[pkg-kolab] r1498 - in kolabd/trunk: . debian debian/patches

Mathieu Parent sathieu at alioth.debian.org
Thu Jun 17 20:40:55 UTC 2010


Author: sathieu
Date: 2010-06-17 20:40:55 +0000 (Thu, 17 Jun 2010)
New Revision: 1498

Added:
   kolabd/trunk/debian/patches/92-cyrus-template.diff
   kolabd/trunk/debian/patches/93-amavisd-template.diff
Removed:
   kolabd/trunk/templates/
Modified:
   kolabd/trunk/debian/changelog
   kolabd/trunk/debian/patches/series
Log:
- imapd.group: chmod as upstream does (640) instead of 644
  now that user and group is ok
- move templates to patches (amavisd.conf.template.in and
  templates/imapd.conf.template.in)


Modified: kolabd/trunk/debian/changelog
===================================================================
--- kolabd/trunk/debian/changelog	2010-06-17 19:28:41 UTC (rev 1497)
+++ kolabd/trunk/debian/changelog	2010-06-17 20:40:55 UTC (rev 1498)
@@ -1,10 +1,12 @@
 kolabd (2.2.3-20091217-3) unstable; urgency=low
 
   * Change cyrus user and group in templates. Fix "Permissions on
-    /etc/imapd.group are wrong" (Closes: #581757)
-  * Switch to dpkg-source 3.0 (quilt) format
+    /etc/imapd.group are wrong" (Closes: #581757) and chmod as upstream
+    does (640) instead of 644
+  * Switch to dpkg-source 3.0 (quilt) format and move templates to patches
+    (amavisd.conf.template.in and templates/imapd.conf.template.in)
 
- -- Mathieu Parent <sathieu at debian.org>  Thu, 17 Jun 2010 21:21:13 +0200
+ -- Mathieu Parent <sathieu at debian.org>  Thu, 17 Jun 2010 22:40:41 +0200
 
 kolabd (2.2.3-20091217-2) unstable; urgency=medium
 

Added: kolabd/trunk/debian/patches/92-cyrus-template.diff
===================================================================
--- kolabd/trunk/debian/patches/92-cyrus-template.diff	                        (rev 0)
+++ kolabd/trunk/debian/patches/92-cyrus-template.diff	2010-06-17 20:40:55 UTC (rev 1498)
@@ -0,0 +1,442 @@
+Description: Adjustments in cyrus templates
+ Goal: Make imapd.conf template consistent with kolab-cyrus-imapd package.
+Author: Peter Eisentraut <petere at debian.org>
+Last-Update: <2010-06-17>
+--- kolabd-2.2.3-20091217.orig/templates/imapd.conf.template.in
++++ kolabd-2.2.3-20091217/templates/imapd.conf.template.in
+@@ -3,88 +3,358 @@ TARGET=@imap_confdir@/imapd.conf
+ PERMISSIONS=0640
+ OWNERSHIP=@imap_usr@:@imap_grp@
+ KOLAB_META_END
+-# (c) 2003 Tassilo Erlewein <tassilo.erlewein at erfrakon.de>
+-# (c) 2003-2006 Martin Konold <martin.konold at erfrakon.de>
+-# (c) 2003 Achim Frank <achim.frank at erfrakon.de>
+-# This program is Free Software under the GNU General Public License (>=v2).
+-# Read the file COPYING that comes with this packages for details.
+-
+-# This file is automatically written by the Kolab config backend.
+-# Manual additions are lost unless made to the template in the Kolab config directory.
+-# The template is @sysconfdir@/kolab/templates/imapd.conf.template
+-
+-
+-#   Warning: Do not use a trailing slash in paths!
