#
# j-chkmail - (c) Ecole des Mines de Paris 2003
# Creation date : Fri Jan 26 22:45:30 2007
# Configuration file template : default values
#
########################################################################
# SECTION : General Parameters
########################################################################
# VERSION
# Configuration file version
VERSION v1.11.0-070122
# MYSELF
# My own names, IPs and aliases
MYSELF 127.0.0.1 HOSTNAME
# J_HOSTNAME
# How to get mailserver hostname ?
# VALUES : SYSTEM SENDMAIL OTHER
J_HOSTNAME SYSTEM
# PRESENCE
# Show/Hide presence (presence header)
# VALUES : SHOW HIDE
PRESENCE SHOW
# FOOTER
# Show/Hide j-chkmail signature at warning message
# VALUES : SHOW HIDE
FOOTER SHOW
# FILTER_URL
# Filter URL (to be included on X-Miltered header)
FILTER_URL http://j-chkmail . ensmp . fr
# POLICY_URL
# Policy filtering URL - appended to error messages
POLICY_URL
# POLICY_CONFLICT
# What to do if users policy conflit
# VALUES : DEFAULT ONE_WIN MAJORITY_WIN
POLICY_CONFLICT DEFAULT
########################################################################
# SECTION : Sending X-Files Notification Messages
########################################################################
# NOTIFY_SENDER
# Send notification message to sender
# VALUES : NO YES
NOTIFY_SENDER NO
# NOTIFY_RCPT
# Send notification message to recipient
# VALUES : NO YES
NOTIFY_RCPT YES
# J_SENDER
# Sender address used for notification message
# VALUES : SENDER OTHER
J_SENDER SENDER
# J_SUBJECT
# Subject of replacement notification message
# VALUES : SUBJECT OTHER
J_SUBJECT SUBJECT
########################################################################
# SECTION : System parameters and Resources
########################################################################
# USER
# Filter USER ID
USER smmsp
# GROUP
# Filter GROUP ID
GROUP smmsp
# CLUSTER
# Filter sharing resources inside a cluster (spool/server)
# VALUES : NO YES
CLUSTER NO
########################################################################
# SECTION : Load and ressources control
########################################################################
# FILE_DESCRIPTORS
# Number of file descriptors (integer value or MAX)
FILE_DESCRIPTORS MAX
# FD_FREE_SOFT
# Available file descriptors soft lower bound
FD_FREE_SOFT 100
# FD_FREE_HARD
# Available file descriptors hard lower bound
FD_FREE_HARD 50
# USE_SELECT_LIMIT
# Available file descriptors limited by select function
# VALUES : NO YES
USE_SELECT_LIMIT YES
# LOAD_CPU_IDLE_SOFT
# SOFT CPU Idle threshold to accept connections
LOAD_CPU_IDLE_SOFT 0
# LOAD_CPU_IDLE_HARD
# HARD CPU Idle threshold to accept connections
LOAD_CPU_IDLE_HARD 0
# MAX_OPEN_CONNECTIONS
# Global Maximum number of simultaneous open connections
MAX_OPEN_CONNECTIONS 500
# DB_CACHE_SIZE
# BerkeleyDB database cache size
DB_CACHE_SIZE 1M
########################################################################
# SECTION : Communications
########################################################################
# SOCKET
# Communication socket between sendmail and j-chkmail
# Syntax : inet:PORT@HOSTNAME | local:SOCKET_PATH
SOCKET local:/var/run/jchkmail/j-chkmail.sock
