pymilter/milter.cfg

[milter]
datadir = /var/log/milter
# the socket used to communicate with sendmail.  Must match sendmail.cf
socket=/var/run/milter/pythonsock
# where to save original copies of defanged and failed messages
tempdir = /var/log/milter/save
# how long to wait for a response from sendmail before giving up 
;timeout=600
log_headers = 0
# Connection ips and hostnames are matched against this glob style list
# to recognize internal senders.  You probably need to change this.
# The default is a good guess to try and prevent newbie frustration.
internal_connect = 192.168.0.0/16,127.*

# mail that is not an internal_connect and claims to be from an
# internal domain is rejected.  Furthermore, internal mail that
# does not claim to be from an internal domain is rejected.
# You should enable SPF instead if you can.  SPF is much more comprehensive and
# flexible.  However, SPF is not currently checked for outgoing
# (internal_connect) mail because it doesn't yet handle authorizing 
# internal IPs locally.
;internal_domains = mycorp.com,localhost.localdomain

# connections from a trusted relay can trust the first Received header
# SPF checks are bypassed for internal connections and trusted relays.
;trusted_relay = 1.2.3.4, 66.12.34.56

# Relaying to these domains is allowed from internal connections only.
# You might want to restrict aol.com, for instance, so that stupid
# users don't forward their spam to aol for filtering and get your MTA 
# blacklisted by aol.
;private_relay = aol.com, yahoo.com

# Reject external senders with hello names no legit external sender would use.
# SPF will do this also, but listing your own domain and mailserver here
# will save some DNS lookups when rejecting certain viruses.
;hello_blacklist = mycorp.com, 66.12.34.56

# Reject mail for domains mentioned unless user is mentioned here also
;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com

# Treat localparts in milter.cfg as case-insensitive
case_sensitive_localpart = true

# features intended to filter or block incoming mail
[defang]

# do virus scanning on attached messages also
scan_rfc822 = 0
# do virus scanning on attached zipfiles also
scan_zip = 0
# Comment out scripts in HTML attachments.  Can be CPU intensive.
scan_html = 0
# reject messages with asian fonts because we can't read them
block_chinese = 0
# list users who hate forwarded mail
;block_forward = egghead@mycorp.com, busybee@mycorp.com
# reject mail with these case insensitive strings in the subject
porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck,
	vi*gra, vi-a-gra, viag, tits, p0rn, hunza, horny, sexy, c0ck, xanaax,
	p-e-n-i-s, hydrocodone, vicodin, xanax, vicod1n, x@nax, diazepam,
	v1@gra, xan@x, cialis, ci@lis, frëe, xãnax, valíum, vãlium, via-gra,
	x@n3x, vicod3n, penís, c0d1n, phentermine, en1arge, dip1oma, v1codin,
	valium, rolex, sexual, fuck, adv1t, vgaira, medz
# reject mail with these case sensitive strings in the subject
spam_words = $$$, !!!, XXX, FREE, HGH
# attachments with these extensions will be replaced with a warning
# message.  A copy of the original will be saved. 
banned_exts = ade,adp,asd,asx,asp,bas,bat,chm,cmd,com,cpl,crt,dll,exe,hlp,hta,
	inf,ins,isp,js,jse,lnk,mdb,mde,msc,msi,msp,mst,ocx,pcd,pif,reg,scr,sct,
	shs,url,vb,vbe,vbs,wsc,wsf,wsh 

# See http://bmsi.com/python/pysrs.html for details
[srs]
config=/etc/mail/pysrs.cfg
# SRS options can be set here also, but must match the sendmail plugin
;secret="shhhh!"
;maxage=21
;hashlength=4
;database=/var/log/milter/srsdata
;fwdomain = mydomain.com
# turn this on after a grace period to reject spoofed DSNs
reject_spoofed = 0
# Many braindead MTAs send DSNs with a non-DSN MFROM (e.g. to report that
# some virus claiming to be sent by you).  This heuristic
# refuses mail from user names commonly abused in that way.
;banned_users = postmaster, mailer-daemon, clamav

# See http://www.openspf.com for more info on SPF.
[spf]
# namespace where SPF records can be supplied for domains without one
# records are searched for under _spf.domain.com
;delegate = domain.com
# domains where a neutral SPF result should cause mail to be rejected
;reject_neutral = aol.com
# use a default (v=spf1 a/24 mx/24 ptr) when no SPF records are published
;best_guess = 0
# Reject senders that have neither PTR nor valid HELO nor SPF records, or send
# DSN otherwise
;reject_noptr = 0
# always accept softfail from these domains, or send DSN otherwise
;accept_softfail = bounces.amazon.com
# Treat fail from these domains like softfail: because their SPF record
# or an important sender is screwed up.  Must have valid HELO, however.
;accept_fail = custhelp.com
# Use sendmail access map or similar format for detailed spf policy.
# SPF entries in the access map will override any defaults set above.
;access_file = /etc/mail/access.db
# Add MAIL FROM as Sender when Sender is missing and From domain
# doesn't match MAIL FROM.  Outlook and other email clients will then display
# something like: "Sent by sender@domain.com on behalf of from@example.com"
;supply_sender = 0
# Connections that get an SPF pass for a pretend MAIL FROM of 
# postmaster@sometrustedforwarder.com skip SPF checks for the real MAIL FROM.
# This is for non-SRS forwarders.  It is a simple implementation that
# is inefficient for more than a few entries.
;trusted_forwarder = careerbuilder.com

