--- amavisd-new-2.4.5/amavisd.conf.confpch 2007-01-31 00:12:30.000000000 +0100 +++ amavisd-new-2.4.5/amavisd.conf 2007-02-09 22:28:26.000000000 +0100 @@ -14,23 +14,24 @@ # @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code $max_servers = 2; # num of pre-forked children (2..15 is common), -m -$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u -$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g +$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u +$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g -$mydomain = 'example.com'; # a convenient default for other settings +$mydomain = 'localhost.localdomain'; # a convenient default for other settings -# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H +# $MYHOME = '/var/lib/amavis'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR -$QUARANTINEDIR = '/var/virusmails'; # -Q +$QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q + # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R # $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S -# $lock_file = "$MYHOME/var/amavisd.lock"; # -L -# $pid_file = "$MYHOME/var/amavisd.pid"; # -P +# $pid_file = "$MYHOME/var/lib/amavisd.pid"; # -L +# $lock_file = "$MYHOME/var/lib/amavisd.lock"; # -P #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually @local_domains_maps = ( [".$mydomain"] ); @@ -48,7 +49,7 @@ $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 -$inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol) +$inet_socket_port = 10025; # listen on this local TCP port(s) (see $protocol) $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname @@ -57,9 +58,9 @@ # (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): $policy_bank{'AM.PDP-SOCK'} = { protocol=>'AM.PDP' }; -$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level -$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level -$sa_kill_level_deflt = 6.31; # triggers spam evasive actions +$sa_tag_level_deflt = 1.0; # add spam info headers if at, or above that level +$sa_tag2_level_deflt = 4.9; # add 'spam detected' headers at that level +$sa_kill_level_deflt = 4.9; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent # $sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off # $penpals_bonus_score = 5; # (no effect without a @storage_sql_dsn database) @@ -112,12 +113,12 @@ # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! -# $notify_method = 'smtp:[127.0.0.1]:10025'; -# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! +# $notify_method = 'smtp:[127.0.0.1]:10026'; +# $forward_method = 'smtp:[127.0.0.1]:10026'; # set to undef with milter! # $final_virus_destiny = D_DISCARD; # $final_banned_destiny = D_BOUNCE; -# $final_spam_destiny = D_BOUNCE; +# $final_spam_destiny = D_PASS; # $final_bad_header_destiny = D_PASS; # $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl @@ -229,7 +230,7 @@ [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), -# read_hash("/var/amavis/sender_scores_sitewide"), +# read_hash("/var/lib/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, @@ -318,15 +319,15 @@ # ['Sophos SAVI', \&sophos_savi ], # ### http://www.clamav.net/ -# ['ClamAV-clamd', -# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], -# qr/\bOK$/, qr/\bFOUND$/, -# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], -# # NOTE: run clamd under the same user as amavisd, or run it under its own -# # uid such as clamav, add user clamav to the amavis group, and then add -# # AllowSupplementaryGroups to clamd.conf; -# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in -# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". +['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], + qr/\bOK$/, qr/\bFOUND$/, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], +# NOTE: run clamd under the same user as amavisd, or run it under its own +# uid such as clamav, add user clamav to the amavis group, and then add +# AllowSupplementaryGroups to clamd.conf; +# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# this entry; when running chrooted one may prefer socket "$MYHOME/clamd". # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], @@ -367,7 +368,7 @@ # pack('N',0). # content size # pack('N',0), # '/var/drweb/run/drwebd.sock', -# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/var/lib/amavis/var/run/drwebd.sock', # suitable for chroot # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default # # '127.0.0.1:3000', # or over an inet socket # ], @@ -406,12 +407,12 @@ '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], # change the startup-script in /etc/init.d/kavd to: - # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" - # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) - # adjusting /var/amavis above to match your $TEMPBASE. - # The '-f=/var/amavis' is needed if not running it as root, so it + # DPARMS="-* -Y -dl -f=/var/lib/amavis /var/lib/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/lib/amavis" ) + # adjusting /var/lib/amavis above to match your $TEMPBASE. + # The '-f=/var/lib/amavis' is needed if not running it as root, so it # can find, read, and write its pid file, etc., see 'man kavdaemon'. - # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # defUnix.prf: there must be an entry "*/var/lib/amavis" (or whatever # directory $TEMPBASE specifies) in the 'Names=' section. # cd /opt/AVP/DaemonClients; configure; cd Sample; make # cp AvpDaemonClient /opt/AVP/ --- amavisd-new-2.4.5/amavisd.conf-default.confpch 2007-01-31 00:12:18.000000000 +0100 +++ amavisd-new-2.4.5/amavisd.conf-default 2007-02-09 22:30:20.000000000 +0100 @@ -22,7 +22,7 @@ # $mydomain = ... no useful default, should be set if used in expressions # $daemon_user = undef; # $daemon_group = undef; -# $MYHOME = '/var/amavis'; +# $MYHOME = '/var/lib/amavis'; # $TEMPBASE = $MYHOME; # after-default # $helpers_home = $MYHOME; # after-default # $db_home = "$MYHOME/db"; # after-default @@ -95,7 +95,7 @@ ## MAIL FORWARDING -# $forward_method = 'smtp:[127.0.0.1]:10025'; +# $forward_method = 'smtp:[127.0.0.1]:10026'; # $resend_method = undef; # falls back to $forward_method # $final_virus_destiny = D_DISCARD; # subj to @viruses_that_fake_sender_maps @@ -140,7 +140,7 @@ ## NOTIFICATIONS (DSN, admin, recip) -# $notify_method = 'smtp:[127.0.0.1]:10025'; +# $notify_method = 'smtp:[127.0.0.1]:10026'; # $propagate_dsn_if_possible = 1; # $terminate_dsn_on_notify_success = 0; --- amavisd-new-2.4.5/amavisd.conf-sample.confpch 2007-01-31 00:12:24.000000000 +0100 +++ amavisd-new-2.4.5/amavisd.conf-sample 2007-02-09 22:31:01.000000000 +0100 @@ -63,7 +63,7 @@ # $MYHOME serves as a quick default for some other configuration settings. # More refined control is available with each individual setting further down. # $MYHOME is not used directly by the program. No trailing slash! -#$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis'), -H +#$MYHOME = '/var/lib/amavis'; # (default is '/var/lib/amavis'), -H # $mydomain serves as a quick default for some other configuration settings. # More refined control is available with each individual setting further down. @@ -74,14 +74,14 @@ # Set the user and group to which the daemon will change if started as root # (otherwise just keeps the UID unchanged, and these settings have no effect): -$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u -$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g +$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u +$daemon_group = 'amavis'; # (no default; customary: vscan or amavis or sweep), -g # Runtime working directory (cwd), and a place where # temporary directories for unpacking mail are created. # (no trailing slash, may be a scratch file system) $TEMPBASE = $MYHOME; # (must be set if other config vars use is), -T -#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean? +#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/lib/amavis clean? #$db_home = "$MYHOME/db"; # DB databases directory, default "$MYHOME/db", -D @@ -109,7 +109,7 @@ # POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4 # (set host and port number as required; host can be specified # as an IP address or a DNS name (A or CNAME, but MX is ignored) -#$forward_method = 'smtp:[127.0.0.1]:10025'; # where to forward checked mail +#$forward_method = 'smtp:[127.0.0.1]:10026'; # where to forward checked mail #$notify_method = $forward_method; # where to submit notifications #$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # query p0f-analyzer.pl @@ -204,7 +204,7 @@ # ( [qw( .example.com !host.sub.example.net .sub.example.net )] ); # @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using regexp # @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash -# perhaps combined with Postfix: mydestination = /var/amavis/local_domains +# perhaps combined with Postfix: mydestination = /var/lib/amavis/local_domains # for debugging purposes: dump_hash($local_domains_maps[0]); # # Section II - MTA specific (defaults should be ok) @@ -224,7 +224,7 @@ # SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...) # (used when MTA is configured to pass mail to amavisd via SMTP or LMTP) -$inet_socket_port = 10024; # accept SMTP on this local TCP port +$inet_socket_port = 10025; # accept SMTP on this local TCP port # (default is undef, i.e. disabled) # multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028]; @@ -494,7 +494,7 @@ # $final_virus_destiny = D_DISCARD; # (defaults to D_DISCARD) $final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) -$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE) +$final_spam_destiny = D_PASS; # (defaults to D_BOUNCE) $final_bad_header_destiny = D_PASS; # (defaults to D_PASS) # to explicitly list all (or most) possible contents category (ccat) keys: @@ -576,7 +576,7 @@ # Notify virus (or banned files or bad headers) RECIPIENT? # (not very useful, but some policies demand it) -#$warnvirusrecip = 1; # (defaults to false (undef)) +$warnvirusrecip = 1; # (defaults to false (undef)) #$warnbannedrecip = 1; # (defaults to false (undef)) #$warnbadhrecip = 1; # (defaults to false (undef)) @@ -598,6 +598,9 @@ qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i, qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i, qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i, + qr'badtrans|magistr|bagle'i, + qr'mthredir|sdboot.gen|funlove|yaha|zafi|gibe|lovgate|nyxem|mabutu'i + qr'plexus|mytob|SCO'i, qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc # [qr'^(EICAR|Joke\.|Junk\.)'i => 0], @@ -689,7 +692,7 @@ # or a directory (no trailing slash) # (the default value is undef, meaning no quarantine) # -$QUARANTINEDIR = '/var/virusmails'; # -Q +$QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q #$quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine @@ -1418,7 +1421,7 @@ [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), -# read_hash("/var/amavis/sender_scores_sitewide"), +# read_hash("/var/lib/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, @@ -1731,7 +1734,7 @@ # default values, customarily used in the @spam_*_level_maps as the last entry $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level; # undef is interpreted as lower than any spam level -$sa_tag2_level_deflt = 6.31;# add 'spam detected' headers at that level to +$sa_tag2_level_deflt = 4.9;# add 'spam detected' headers at that level to # passed mail, adding address extensions; $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions # at or above that level: bounce/reject/drop, @@ -1797,7 +1800,7 @@ # < dsn_cutoff_level <= quarantine_cutoff_level # string to prepend to Subject header field when message exceeds tag2 level -#$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) +$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) # (only seen when spam is passed and recipient is # in local_domains*) # more examples, using @*_maps directly: @@ -1900,15 +1903,15 @@ # ['Sophos SAVI', \&sophos_savi ], # ### http://www.clamav.net/ -# ['ClamAV-clamd', -# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], -# qr/\bOK$/, qr/\bFOUND$/, -# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], -# # NOTE: run clamd under the same user as amavisd, or run it under its own -# # uid such as clamav, add user clamav to the amavis group, and then add -# # AllowSupplementaryGroups to clamd.conf; -# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in -# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". +['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], + qr/\bOK$/, qr/\bFOUND$/, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], +# NOTE: run clamd under the same user as amavisd, or run it under its own +# uid such as clamav, add user clamav to the amavis group, and then add +# AllowSupplementaryGroups to clamd.conf; +# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +# this entry; when running chrooted one may prefer socket "$MYHOME/clamd". # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) # ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], @@ -1949,7 +1952,7 @@ # pack('N',0). # content size # pack('N',0), # '/var/drweb/run/drwebd.sock', -# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot +# # '/var/lib/amavis/var/run/drwebd.sock', # suitable for chroot # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default # # '127.0.0.1:3000', # or over an inet socket # ], @@ -1988,12 +1991,12 @@ '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ], # change the startup-script in /etc/init.d/kavd to: - # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" - # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) - # adjusting /var/amavis above to match your $TEMPBASE. - # The '-f=/var/amavis' is needed if not running it as root, so it + # DPARMS="-* -Y -dl -f=/var/lib/amavis /var/lib/amavis" + # (or perhaps: DPARMS="-I0 -Y -* /var/lib/amavis" ) + # adjusting /var/lib/amavis above to match your $TEMPBASE. + # The '-f=/var/lib/amavis' is needed if not running it as root, so it # can find, read, and write its pid file, etc., see 'man kavdaemon'. - # defUnix.prf: there must be an entry "*/var/amavis" (or whatever + # defUnix.prf: there must be an entry "*/var/lib/amavis" (or whatever # directory $TEMPBASE specifies) in the 'Names=' section. # cd /opt/AVP/DaemonClients; configure; cd Sample; make # cp AvpDaemonClient /opt/AVP/ --- amavisd-new-2.4.5/amavisd.confpch 2007-01-31 00:12:37.000000000 +0100 +++ amavisd-new-2.4.5/amavisd 2007-02-09 22:29:43.000000000 +0100 @@ -458,7 +458,7 @@ # BEGIN { # serves only as a quick default for other configuration settings - $MYHOME = '/var/amavis'; + $MYHOME = '/var/lib/amavis'; $mydomain = '!change-mydomain-variable!.example.com';#intentionally bad deflt # Create debugging output - true: log to stderr; false: log to syslog/file @@ -558,7 +558,7 @@ # # Receiving mail related - # $unix_socketname = '/var/amavis/amavisd.sock'; # old amavis client protocol + # $unix_socketname = '/var/lib/amavis/amavisd.sock'; # old amavis client protocol # $inet_socket_port = 10024; # accept SMTP on this TCP port # $inet_socket_port = [10024,10026,10027]; # ...possibly on more than one $inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface @@ -567,8 +567,8 @@ @mynetworks = qw( 127.0.0.0/8 ::1 FE80::/10 FEC0::/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); - $notify_method = 'smtp:[127.0.0.1]:10025'; - $forward_method = 'smtp:[127.0.0.1]:10025'; + $notify_method = 'smtp:[127.0.0.1]:10026'; + $forward_method = 'smtp:[127.0.0.1]:10026'; $resend_method = undef; # overrides $forward_method on defanging if nonempty $release_method = undef; # overrides $notify_method on releasing # from quarantine if nonempty @@ -2304,12 +2304,12 @@ # The $hashref argument is returned for convenience, so that one can do # for example: # $per_recip_whitelist_sender_lookup_tables = { -# '.my1.example.com' => read_hash({},'/var/amavis/my1-example-com.wl'), -# '.my2.example.com' => read_hash({},'/var/amavis/my2-example-com.wl') } +# '.my1.example.com' => read_hash({},'/var/lib/amavis/my1-example-com.wl'), +# '.my2.example.com' => read_hash({},'/var/lib/amavis/my2-example-com.wl') } # or even simpler: # $per_recip_whitelist_sender_lookup_tables = { -# '.my1.example.com' => read_hash('/var/amavis/my1-example-com.wl'), -# '.my2.example.com' => read_hash('/var/amavis/my2-example-com.wl') } +# '.my1.example.com' => read_hash('/var/lib/amavis/my1-example-com.wl'), +# '.my2.example.com' => read_hash('/var/lib/amavis/my2-example-com.wl') } # sub read_hash(@) { unshift(@_,{}) if !ref $_[0]; # first argument is optional, defaults to {} @@ -8997,7 +8997,7 @@ if (c('remove_existing_spam_headers')) { my(@which_headers) = qw( X-Spam-Status X-Spam-Level X-Spam-Flag X-Spam-Score - X-Spam-Report X-Spam-Checker-Version X-Spam-Tests); + X-Spam-Report X-Spam-Checker-Version X-Spam-Tests X-Scanned-By); push(@which_headers, qw( X-DSPAM-Result X-DSPAM-Confidence X-DSPAM-Probability X-DSPAM-Signature X-DSPAM-User X-DSPAM-Factors)) if defined $dspam; @@ -10076,7 +10076,7 @@ Amavis::Lookup::RE->new(@$Amavis::Conf::map_full_type_to_short_type_re); # default location of the config file if none specified -push(@config_files, '/etc/amavisd.conf') if !@config_files; +push(@config_files, '/etc/amavisd/amavisd.conf') if !@config_files; # Read/execute the config file, which may override default settings Amavis::Conf::read_config(@config_files); @@ -10538,7 +10538,7 @@ #sub lock_stat($) { # my($label) = @_; -# my($s) = qx'/usr/local/bin/db_stat-4.2 -c -h /var/amavis/db | /usr/local/bin/perl -ne \'$a{$2}=$1 if /^(\d+)\s+Total number of locks (requested|released)/; END {printf("%d, %d\n",$a{requested}, $a{requested}-$a{released})}\''; +# my($s) = qx'/usr/local/bin/db_stat-4.2 -c -h /var/lib/amavis/db | /usr/local/bin/perl -ne \'$a{$2}=$1 if /^(\d+)\s+Total number of locks (requested|released)/; END {printf("%d, %d\n",$a{requested}, $a{requested}-$a{released})}\''; # do_log(0, "lock_stat %s: %s", $label,$s); #} @@ -11864,9 +11864,9 @@ # 'recipient' must retain their relative order. # Required AM.PDP fields are: request, tempdir, sender, recipient(s) # request=AM.PDP - # tempdir=/var/amavis/amavis-milter-MWZmu9Di + # tempdir=/var/lib/amavis/amavis-milter-MWZmu9Di # tempdir_removed_by=client (tempdir_removed_by=server is a default) - # mail_file=/var/amavis/am.../email.txt (defaults to tempdir/email.txt) + # mail_file=/var/lib/amavis/am.../email.txt (defaults to tempdir/email.txt) # sender=<foo@example.com> # recipient=<bar1@example.net> # recipient=<bar2@example.net>