Directory in which MailScanner should find e−mail messages for scanning. This can be any of the following:
+ + + +| + |
+
+ 1. + |
++ |
+
+ a directory name. + |
++ | +
1. a directory name. Example: /var/spool/mqueue.in
- -2. a wildcard giving directory names. Example: -/var/spool/mqueue.in/*
+| + |
+ Example: /var/spool/mqueue.in + |
+
| + |
+
+ 2. + |
++ |
+
+ a wildcard giving directory names. + |
++ | +
3. the name of a file containing a list of directory -names, which can in turn contain wildcards. Example: -/usr/local/etc/MailScanner/mqueue.in.list.conf
+| + |
+ Example: /var/spool/mqueue.in/* + |
+
| + |
+
+ 3. + |
++ |
+
+ the name of a file containing a list of directory names, +which can in turn contain wildcards. |
| + |
+ Example: +/usr/local/etc/MailScanner/mqueue.in.list.conf |
+
|
Outgoing Queue Dir |
@@ -1317,11 +1385,11 @@
| + |
+
+ • + |
++ |
+
+ HTML−IFrame: inserting this will stop senders +being warned about HTML Iframe tags, when they are not +allowed. + |
+
| + |
+
+ • + |
++ |
+
+ HTML−Codebase: inserting this will stop senders +being warned about HTML Object Codebase tags, when they are +not allowed. + |
+
| + |
+
+ • + |
++ |
+
+ Zip−Password: inserting this will stop senders +being warned about password−protected zip files when +they are not allowd. This keyword is not needed if you +include All−Viruses. + |
+
| + |
+
+ • + |
++ |
+
+ All−Viruses: inserting this will stop senders +being warned about any virus, while still allowing you to +warn senders about HTML−based attacks. This includes Zip−Password so you don’t need to include both. + |
+
| + |
The default of "All−Viruses" means that no senders of viruses will be notified (as the sender address is always forged these days anyway), but anyone who sends a message that is blocked for other reasons will still -be notified. - |
+be notified.
| + |
+
+ • + |
++ |
+
+ yes => Allow these tags to be in the message + |
+
| + |
+
+ • + |
++ |
+
+ no => Ban messages containing these tags + |
+
| + |
+
+ • + |
++ |
+
+ disarm => Allow these tags, but stop these tags from +working |
Default: no
+Default: no
| + |
You may receive complaints from your users that HTML mailing lists they subscribe to have been stopped by the "Allow IFrame Tags" option above. So before you @@ -1645,14 +1801,181 @@ Default: disarm Do you want to allow <Form> tags in email messages? -This is a bad idea as these are used as scams to pursuade +This is a bad idea as these are used as scams to persuade people to part with credit card information and other personal data. This can also be the filename of a ruleset. Possible values: + |
+
| + |
+
+ • + |
++ |
+
+ yes => Allow these tags to be in the message + |
+
| + |
+
+ • + |
++ |
+
+ no => Ban messages containing these tags + |
+
| + |
+
+ • + |
++ |
+
+ disarm => Allow these tags, but stop these tags from +working + |
+
| + |
+ Allow Script Tags |
+
| + |
+ Default: no |
+
| + |
+ Do you want to allow <Script> tags in email +messages? This is a bad idea as these are used to exploit +vulnerabilities in email applications and web browsers. This +can also be the filename of a ruleset. Possible +values: |
+
| + |
+
+ • + |
++ |
+
+ yes => Allow these tags to be in the message + |
+
| + |
+
+ • + |
++ |
+
+ no => Ban messages containing these tags + |
+
| + |
+
+ • + |
++ |
+
+ disarm => Allow these tags, but stop these tags from +working + |
+
| + |
+ Allow WebBugs |
+
| + |
+ Default: disarm |
+
yes => Allow these tags to be in the message no => -Ban messages containing these tags disarm => Allow these -tags, but stop these tags from working
+| + |
+ Do you want to allow <Img> tags with very small +images in email messages? This is a bad idea as these are +used as ’web bugs’ to find out if a message has +been read. It is not dangerous, it is just used to make you +give away information. This can also be the filename of a +ruleset. Possible values: |
+
| + |
+
+ • + |
++ |
+