+-configdirectory:        @imap_statedir@
+-partition-default:      @imap_spool@
+-
+-allowusermoves:         0
+-admins:                 @@@cyrus-admins|join( )@@@
+-sasl_pwcheck_method:    saslauthd
+-sasl_mech_list: 	plain
+-sendmail:               @sbindir@/sendmail
+-allowanonymouslogin:    no
+-allowplaintext:         yes
+-servername:             @@@fqdnhostname@@@
+-reject8bit:             no
+-munge8bit: 		no
+-quotawarn:              @@@cyrus-quotawarn@@@
+-lmtp_over_quota_perm_failure: 1
+-timeout:                30
+-sievedir:		@imap_sievedir@
+-lmtpsocket: 		@emailserver_socket@
+-
+-allowapop:              no
++# Debian Cyrus imapd.conf
++# $Id: imapd.conf 565 2006-08-14 16:51:28Z sven $
++# See imapd.conf(5) for more information and more options
++
++# Configuration directory
++configdirectory: /var/lib/cyrus
++
++# Which partition to use for default mailboxes
++defaultpartition: default
++partition-default: /var/spool/cyrus/mail
++
++# News setup
++partition-news: /var/spool/cyrus/news
++newsspool: /var/spool/news
++
++# Alternate namespace
++# If enabled, activate the alternate namespace as documented in
++# /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's
++# subfolders are in the same level as the INBOX
++# See also userprefix and sharedprefix on imapd.conf(5)
++altnamespace: no
++
++# UNIX Hierarchy Convention
++# Set to yes, and cyrus will accept dots in names, and use the forward
++# slash "/" to delimit levels of the hierarchy. This is done by converting
++# internally all dots to "^", and all "/" to dots. So the "rabbit.holes"
++# mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes"
++unixhierarchysep: yes
++
++# Rejecting illegal characters in headers
++# Headers of RFC2882 messages must not have characters with the 8th bit
++# set. However, too many badly-written MUAs generate this, including most
++# spamware. Enable this to reject such messages.
++#reject8bit: yes
++
++# Munging illegal characters in headers
++# Headers of RFC2882 messages must not have characters with the 8th bit
++# set. However, too many badly-written MUAs generate this, including most
++# spamware. If you kept reject8bit disabled, you can choose to leave the
++# crappage untouched by disabling this (if you don't care that IMAP SEARCH
++# won't work right anymore.
++#munge8bit: no
++
++# Forcing recipient user to lowercase
++# Cyrus 2.2 is case-sensitive.  If all your mail users are in lowercase, it is
++# probably a very good idea to set lmtp_downcase_rcpt to true.  This is set by 
++# default, per RFC2821. This was not set by default in debian versions up to
++# and including 2.2.12-4.
++lmtp_downcase_rcpt: yes
++
++# Uncomment the following and add the space-separated users who 
++# have admin rights for all services.
++admins: @@@cyrus-admins@@@
++
++# Space-separated list of users that have lmtp "admin" status (i.e. that
++# can deliver email through TCP/IP lmtp). If specified, this parameter
++# overrides the "admins" parameter above
++#lmtp_admins: postman
++
++# Space-separated list of users that have mupdate "admin" status, in
++# addition to those in the admins: entry above. Note that mupdate slaves and 
++# backends in a Murder cluster need to autenticate against the mupdate master
++# as admin users.
++#mupdate_admins: mupdateman
++
++# Space-separated list of users that have imapd "admin" status, in
++# addition to those in the admins: entry above
++#imap_admins: cyrus
++
++# Space-separated list of users that have sieve "admin" status, in
++# addition to those in the admins: entry above
++#sieve_admins: cyrus
++
++# List of users and groups that are allowed to proxy for other users,
++# seperated by spaces.  Any user listed in this will be allowed to login
++# for any other user.  Like "admins:" above, you can have imap_proxyservers
++# and sieve_proxyservers.
++#proxyservers: cyrus
++
++# No anonymous logins
++allowanonymouslogin: no
++
++# Minimum time between POP mail fetches in minutes
++# kolab note: this is disabled to get no errors at the client
++# in a groupware environment a client will connect more than
++# once in a minute
++#popminpoll: 1
++
++# If nonzero, normal users may create their own IMAP accounts by creating
++# the mailbox INBOX.  The user's quota is set to the value if it is positive,
++# otherwise the user has unlimited quota.
++autocreatequota: @@@cyrus-autocreatequota@@@
++
++# umask used by Cyrus programs
++umask: 077
++
++# Sendmail binary location
++# DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3. 