# SM_TIMEOUT
# Timeout before closing a sendmail connection
SM_TIMEOUT 7200
# CTRL_CHANNEL_ENABLE
# Enable remote control channel
# VALUES : NO YES
CTRL_CHANNEL_ENABLE YES
# CTRL_SOCKET
# Control socket
# Syntax : inet:PORT@HOSTNAME | local:SOCKET_PATH
CTRL_SOCKET inet:2010@localhost
# CTRL_ACCESS
# How to do access control over control channel
# VALUES : NONE ACCESS
CTRL_ACCESS NONE
########################################################################
# SECTION : Logging
########################################################################
# LOG_FACILITY
# syslog facility
LOG_FACILITY local5
# LOG_LEVEL
# j-chkmail log level
LOG_LEVEL 10
# LOG_SEVERITY
# Add a severity tag on syslog lines when syslog doesn t do it
# VALUES : NO YES
LOG_SEVERITY NO
# LOG_ATTACHMENTS
# Log attached files (using syslog)
# VALUES : NO YES
LOG_ATTACHMENTS NO
# LOG_THROTTLE
# Periodically log server throttle (using syslog)
# VALUES : NO YES
LOG_THROTTLE YES
# LOG_LOAD
# Periodically log CPU load (using syslog)
# VALUES : NO YES
LOG_LOAD YES
# LOG_LEVEL_ORACLE
# Heuristic filter log level (0, 1 or 2)
LOG_LEVEL_ORACLE 2
# LOG_GREY_CLEANING
# Log results of greylist database maintenance
# VALUES : NO YES
LOG_GREY_CLEANING NO
# DUMP_COUNTERS
# Periodically dump internal counters
# VALUES : NO YES
DUMP_COUNTERS YES
# DUMP_THROTTLE
# Periodically dump server throttle
# VALUES : NO YES
DUMP_THROTTLE YES
# DUMP_LOAD
# Periodically dump CPU load
# VALUES : NO YES
DUMP_LOAD YES
# DUMP_FOUND_REGEX
# Log founded regular expressions to file
# VALUES : NO YES
DUMP_FOUND_REGEX YES
# STATS_INTERVAL
# Time interval used to dump periodical data (load, throttle, ...)
STATS_INTERVAL 300
# HISTORY_ENTRIES
# Number of entries of history (times 1024)
HISTORY_ENTRIES 256
########################################################################
# SECTION : Quarantine management
########################################################################
# CLEANUP_INTERVAL
# Quarantine directory clean-up interval
CLEANUP_INTERVAL 21600
# QUARANTINE_LIFETIME
# Quarantine
QUARANTINE_LIFETIME 86400
# QUARANTINE_ADD_FROM_LINE
# Add From line to quarantine file ?
# VALUES : NO YES
QUARANTINE_ADD_FROM_LINE YES
########################################################################
# SECTION : Configuration Files
########################################################################
# CONFDIR
# j-chkmail configuration directory
CONFDIR /etc/mail/jchkmail
# ERROR_MSG_FILE
# Replacement message file
ERROR_MSG_FILE j-error-msg
# NETS_FILE
# Trusted networks (local, domain, friend) configuration file
NETS_FILE j-nets
# ACCESS_FILE
# j-chkmail access data
ACCESS_FILE j-access
# REGEX_FILE
# Regular expressions used for doing pattern matching
REGEX_FILE j-regex
# XFILES_FILE
# Another way to define X-Files (file extension + MIME type)
XFILES_FILE j-xfiles
# ORACLE_DATA_FILE
# Some oracle definitions
ORACLE_DATA_FILE j-oradata
# ORACLE_SCORES_FILE
# Oracle scores
ORACLE_SCORES_FILE j-tables
# DB_URLBL
# Database Real-Time URL Blacklist (used for content checking)
DB_URLBL j-urlbl.db
# DNS_URLBL
# DNS Real-Time URL Blacklist (used for content checking)
# Syntax : RBL[/CODE[/SCORE]] - multi.surbl.org/127.0.0.1/10
DNS_URLBL