+ yes => Allow these tags to be in the message + |
+
| + |
+
+ • + |
++ |
+
+ no => Ban messages containing these tags + |
+
| + |
+
+ • + |
++ |
+
+ disarm => Allow these tags, but stop these tags from +working |
Default: no
+Default: no
| + |
Do you want to allow <Object Codebase=...> tags in email messages? This is a bad idea as it leaves you unprotected against various Microsoft−specific security vulnerabilities. But if your users demand it, you can do it. This can also be the filename of a ruleset. -Possible values: - -yes => Allow these tags to be in the message no => -Ban messages containing these tags disarm => Allow these -tags, but stop these tags from working +Possible values: |
+
| + |
+
+ • + |
++ |
+
+ yes => Allow these tags to be in the message + |
+
| + |
+
+ • + |
++ |
+
+ no => Ban messages containing these tags + |
+
| + |
+
+ • + |
++ |
+
+ disarm => Allow these tags, but stop these tags from +working |
Default: no
+Default: no
| + |
This option interacts with the "Allow ... Tags" options above like this: @@ -1852,7 +2220,7 @@ |
|
- Quarantine Whole Message |
+
|
- Default: no +Default: yes -When an infected message is stored in the quarantine, a -copy of the entire message will be saved, in addition to -copies of the infected attachments. +There is no point quarantining most viruses these days, +so if you set this to "no" then no infections +listed in your "Silent Viruses" setting will be +quarantined, even if you have chosen to quarantine +infections in general. This is currently set to +"yes" so the behaviour is the same as it was in in +previous versions. This can also be the filename of a +ruleset. |
Quarantine Whole Messages As Queue Files
Quarantine Whole Message
| + |
+ Quarantine Whole Messages As Queue Files |
+
| + |
+ Default: no + +When an entire message is saved in the quarantine for any +reason, do you want to save it as the raw data files out of +the mail queue (which can be processed with the df2mbox script, and which is easier to send to its original recipients), or do you want a conventional message file consisting of the header followed by the body of the @@ -3670,6 +4064,32 @@ |
|
+ Spam List Timeouts History |
+
| + |
+ Default: 10 + +The total number of Spam List attempts during which +"Max Spam List Timeouts" will cause the spam list +fo be marked as "unavailable". See the previous +comment for more information. The default values of 5 and 10 +mean that 5 timeouts in any sequence of 10 attempts will +cause the list to be marked as "unavailable" until +the next periodic restart (see "Restart +Every"). + |
+
| + |
Is Definitely Not Spam |
| + |
+ Ignore Spam Whitelist If Recipients +Exceed |
+
| + |
+ Default: 20 + +Spammers have learnt that they can get their message +through by sending a message with lots of recipients, one of +which chooses to whitelist everything coming to them, +including the spammer. So if a message arrives with more +than this number of recipients, ignore the "Is +Definitely Not Spam" whitelist. + |
+
Default:
-/opt/MailScanner/etc/spam.assassin.prefs.conf
-Default Linux: /etc/MailScanner/spam.assassin.prefs.conf
-Default FreeBSD:
-/usr/local/etc/MailScanner/spam.assassin.prefs.conf
Default: %etc−dir%/spam.assassin.prefs.conf
SpamAssassin uses a "user preferences" file which can be used to set the values of various SpamAssassin @@ -3934,6 +4375,32 @@
SpamAssassin Timeouts History
| + |
+ Default: 30 + +The total number of SpamAssassin attempts during which +"Max SpamAssassin Timeouts" will cause +SpamAssassin to be marked as "unavailable". See +the previous comment for more information. The default +values of 10 and 20 mean that 10 timeouts in any sequence of +20 attempts will trigger the behaviour described above, +until the next periodic restart (see "Restart +Every"). + |
+
| + |
Check SpamAssassin If On Spam List |
This can be any combination of 1 or more of the following keywords, and these actions are applied to any message which is spam.