++# For now, to work around the bug, set this to a wrapper that calls 
++# /usr/sbin/sendmail -dropcr instead if you use Exim 3.
++#sendmail: /usr/sbin/sendmail
++
++# If enabled, cyrdeliver will look for Sieve scripts in user's home
++# directories: ~user/.sieve.
++sieveusehomedir: false
+ 
+-#tls_ca_file: 		@sysconfdir@/kolab/server.pem
+-tls_cert_file: 		@sysconfdir@/kolab/cert.pem
+-tls_key_file: 		@sysconfdir@/kolab/key.pem
++# If sieveusehomedir is false, this directory is searched for Sieve scripts.
++sievedir: /var/spool/sieve
+ 
+-altnamespace:           0
+-unixhierarchysep:       yes
+-lmtp_downcase_rcpt:	yes
+-username_tolower:       1
++# notifyd(8) method to use for "MAIL" notifications.  If not set, "MAIL"
++# notifications are disabled.  Valid methods are: null, log, zephyr
++mailnotifier: mailto
+ 
+-hashimapspool:          yes
+-#the fulldirhash optimization requires the rehash utility and the compile time switch --enable-fulldirhash
+-#fulldirhash:           yes
++# notifyd(8) method to use for "SIEVE" notifications.  If not set, "SIEVE"
++# notifications are disabled.  This method is only used when no method is
++# specified in the script.  Valid methods are null, log, zephyr, mailto
++sievenotifier: mailto
+ 
+-##virtdomains:            userid
++# DRAC (pop-before-smtp, imap-before-smtp) support
++# Set dracinterval to the time in minutes to call DRAC while a user is
++# connected to the imap/pop services. Set to 0 to disable DRAC (default)
++# Set drachost to the host where the rpc drac service is running
++#dracinterval: 0
++#drachost: localhost
++
++# If enabled, the partitions will also be hashed, in addition to the hashing
++# done on configuration directories. This is recommended if one partition has a
++# very bushy mailbox tree.
++hashimapspool: true
++
++# Allow plaintext logins by default (SASL PLAIN)
++allowplaintext: yes
++
++# Force PLAIN/LOGIN authentication only
++# (you need to uncomment this if you are not using an auxprop-based SASL
++# mechanism.  saslauthd users, that means you!). And pay attention to
++# sasl_minimum_layer and allowapop below, too.
++sasl_mech_list: PLAIN
++
++# Allow use of the POP3 APOP authentication command.
++# Note that this command requires that the plaintext passwords are 
++# available in a SASL auxprop backend (eg. sasldb), and that the system
++# can provide enough entropy (eg. from /dev/urandom) to create a challenge
++# in the banner.
++#allowapop: no
++
++# The minimum SSF that the server will allow a client to negotiate. A
++# value of 1 requires integrity protection; any higher value requires some
++# amount of encryption.
++#sasl_minimum_layer: 0
++
++# The maximum SSF that the server will allow a client to negotiate. A
++# value of 1 requires integrity protection; any higher value requires some
++# amount of encryption.
++#sasl_maximum_layer: 256
++
++# List of remote realms whose users may log in using cross-realm
++# authentications. Seperate each realm name by a space. A cross-realm
++# identity is considered any identity returned by SASL with an "@" in it.
++# NOTE: To support multiple virtual domains on the same interface/IP,
++# you need to list them all as loginreals. If you don't list them here,
++# (most of) your users probably won't be able to log in.
++loginrealms: @@@postfix-mydomain@@@ @@@postfix-mydestination|join( )@@@
++
++# Enable virtual domain support.  If enabled, the user's domain will
++# be determined by splitting a fully qualified userid at the last '@'
++# or '%' symbol.  If the userid is unqualified, and the virtdomains
++# option is set to "on", then the domain will be determined by doing
++# a reverse lookup on the IP address of the incoming network
++# interface, otherwise the user is assumed to be in the default
++# domain (if set).
++# Kolab uses ldap for virtual domains
++virtdomains: ldap
++
++# The default domain for virtual domain support
++# If the domain of a user can't be taken from its login and it can't
++# be determined by doing a reverse lookup on the interface IP, this
++# domain is used.