# RBL
# Real-Time Blacklists (used at Oracle)
# Syntax : RBL[/CODE] - multi.surbl.org/127.0.0.1
RBL
# AUTO_RELOAD_TABLES
# Automatically reload configuration data (time interval)
AUTO_RELOAD_TABLES 3600
########################################################################
# SECTION : Policy database
########################################################################
# DB_POLICY
# Policy database path
DB_POLICY j-policy.db
# DB_RCPT
# Policy database path
DB_RCPT j-rcpt.db
# FROM_PASS_TOKEN
# Token
FROM_PASS_TOKEN
# TO_PASS_TOKEN
# Token
TO_PASS_TOKEN
########################################################################
# SECTION : Spool and state Files
########################################################################
# WORKDIR
# j-chkmail work directory (state and specific logs)
WORKDIR /var/jchkmail
# SPOOLDIR
# j-chkmail message spool directory
SPOOLDIR /var/spool/jchkmail
# PID_FILE
# j-chkmail pid file
PID_FILE /var/run/jchkmail/j-chkmail.pid
# STATE_FILE
# j-chkmail persistent state file
STATE_FILE j-state
# STATS_FILE
# STATS_FILE
STATS_FILE file:j-stats
# XFILES_LOG_FILE
# Detected X-Files log file
XFILES_LOG_FILE file:j-files
# VIRUS_LOG_FILE
# Detected Virus log file
VIRUS_LOG_FILE file:j-virus
# QUARANTINE_LOG_FILE
# Quarantine log file
QUARANTINE_LOG_FILE file:j-xreport
# REGEX_LOG_FILE
# Matched pattern log file
REGEX_LOG_FILE file:j-regex
# GREY_LOG_FILE
# Matched pattern log file
GREY_LOG_FILE file:j-grey-expire
# ORACLE_STATS_FILE
# Statistics for Oracle (dumped each STATISTICS_INTERVAL seconds)
ORACLE_STATS_FILE oracle-stats.log
# ORACLE_COUNTERS_FILE
# Persistent state of Oracle
ORACLE_COUNTERS_FILE oracle-counters.log
########################################################################
# SECTION : Resolve cache database
########################################################################
# RESOLVE_CACHE_ENABLE
# Use IP address / hostname cache
# VALUES : NO YES
RESOLVE_CACHE_ENABLE YES
# RESOLVE_CACHE_SYNC
# Interval between removing old entries
RESOLVE_CACHE_SYNC 1m
# RESOLVE_CACHE_CHECK
# Interval between removing old entries
RESOLVE_CACHE_CHECK 1h
# RESOLVE_CACHE_EXPIRE
# Expiration age of non refreshed entries
RESOLVE_CACHE_EXPIRE 2d
########################################################################
# SECTION : Built-in X-File scanner
########################################################################
# XFILES
# What to do with X-files ? (OK, REJECT, NOTIFY, DISCARD)
# VALUES : OK REJECT NOTIFY DISCARD X-HEADER
XFILES OK
# XFILE_SAVE_MSG
# Shall quarantine messages containing X-Files ?
# VALUES : NO YES
XFILE_SAVE_MSG YES
# XFILE_SUBJECT_TAG
# Tag to be inserted on Subject
XFILE_SUBJECT_TAG
########################################################################
# SECTION : External scanner
########################################################################
# SCANNER_ACTION
#
# VALUES : OK REJECT NOTIFY DISCARD X-HEADER
SCANNER_ACTION OK
# SCANNER_SOCK
# Communication socket between j-chkmail and external scanner
# Syntax : inet:PORT@HOSTNAME | local:SOCKET_PATH
SCANNER_SOCK inet:2002@localhost
# SCANNER_PROTOCOL
# Protocol
# VALUES : INTERNAL CLAMAV
SCANNER_PROTOCOL INTERNAL