- + + + +| + |
+
+ • + |
++ |
+
"deliver" − the message is delivered to the recipient as normal - + |
+
| + |
+
+ • + |
++ |
+
"delete" − the message is deleted - + |
+
| + |
+
+ • + |
++ |
+
"store" − the message is stored in the quarantine - -"forward" − an email address is supplied, -to which the message is forwarded - + |
+
| + |
+
+ • + |
++ |
+
+ "forward" − an email address is +supplied, to which the message is forwarded + |
+
| + |
+
+ • + |
++ |
+
"notify" − Send the recipients a short notification that spam addressed to them was not delivered. They can then take action to request retrieval of the orginal message if they think it was not spam. - + |
+
| + |
+
+ • + |
++ |
+
"striphtml" − convert all in−line HTML content in the message to be stripped to plain text, which removes all images and scripts and so can be used to @@ -4087,12 +4612,30 @@ action on its own does not imply that the message will be delivered, you will need to specify "deliver" or "forward" to actually deliver the message. - + |
+
| + |
+
+ • + |
++ |
+
"attachment" − Convert the original message into an attachment of the message. This means the user has to take an extra step to open the spam, and stops "web bugs" very effectively. - + |
+
| + |
+
+ • + |
++ |
+
"bounce" − bounce the spam message. This option should not be used and must be enabled with the "Enable Spam Bounce" option first. @@ -4112,8 +4655,14 @@ |
|
- Default: deliver +Default: deliver |
+
| + |
This is the same as the "Spam Actions" option above, but it gives the actions to apply to any message whose SpamAssassin score is above the "High @@ -4452,24 +5001,18 @@ Note the files are mutable. If this is unset then no extra places are searched for. If using Postfix, you probably want to set this to /var/spool/MailScanner/spamassassin and -do |
+do
+
| - |
-
- mkdir /var/spool/MailScanner/spamassassin - |
-||
| - |
-
- chown postfix.postfix -/var/spool/MailScanner/spamassassin - |
++ |
+ mkdir /var/spool/MailScanner/spamassassin |
| + |
+
+ • + |
++ |
+
+ prefix/etc/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ prefix/etc/mail/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ /usr/local/etc/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ /etc/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ /etc/mail/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ maybe others as well + |
+
Default:
+Default:
The default rules are searched for here, and in -prefix/share/spamassassin, /usr/local/share/spamassassin, -/usr/share/spamassassin, and maybe others. If this is set -then it adds to the list of places that are searched; -otherwise it has no effect.
+| + |
+ This tells MailScanner where to look for the default +rules. If this is set it adds to the list of places that are +searched. MailScanner will always look at the following +places (even if this option is not set): |
+
| + |
+
+ • + |
++ |
+
+ prefix/share/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ /usr/local/share/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ /usr/share/spamassassin + |
++ | +
| + |
+
+ • + |
++ |
+
+ maybe others as well + |
+
Default: supported
-Some of the virus scanners are not supported by the -authors of MailScanner, and they may use code contributed by -another user. If this option is set to the wrong value for -your virus scanners, then you will get an error message in -your maillog (syslog) telling you tha# Are you using Exim -with split spool directories? If you don’t understand -# this, the answer is probably "no". Refer to the -Exim documentation for # more information about split spool -directories. Split Exim Spool = yes
+Minimum acceptable code stability status −− +if we come across code that’s not at least as stable +as this, we barf. This is currently only used to check that +you don’t end up using untested virus scanner support +code without realising it. Don’t even *think* about +setting this to anything other than "beta" or +"supported" on a system that receives real mail +until you have tested it yourself and are happy that it is +all working as you expect it to. Don’t set it to +anything other than "supported" on a system that +could ever receive important mail. Levels used are:
+| + |
+
+ • + |
++ |
+
+ none − there may not even be any code. + |
+
| + |
+
+ • + |
++ |
+
+ unsupported − code may be completely untested, a +contributed dirty hack, anything, really. + |
+
| + |
+
+ • + |
++ |
+
+ alpha − code is pretty well untested. Don’t +assume it will work. + |
+
| + |
+
+ • + |
++ |
+
+ beta − code is tested a bit. It should work. + |
+
| + |
+
+ • + |
++ |
+
+ supported − code *should* be reliable. |
Default: yes
+Default: yes
| + |
Are you using Exim with split spool directories? If you don’t understand this, the answer is probably "no". Refer to the Exim documentation for more @@ -4850,22 +5602,55 @@ When trying to work out the value of configuration parameters which are using a ruleset, this controls the behaviour when a rule is checking the "To:" -addresses. If this option is set to "yes", then -the following happens when checking the ruleset: - -a) 1 recipient. Same behaviour as normal. |
+
| + |
+
+ a) + |
++ |
+
+ 1 recipient. Same behaviour as normal. + |
+
| + |
+
+ b) + |
++ |
+
+ Several recipients, but all in the same domain
(domain.com for example). The rules are checked for one that
-matches the string "*@domain.com". |
+
| + |
+
+ c) + |
++ |
+
+ Several recipients, not all in the same domain. The +rules are checked for one that matches the string "*@*". - -If this option is set to "no", then some rules -will use the result they get from the first matching rule -for any of the recipients of a message, so the exact value -cannot be predicted for messages with more than 1 recipient. -This value *cannot* be the filename of a ruleset. |