# features intended to clean up outgoing mail
[scrub]
# domains that block visible private nodes
;hide_path = jcpenney.com	
# reject, don't just replace with warning, viruses from these domains
;reject_virus_from = mycorp.com

# features intended for spying on users and coworkers
[wiretap]
blind = 1
#
# wiretap lets you surreptitiously monitor a users outgoing email
# (sendmail aliases let you monitor incoming mail)
#
;users = disloyal@bigcorp.com, bigmouth@bigcorp.com
# multiple destinations can use smart_alias
;dest = spy@bigcorp.com
# discard outgoing mail without alerting sender
# can be used in conjunction with wiretap to censor outgoing mail
;discard_users = canned@bigcorp.com
# archive copies all delivered mail to a file
;mail_archive = /var/log/mail_archive

#
# smart aliases trigger on both sender and recipient
#   alias = sender, recipient[, destination]
#
[smart_alias]
# multiple wiretap monitors.  Smart aliases are applied after wiretap.
;spy1 = disloyal@bigcorp.com,spy@bigcorp.com
;spy2 = bigmouth@bigcorp.com,spy@bigcorp.com
# mail from client@clientcorp.com to sue@bigcorp.com is redirected to 
# local alias copycust
;copycust = client@clientcorp.com,sue@bigcorp.com
# mail from cust@othercorp.com to walter@bigcorp.com is redirected to
# boss@bigcorp.com
;walter = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com
# additional copies can be added
;walter1 = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com,
;	walter@bigcorp.com
;bulk = soruce@telex.com,bob@jsconnor.com
;bulk1 = soruce@telex.com,larry@jsconnor.com,bulk

# See http://bmsi.com/python/dspam.html
[dspam]
# Select a well moderated dspam dictionary to reject spammy headers.
# To filter on the entire message, use the full setup below.
# only EXTERNAL messages are dspam filtered
;dspam_dict=/var/lib/dspam/moderator.dict

# Recipients of mail sent from these senders are added to the auto_whitelist.
# Auto_whitelisted senders with an SPF PASS are never rejected by dspam, and
# messages from auto_whitelisted senders will be used to train screener
# dictionaries as innocent mail.
;whitelist_senders = @mycorp.com

# Opt-out recipients entirely from dspam screening and header triage
;dspam_exempt=getitall@mycorp.com
# Do not scan mail (ostensibly) from these senders
;dspam_whitelist=getitall@sender.com
# Reject spam to these domains instead of quarantining it.
;dspam_reject=othercorp.com
# Scan internal mail - often a good source of stats on legit mail.
;dspam_internal=1

# directory for dspam user quarantine, signature db, and dictionaries
# defining this activates the dspam application
# dspam and dspam-python must be installed
;dspam_userdir=/var/lib/dspam
# do not dspam messages larger than this
;dspam_sizelimit=180000

# Map email addresses and aliases to dspam users
;dspam_users=david,goliath,spam,falsepositive
# List dspam users which train on all delivered messages, as opposed to
# "train on error" which trains only when a spam or falsepositive is reported.
# Training mode will build the dictionary faster, but requires close attention
# so as not to miss any spam or false positives.
;dspam_train=goliath
;david=david@foocorp.com,david.yelnetz@foocorp.com,david@bar.foocorp.com
;goliath=giant@foocorp.com,goliath.philistine@foocorp.com
# address to forward spam to.  milter will process these and not deliver
;spam=spam@foocorp.com
# address to forward false positives to.  milter will process and not deliver
;falsepositive=ham@foocorp.com
# account which receives only spam: all received messages are marked as spam.
;honeypot=spam-me@example.com
# the dspam_screener is a list of dspam users who screen mail for all
# recipients who are not dspam_users.  Spam goes to the screeners quarantine,
# and the original recipients are saved so that false positives can be properly
# delivered.
;dspam_screener=david,goliath
# The dspam CGI can also be used: logins must match dspam users

# Optional pygossip interface
#
# GOSSiP tracks reputation of domain:qualifier pairs.  For instance,
# the reputation of example.com:SPF is tracked separately from
# example.com:neutral.  Currently qualifiers are
# SPF,neutral,softfail,fail,permerror,GUESS,HELO
[gossip]
# Use a dedicated GOSSiP server.  If not specified, a local database
# will be used.
;server=host:11900
# To include peers of a peer in reputation, set ttl=2
;ttl=1
# If a local database is used, also consult these GOSSiP servers about 
# domains.  Peer reputation is also tracked as to how often they
# agree with us, and weighted accordingly.
;peers=host1:port,host2