up using untested virus scanner support code without realising it. Don't even *think* about setting this to anything other than "beta" or "supported" on a system that receives real mail until you have tested it yourself and are happy that it is all working as you expect it to. Don't set it to anything other than "supported" on a system that could ever receive important mail. Levels used are:
+
+.RS 7
+.IP \(bu 4
+none \- there may not even be any code.
+.IP \(bu 4
+unsupported \- code may be completely untested, a contributed dirty hack, anything, really.
+.IP \(bu 4
+alpha \- code is pretty well untested. Don't assume it will work.
+.IP \(bu 4
+beta \- code is tested a bit. It should work.
+.IP \(bu 4
+supported \- code *should* be reliable.
+.RE
.TP
\fBSplit Exim Spool\fR
@@ -1785,20 +1841,17 @@
.br
.br
-When trying to work out the value of configuration parameters which are using a ruleset, this controls the behaviour when a rule is checking the "To:" addresses. If this option is set to "yes", then the following happens when checking the ruleset:
-.br
-
-.br
-a) 1 recipient. Same behaviour as normal.
-.br
-b) Several recipients, but all in the same domain (domain.com for example). The rules are checked for one that matches the string "*@domain.com".
+When trying to work out the value of configuration parameters which are using a ruleset, this controls the behaviour when a rule is checking the "To:" addresses. If this option is set to "no", then some rules will use the result they get from the first matching rule for any of the recipients of a message, so the exact value cannot be predicted for messages with more than 1 recipient. This value *cannot* be the filename of a ruleset.
.br
-c) Several recipients, not all in the same domain. The rules are checked for one that matches the string "*@*".
-.br
-
-.br
-If this option is set to "no", then some rules will use the result they get from the first matching rule for any of the recipients of a message, so the exact value cannot be predicted for messages with more than 1 recipient. This value *cannot* be the filename of a ruleset.
-
+If this option is set to "yes", then the following happens when checking the ruleset:
+.RS 7
+.IP a) 4
+1 recipient. Same behaviour as normal.
+.IP b) 4
+Several recipients, but all in the same domain (domain.com for example). The rules are checked for one that matches the string "*@domain.com".
+.IP c) 4
+Several recipients, not all in the same domain. The rules are checked for one that matches the string "*@*".
+.RE
.SH "RULESETS"
.LP
Ruleset files should all be put in /opt/MailScanner/etc/rules (FreeBSD: /usr/local/etc/MailScanner/rules) and their filename should end in ".rules" wherever possible.
|