++#defaultdomain: 
++
++#
++# SASL library options (these are handled directly by the SASL libraries,
++# refer to SASL documentation for an up-to-date list of these)
++#
++
++# The mechanism(s) used by the server to verify plaintext passwords. Possible
++# values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue".  They
++# are tried in order, you can specify more than one, separated by spaces.
++#
++# Do note that, since sasl will be run as user cyrus, you may have a lot of
++# trouble to set this up right.
++sasl_pwcheck_method: saslauthd
++
++# What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
++# by default, all plugins are tried (which is probably NOT what you want).
++#sasl_auxprop_plugin: sasldb
++
++# If enabled, the SASL library will automatically create authentication secrets
++# when given a plaintext password. Refer to SASL documentation 
++sasl_auto_transition: no
++
++#
++# SSL/TLS Options
++#
++
++# File containing the global certificate used for ALL services (imap, pop3,
++# lmtp, sieve)
++tls_cert_file: @sysconfdir@/kolab/cert.pem
++
++# File containing the private key belonging to the global server certificate.
++tls_key_file: @sysconfdir@/kolab/key.pem
++
++# File containing the certificate used for imap. If not specified, the global
++# certificate is used.  A value of "disabled" will disable SSL/TLS for imap.
++#imap_tls_cert_file: /etc/ssl/certs/cyrus-imap.pem
++
++# File containing the private key belonging to the imap-specific server
++# certificate.  If not specified, the global private key is used.  A value of
++# "disabled" will disable SSL/TLS for imap.
++#imap_tls_key_file: /etc/ssl/private/cyrus-imap.key
++
++# File containing the certificate used for pop3. If not specified, the global
++# certificate is used.  A value of "disabled" will disable SSL/TLS for pop3.
++#pop3_tls_cert_file: /etc/ssl/certs/cyrus-pop3.pem
++
++# File containing the private key belonging to the pop3-specific server
++# certificate.  If not specified, the global private key is used.  A value of
++# "disabled" will disable SSL/TLS for pop3.
++#pop3_tls_key_file: /etc/ssl/private/cyrus-pop3.key
++
++# File containing the certificate used for lmtp. If not specified, the global
++# certificate is used.  A value of "disabled" will disable SSL/TLS for lmtp.
++#lmtp_tls_cert_file: /etc/ssl/certs/cyrus-lmtp.pem
++
++# File containing the private key belonging to the lmtp-specific server
++# certificate.  If not specified, the global private key is used.  A value of
++# "disabled" will disable SSL/TLS for lmtp.
++#lmtp_tls_key_file: /etc/ssl/private/cyrus-lmtp.key
++
++# File containing the certificate used for sieve. If not specified, the global
++# certificate is used.  A value of "disabled" will disable SSL/TLS for sieve.
++#sieve_tls_cert_file: /etc/ssl/certs/cyrus-sieve.pem
++
++# File containing the private key belonging to the sieve-specific server
++# certificate.  If not specified, the global private key is used.  A value of
++# "disabled" will disable SSL/TLS for sieve.
++#sieve_tls_key_file: /etc/ssl/private/cyrus-sieve.key
++
++# File containing one or more Certificate Authority (CA) certificates.
++#tls_ca_file: @sysconfdir@/kolab/server.pem
++
++# Path to directory with certificates of CAs.
++tls_ca_path: /etc/ssl/certs
++
++# The length of time (in minutes) that a TLS session will be cached for later
++# reuse.  The maximum value is 1440 (24 hours), the default.  A value of 0 will
++# disable session caching.
++tls_session_timeout: 1440
++
++# The list of SSL/TLS ciphers to allow, in decreasing order of precedence.  
++# The format of the string is described in ciphers(1).  The Debian default
++# selects TLSv1 high-security ciphers only, and removes all anonymous ciphers
++# from the list (because they provide no defense against man-in-the-middle
++# attacks).  It also orders the list so that stronger ciphers come first.
++tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
++
++# Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
++#tls_require_cert: false
++
++# Require a client certificate for imap ONLY.
++#imap_tls_require_cert: false
++
++# Require a client certificate for pop3 ONLY.
