# features intended to filter or block incoming mail [milter] ;socket=/var/log/milter/pythonsock tempdir = /var/log/milter/save ;timeout=600 scan_rfc822 = 1 # can be CPU intensive scan_html = 0 # reject asian fonts because we can't read them block_chinese = 1 # users who hate forwarded mail ;block_forward = egghead@mycorp.com, busybee@mycorp.com log_headers = 0 # Reject mail for domains mentioned unless user is mentioned here also ;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com # porn words are case insensitive porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck, vi*gra, vi-a-gra, viag, tits, p0rn, hunza, horny, sexy, c0ck, p-e-n-i-s, hydrocodone, vicodin, xanax, vicod1n, x@nax, diazepam, v1@gra, xan@x, cialis, ci@lis, frëe, xănax, valíum, vălium, via-gra, x@n3x, vicod3n, penís, v|c0d1n, phentermine, en1arge, dip1oma, v1codin # spam words are case sensitive spam_words = $$$, !!!, XXX, FREE, HGH # connection ips and hostnames are matched against this glob style list # to recognize internal senders ;internal_connect = 192.168.*.* # mail that is not an internal_connect and claims to be from an # internal domain is rejected. ;internal_domains = mycorp.com # connections from a trusted relay can trust the first Received header ;trusted_relay = 1.2.3.4, 66.12.34.56 # reject external senders with hello names no legit external sender would use ;hello_blacklist = mycorp.com, 66.12.34.56 [srs] config=/etc/mail/pysrs.cfg ;secret="shhhh!" ;maxage=21 ;hashlength=4 ;database=/var/log/milter/srsdata ;fwdomain = mydomain.com # turn this on after a grace period reject_spoofed = 0 [spf] # namespace where SPF records can be supplied for domains without one # records are search for under _spf.domain.com ;delegate = domain.com # domains where a neutral SPF result should cause mail to be rejected ;reject_neutral = aol.com # use a default (v=spf1 a/24 mx/24 ptr) when no SPF records are published ;best_guess = 0 # features intended to clean up outgoing mail [scrub] # domains that stupidly block visible private nodes ;hide_path = jcpenney.com # block, don't just replace with warning, viruses from these domains ;reject_virus_from = mycorp.com # features intended for spying on users and coworkers [wiretap] blind = 1 # # wiretap lets you surreptitiously monitor a users outgoing email # (sendmail aliases let you monitor incoming mail) # ;users = disloyal@bigcorp.com, bigmouth@bigcorp.com ;dest = spy@bigcorp.com # discard outgoing mail without alerting sender # can be used in conjunction with wiretap to censor outgoing mail ;discard_users = canned@bigcorp.com # # smart aliases trigger on both sender and recipient # ;smart_alias = copycust,walter # mail from client@clientcorp.com to sue@bigcorp.com is redirected to # local alias copycust ;copycust = client@clientcorp.com,sue@bigcorp.com # mail from cust@othercorp.com to walter@bigcorp.com is redirected to # boss@bigcorp.com ;walter = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com # additional copies can be added ;walter1 = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com, ; walter@bigcorp.com [dspam] # Select a well moderated dspam dictionary to reject spammy headers # dspam-python must be installed to use: http://bmsi.com/python/dspam.html # only EXTERNAL messages are dspam filtered ;dspam_dict=/var/lib/dspam/moderator.dict # Opt-opt recipients from dspam screening and header triage ;dspam_exempt=getitall@mycorp.com # Do not scan mail (ostensibly) from these senders ;dspam_whitelist=getitall@sender.com # Reject spam to these domains, perhaps because we are a backup MX server ;dspam_reject=othercorp.com # directory for dspam user quarantine, signature db, and dictionaries # defining this activates the dspam application # dspam and dspam-python must be installed ;dspam_userdir=/var/lib/dspam # do not dspam messages larger than this ;dspam_sizelimit=180000 # Map email addresses and aliases to dspam users ;dspam_users=david,goliath,spam,falsepositive ;david=david@foocorp.com,david.yelnetz@foocorp.com,david@bar.foocorp.com ;goliath=giant@foocorp.com,goliath.philistine@foocorp.com # address to forward spam to. milter will process these and not deliver ;spam=spam@foocorp.com # address to forward false positives to. milter will process and not deliver ;falsepositive=ham@foocorp.com # the dspam_screener is used to screen mail for all recipients who are # not dspam_users. Spam goes to the screeners quarantine, and the original # recipients saved so that false positives can be properly delivered. # The dspam CGI can also be used: logins must match dspam users