# SCANNER_TIMEOUT
# Timeout waiting for the scanner answer
SCANNER_TIMEOUT 15
# SCANNER_MAX_MSG_SIZE
# Max message size to pass to scanner
SCANNER_MAX_MSG_SIZE 100000
# SCANNER_SAVE
# Shall messages be quarantined ???
# VALUES : NO YES
SCANNER_SAVE YES
########################################################################
# SECTION : Antispam checks (message content)
########################################################################
# SPAM_ORACLE
# Do heuristic filtering
# VALUES : NO YES
SPAM_ORACLE NO
# SPAM_URLBL
# Do pattern matching
# VALUES : NO YES
SPAM_URLBL NO
# SPAM_REGEX
# Do pattern matching
# VALUES : NO YES
SPAM_REGEX NO
# SPAM_REGEX_SCORE
# Stop doing pattern matching when score is reached
SPAM_REGEX_SCORE 50
# SPAM_REGEX_MAX_MSG_SIZE
# Max message size to do pattern matching
SPAM_REGEX_MAX_MSG_SIZE 40000
# SPAM_REGEX_MAX_MIME_SIZE
# Max message size to do pattern matching
SPAM_REGEX_MAX_MIME_SIZE 15000
# LO_SCORE_ACTION
# Action when score is lower than SPAM_REGEX_SCORE
# VALUES : OK REJECT NOTIFY DISCARD X-HEADER
LO_SCORE_ACTION X-HEADER
# HI_SCORE_ACTION
# Action when score exceeds SPAM_REGEX_SCORE
# VALUES : OK REJECT NOTIFY DISCARD X-HEADER
HI_SCORE_ACTION X-HEADER
# SCORE_ON_SUBJECT
# Shall message score be inserted on Subject Header ?
# VALUES : NO YES
SCORE_ON_SUBJECT NO
# SCORE_ON_SUBJECT_THRESHOLD
# Shall message score be inserted on Subject ?
SCORE_ON_SUBJECT_THRESHOLD 0
# SCORE_ON_SUBJECT_TAG
# Tag to be inserted on Subject ?
SCORE_ON_SUBJECT_TAG
# PRESERVE_OLD_SCORES
# Preserve score headers added by previous j-chkmail filters
# Syntax : ALL | NONE | List of SMTP gateways
PRESERVE_OLD_SCORES ALL
# CHECK_HEADERS_CONTENT
# Do pattern matching on all headers (will be renamed in the future)
# VALUES : NO YES
CHECK_HEADERS_CONTENT NO
# CHECK_HELO_CONTENT
# Do pattern matching on HELO command (will be renamed in the future)
# VALUES : NO YES
CHECK_HELO_CONTENT NO
# CHECK_ENVFROM_CONTENT
# Do pattern matching on enveloppe From (will be renamed in the future)
# VALUES : NO YES
CHECK_ENVFROM_CONTENT NO
########################################################################
# SECTION : Antispam checks (bayesian filter)
########################################################################
# BAYESIAN_FILTER
# Enable Bayesian filter
# VALUES : NO YES
BAYESIAN_FILTER NO
# BAYES_MAX_MESSAGE_SIZE
# Max message size
BAYES_MAX_MESSAGE_SIZE 100K
# BAYES_MAX_PART_SIZE
# Max message part size
BAYES_MAX_PART_SIZE 30K
# DB_BAYES
# Path of bayes tokens database
DB_BAYES j-bayes.db
# BAYES_HAM_SPAM_RATIO
# Ratio HAM/SPAM (times 1000)
BAYES_HAM_SPAM_RATIO 1000
# BAYES_NB_TOKENS
# Number of tokens to consider
BAYES_NB_TOKENS 19
# BAYES_UNKNOWN_TOKEN_PROB
# Probability assigned to unknown tokens (times 1000)
BAYES_UNKNOWN_TOKEN_PROB 500
########################################################################
# SECTION : Antispam checks (Divers)
########################################################################
# ENCODING_BINARY
# Full Binary encoded message (deprecated)
# VALUES : OK REJECT TEMPFAIL
ENCODING_BINARY OK
# NO_TO_HEADERS
# Messages without To header (deprecated)
# VALUES : OK REJECT TEMPFAIL
NO_TO_HEADERS OK