++#pop3_tls_require_cert: false
++
++# Require a client certificate for lmtp ONLY.
++#lmtp_tls_require_cert: false
++
++# Require a client certificate for sieve ONLY.
++#sieve_tls_require_cert: false
++
++#
++# Cyrus Murder cluster configuration
++#
++# Set the following options to the values needed for this server to
++# autenticate against the mupdate master server:
++# mupdate_server
++# mupdate_port
++# mupdate_username
++# mupdate_authname
++# mupdate_realm
++# mupdate_password
++# mupdate_retry_delay
++
++##
++## KEEP THESE IN SYNC WITH cyrus.conf
++##
++# Unix domain socket that lmtpd listens on.
++lmtpsocket: /var/run/cyrus/socket/lmtp
++
++# The idle backend to use for IDLE command.
++# Options: poll (default), idled, no
++# poll doesn't need the idled daemon and is supposed to be more robust.
++# however it doesn't update as quickly as the idled backend does. "no"
++# turns off IDLE support. If set to "idled", you will also need to enable
++# the "idled" entry in cyrus.conf.
++idlemethod: poll
++
++# Unix domain socket that idled listens on.
++idlesocket: /var/run/cyrus/socket/idle
++
++# Unix domain socket that the new mail notification daemon listens on.
++notifysocket: /var/run/cyrus/socket/notify
++
++# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.)
++syslog_prefix: cyrus
++
++##
++## DEBUGGING
++##
++# Debugging hook. See /usr/share/doc/kolab-cyrus-common/README.Debian.debug
++# Keep the hook disabled when it is not in use
++#
++# gdb Back-traces
++#debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &
++#
++# system-call traces
++#debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 &
++#
++# library traces
++#debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 &
++
++##
++## Kolab-specific additions
++##
+ 
+-loginrealms:		@@@postfix-mydestination|join( )@@@
++servername: @@@fqdnhostname@@@
++quotawarn: @@@cyrus-quotawarn@@@
++lmtp_over_quota_perm_failure: 1
+ 
+ # support for lookup of mailbox name from local LDAP server
+-ldap_uri:               @@@user_ldap_uri@@@
+-ldap_base:              @@@base_dn@@@ 
+-ldap_bind_dn:           @@@php_dn@@@
+-ldap_password:          @@@php_pw@@@
+-ldap_time_limit:        15
+-
+-virtdomains:            ldap
+-
+-## Murder slave setup
+-#mupdate_server:         XXX
+-#mupdate_port:           3905
+-#mupdate_authname:       manager
+-#mupdate_password:       xxx
++ldap_uri:		@@@user_ldap_uri@@@
++ldap_base:		@@@base_dn@@@
++ldap_bind_dn:		@@@php_dn@@@
++ldap_password:		@@@php_pw@@@
++ldap_time_limit:	15
+ 
+ # add support for posting to shared folders
+ postuser: kolab
+ userprefix: user
+ sharedprefix: shared
+ 
+-# add support for sieve based notifications
+-notifysocket: @imap_notify_socket@
+-sievenotifier: mailto
+-mailnotifier: mailto
+-
+-# the sieve extensions that should be enabled on the server
+-sieve_extensions: fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy
+-
+-# Uncomment to use berkeley db backend instead of skiplist:
+-#annotation_db: berkeley
+-#mboxlist_db: berkeley
+-
+ # Don't discard emails with identical message-id header (enabled by default):
+ duplicatesuppression: 0
+ 
+@@ -93,6 +363,3 @@ duplicatesuppression: 0
+ # The minimum value is 1.  A value of 0 will disable polling (and disable IDLE if polling is
+ # the only method available).
+ imapidlepoll: 5
+-
+-# Load definitions for vendor annotations
+-annotation_definitions: @imap_confdir@/imapd.annotation_definitions
+

Added: kolabd/trunk/debian/patches/93-amavisd-template.diff
===================================================================
--- kolabd/trunk/debian/patches/93-amavisd-template.diff	                        (rev 0)
+++ kolabd/trunk/debian/patches/93-amavisd-template.diff	2010-06-17 20:40:55 UTC (rev 1498)
@@ -0,0 +1,1542 @@
+Description: Adjustments in amavisd templates
+ amavis-new: add a template to redirect scanned messages to the postfix
+ port 10026. With default port, messages bounce when amavis is enabled. 
+Author: Mathieu Parent <math.parent at gmail.com>
+Bug-Debian: http://bugs.debian.org/499094
+Last-Update: <2008-11-12>
+--- kolabd-2.2.3-20091217.orig/templates/amavisd.conf.template.in
++++ kolabd-2.2.3-20091217/templates/amavisd.conf.template.in
+@@ -1,1523 +1,19 @@
+ KOLAB_META_START
+-TARGET=@amavisd_conffile@
++TARGET=/etc/amavis/conf.d/40-kolab
+ PERMISSIONS=0640
+-OWNERSHIP=@amavisd_usr@:@amavisd_grp@
++OWNERSHIP=root:root
+ KOLAB_META_END
+ # this file is automatically written by the Kolab config backend
+ # manual additions are lost unless made to the template in the Kolab config directory
+ 
+ use strict;
+ 
+-# Configuration file for amavisd-new
+-#
+-# This software is licensed under the GNU General Public License (GPL).
+-# See comments at the start of amavisd-new for the whole license text.
++##
++## Kolab
++##
++
++# reinjection path
++$notify_method  = 'smtp:[127.0.0.1]:10026'; # notifications about scanned messages
++$forward_method = $notify_method; # scanned messages
+ 
+-#Sections:
+-# Section I    - Essential daemon and MTA settings
+-# Section II   - MTA specific
+-# Section III  - Logging
+-# Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
+-# Section V    - Per-recipient and per-sender handling, whitelisting, etc.
+-# Section VI   - Resource limits
+-# Section VII  - External programs, virus scanners, SpamAssassin
+-# Section VIII - Debugging
+-# Section IX   - Policy Banks
+-
+-#GENERAL NOTES:
+-#  This file is a normal Perl code, interpreted by Perl itself.
+-#  - make sure this file (or directory where it resides) is NOT WRITABLE
+-#    by mere mortals, otherwise it represents a severe security risk!
+-#  - for values which are interpreted as booleans, it is recommended
+-#    to use 1 for true, and 0 or undef or '' for false.
+-#    THIS IS DIFFERENT FROM OLDER AMAVIS VERSIONS where "no" also meant false,
+-#    now it means true, like any nonempty string does!
+-#  - Perl syntax applies. Most notably: strings in "" may include variables
+-#    (which start with $ or @); to include characters @ and $ in double
+-#    quoted strings, precede them by a backslash; in single-quoted strings
+-#    the $ and @ lose their special meaning, so it is usually easier to use
+-#    single quoted strings. Still, in both cases backslash needs to be doubled.
+-#  - variables with names starting with a '@' are lists, the values assigned
+-#    to them should be lists as well, e.g. ('one at foo', $mydomain, "three");
+-#    note the comma-separation and parenthesis. If strings in the list
+-#    do not contain spaces nor variables, a Perl operator qw() may be used
+-#    as a shorthand to split its argument on whitespace and produce a list
+-#    of strings, e.g. qw( one at foo example.com three );  Note that the argument
+-#    to qw is quoted implicitly and no variable interpretation is done within
+-#    (no '$' variable evaluations). The #-initiated comments can not be used
+-#    within the string. In other words, $ and # lose their special meaning
+-#    within a qw argument, just like within '...' strings.
+-#  - all e-mail addresses in this file and as used internally by the daemon
+-#    are in their raw (rfc2821-unquoted and nonbracketed) form, i.e. 
+-#    Bob "Funny" Dude at example.com, not: "Bob \"Funny\" Dude"@example.com
+-#    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.
+-
+-
+-#
+-# Section I - Essential daemon and MTA settings
+-#
+-
+-# $MYHOME serves as a quick default for some other configuration settings.
+-# More refined control is available with each individual setting further down.
+-$MYHOME = '@amavisd_home@';
+-
+-# $mydomain serves as a quick default for some other configuration settings.