# NO_FROM_HEADERS
# Messages without From header (deprecated)
# VALUES : OK REJECT TEMPFAIL
NO_FROM_HEADERS OK
# NO_HEADERS
# Messages with no header (deprecated)
# VALUES : OK REJECT TEMPFAIL
NO_HEADERS OK
########################################################################
# SECTION : Antispam checks (SMTP client behaviour)
########################################################################
# CHECK_CONN_RATE
# Limit connection rate for each SMTP client
# VALUES : NO YES
CHECK_CONN_RATE NO
# MAX_CONN_RATE
# Max connection rate (can be redefined at j-policy database)
MAX_CONN_RATE 15
# CHECK_RCPT_RATE
# Limit recipient rate for each SMTP client
# VALUES : NO YES
CHECK_RCPT_RATE NO
# MAX_RCPT_RATE
# Max recipient rate (can be redefined at j-policy database)
MAX_RCPT_RATE 100
# CONN_RATE_FROM_DOMAIN
# Max connection rate from clients at domain network
CONN_RATE_FROM_DOMAIN 200
# CONN_RATE_FROM_LOCAL
# Max connection rate from clients at local network
CONN_RATE_FROM_LOCAL 300
# CONN_RATE_FROM_FRIEND
# Max connection rate from clients at friend network
CONN_RATE_FROM_FRIEND 30
# CONN_RATE_FROM_UNKNOWN
# Max connection rate from clients at unknown network
CONN_RATE_FROM_UNKNOWN 15
# RCPT_RATE_FROM_DOMAIN
# Max recipient rate from clients at domain network
RCPT_RATE_FROM_DOMAIN 200
# RCPT_RATE_FROM_LOCAL
# Max recipient rate from clients at local network
RCPT_RATE_FROM_LOCAL 300
# RCPT_RATE_FROM_FRIEND
# Max recipient rate from clients at friend network
RCPT_RATE_FROM_FRIEND 100
# RCPT_RATE_FROM_UNKNOWN
# Max recipient rate from clients at unknown network
RCPT_RATE_FROM_UNKNOWN 25
# CHECK_OPEN_CONNECTIONS
# Limit the number of open connections per IP address
# VALUES : NO YES
CHECK_OPEN_CONNECTIONS NO
# MAX_CONN_OPEN
# Max open connections for a single IP on unknown network
MAX_CONN_OPEN 10
# OPEN_CONN_FROM_DOMAIN
# Max open connections for a single IP on domain network
OPEN_CONN_FROM_DOMAIN 30
# OPEN_CONN_FROM_LOCAL
# Max open connections for a single IP on local network
OPEN_CONN_FROM_LOCAL 30
# OPEN_CONN_FROM_FRIEND
# Max open connections for a single IP on friend network
OPEN_CONN_FROM_FRIEND 15
# OPEN_CONN_FROM_UNKNOWN
# Max open connections for a single IP on unknown network
OPEN_CONN_FROM_UNKNOWN 10
# CHECK_EMPTY_CONNECTIONS
# Check the number of empty connections
# VALUES : NO YES
CHECK_EMPTY_CONNECTIONS NO
# MAX_EMPTY_CONN
# Maximum number of empty connections over 4 hours
MAX_EMPTY_CONN 20
# CHECK_BADRCPTS
# Check the number or Bad Recipients
# VALUES : NO YES
CHECK_BADRCPTS NO
# MAX_BADRCPTS
# Maximum number of Bad Recipients over 4 hours
MAX_BADRCPTS 20
# CHECK_RCPT_ACCESS
# Check Recipient Access
# VALUES : NO YES
CHECK_RCPT_ACCESS NO
# CHECK_BADEHLO
# Check EHLO command parameter
# VALUES : NO YES
CHECK_BADEHLO NO
# BADEHLO_CHECKS
# Conformity checks to apply to EHLO content
BADEHLO_CHECKS ALL
# CHECK_BAD_NULL_SENDER
# Check Bad '<>' Sender Address
# VALUES : NO YES
CHECK_BAD_NULL_SENDER NO
# CHECK_BAD_SENDER_MX
# Check Bad Sender MX
# VALUES : NO YES
CHECK_BAD_SENDER_MX NO
# CHECK_DATE_IN_FUTURE
# Check if message date is in the future
# VALUES : NO YES
CHECK_DATE_IN_FUTURE NO
# SPAMTRAP_RESULT
# Result from SPAM TRAP check
# VALUES : OK REJECT TEMPFAIL
SPAMTRAP_RESULT OK
# CHECK_SPAMTRAP_HISTORY
# Reject connections from clients sending messages to spam traps
# VALUES : NO YES
CHECK_SPAMTRAP_HISTORY NO
# CHECK_NB_RCPT
# Check the number of recipients for each message
# VALUES : NO YES
CHECK_NB_RCPT NO
# MAX_RCPT_FROM_DOMAIN
# Max recipient per message for connections coming from domain network
MAX_RCPT_FROM_DOMAIN 300
# MAX_RCPT_FROM_LOCAL
# Max recipient per message for connections coming from local network
MAX_RCPT_FROM_LOCAL 1000
# MAX_RCPT_FROM_FRIEND
# Max recipient per message for connections coming from friend network
MAX_RCPT_FROM_FRIEND 200
# MAX_RCPT_FROM_UNKNOWN
# Max recipient per message for connections coming from unknown network
MAX_RCPT_FROM_UNKNOWN 25
# CHECK_RESOLVE_FAIL
# What to do if client DNS resolution fails
# VALUES : NO YES
CHECK_RESOLVE_FAIL NO
# CHECK_RESOLVE_FORGED
# What to do if client DNS resolution is forged
# VALUES : NO YES
CHECK_RESOLVE_FORGED NO
# MAX_BAD_RESOLVE
# What to do if client DNS resolution is forged
MAX_BAD_RESOLVE 10
########################################################################
# SECTION : Greylisting
########################################################################
# GREY_CHECK
# Greylist default activation
# Syntax : NO | YES
# VALUES : NO YES
GREY_CHECK NO
# GREY_MODE
# Greylist mode
# Syntax : STANDALONE | CLIENT
# VALUES : STANDALONE CLIENT
GREY_MODE STANDALONE
# GREY_SOCKET
# Remote Greylist Server Socket when running in CLIENT mode
GREY_SOCKET local:/var/jchkmail/j-greyd.sock
# GREY_CONNECT_TIMEOUT
# Timeout to connect go j-grey server when running in CLIENT mode
GREY_CONNECT_TIMEOUT 10s
# GREY_MIN_DELAY_NORMAL
# Greylist delay for normal messages
GREY_MIN_DELAY_NORMAL 10m
# GREY_MIN_DELAY_NULLSENDER
# Greylist delay for null sender messages
GREY_MIN_DELAY_NULLSENDER 10m
# GREY_MAX_DELAY_NORMAL
# Lifetime for pending entries (normal messages)
GREY_MAX_DELAY_NORMAL 3d
# GREY_MAX_DELAY_NULLSENDER
# Lifetime for pending entries (null sender messages)
GREY_MAX_DELAY_NULLSENDER 6h
# GREY_VALIDLIST_LIFETIME
# Lifetime for inactive whitelisted entries
GREY_VALIDLIST_LIFETIME 1w
# GREY_WHITELIST_LIFETIME
# Lifetime for inactive whitelisted entries
GREY_WHITELIST_LIFETIME 2w
# GREY_BLACKLIST_LIFETIME
# Lifetime for blacklisted entries
GREY_BLACKLIST_LIFETIME 1d
# GREY_PENDING_NORMAL
# Max normal pending messages
GREY_PENDING_NORMAL 1000
# GREY_PENDING_NULLSENDER
# Max null sender pending messages
GREY_PENDING_NULLSENDER 1000
# GREY_IP_COMPONENT
# How to construct IP part of ntuple
# Syntax : NONE | FULL | NET
GREY_IP_COMPONENT NET
# GREY_FROM_COMPONENT
# How to construct FROM part of ntuple
# Syntax : NONE | FULL | HOST | USER
GREY_FROM_COMPONENT HOST
# GREY_TO_COMPONENT
# How to construct FROM part of ntuple
# Syntax : NONE | FULL | HOST | USER
GREY_TO_COMPONENT FULL
# GREY_CLEANUP_INTERVAL
# Greylist database cleanup interval
GREY_CLEANUP_INTERVAL 10m
# GREY_DEWHITE_FLAGS
# Which criteria utilise to purge greylisting databases ???
# Syntax : None BadResolve DomainMatch BadRCPT SpamTrap BadMX BadClient Spammer All
GREY_DEWHITE_FLAGS DomainMatch