+-# More refined control is available with each individual setting further down.
+-# $mydomain is never used directly by the program.
+-#$mydomain = 'example.com';      # (no useful default)
+-$mydomain = '@@@postfix-mydomain@@@';
+-
+-$myhostname = '@@@fqdnhostname@@@';  # fqdn of this host, default by uname(3)
+-
+-# Set the user and group to which the daemon will change if started as root
+-# (otherwise just keeps the UID unchanged, and these settings have no effect):
+-$daemon_user  = q{@amavisd_rusr@};	# (no default;  customary: vscan or amavis)
+-$daemon_group = q{@amavisd_grp@};	# (no default;  customary: vscan or amavis)
+-
+-# Runtime working directory (cwd), and a place where
+-# temporary directories for unpacking mail are created.
+-# (no trailing slash, may be a scratch file system)
+-$TEMPBASE = $MYHOME;	        # (must be set if other config vars use is)
+-#$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir @amavisd_home@ clean?
+-
+-# $helpers_home sets environment variable HOME, and is passed as option
+-# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
+-# on a normal persistent file system, not a scratch or temporary file system
+-#$helpers_home = $MYHOME;	# (defaults to $MYHOME)
+-
+-# Run the daemon in the specified chroot jail if nonempty:
+-#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)
+-
+-#$pid_file  = "$MYHOME/amavisd.pid";  # (default is "$MYHOME/amavisd.pid")
+-#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
+-
+-# set environment variables if you want (no defaults):
+-$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
+-#...
+-
+-# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
+-# both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'
+-
+-# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
+-# (set host and port number as required; host can be specified
+-# as IP address or DNS name (A or CNAME, but MX is ignored)
+-$forward_method = 'smtp:@@@local_addr@@@:10026';  # where to forward checked mail
+-$notify_method = $forward_method;          # where to submit notifications
+-
+-# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
+-#       uncomment the appropriate settings below if using other setups!
+-
+-# SENDMAIL MILTER, using amavis-milter.c helper program:
+-#$forward_method = undef;  # no explicit forwarding, sendmail does it by itself
+-# milter; option -odd is needed to avoid deadlocks
+-#$notify_method = 'pipe:flags=q argv=@sbindir@/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
+-# just a thought: can we use use -Am instead of -odd ?
+-
+-# SENDMAIL (old non-milter setup, as relay):
+-#$forward_method = 'pipe:flags=q argv=@sbindir@/sendmail -C at sysconfdir@/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
+-#$notify_method = $forward_method;
+-
+-# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
+-#$forward_method = undef;  # no explicit forwarding, amavis.c will call LDA
+-#$notify_method = 'pipe:flags=q argv=@sbindir@/sendmail -Ac -i -f ${sender} -- ${recipient}';
+-
+-# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
+-#$forward_method = 'pipe:flags=q argv=@sbindir@/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
+-#$notify_method = $forward_method;
+-
+-# prefer to collect mail for forwarding as BSMTP files?
+-#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
+-#$notify_method = $forward_method;
+-
+-
+-# Net::Server pre-forking settings
+-# You may want $max_servers to match the width of your MTA pipe
+-# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
+-# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp
+-#
+-$max_servers  =  2;   # number of pre-forked children          (default 2)
+-$max_requests = 10;   # retire a child after that many accepts (default 10)
+-
+-$child_timeout=5*60;  # abort child if it does not complete each task in n sec
+-                      # (default: 8*60 seconds)
+-
+-# Check also the settings of @av_scanners at the end if you want to use
+-# virus scanners. If not, you may want to delete the whole long assignment
+-# to the variable @av_scanners, which will also remove the virus checking
+-# code (e.g. if you only want to do spam scanning).
+-
+-# Here is a QUICK WAY to completely DISABLE some sections of code
+-# that WE DO NOT WANT (it won't even be compiled-in).
+-# For more refined controls leave the following two lines commented out,
+-# and see further down what these two lookup lists really mean.
+-#
+-# @bypass_virus_checks_acl = qw( . );  # uncomment to DISABLE anti-virus code
+-# @bypass_spam_checks_acl  = qw( . );  # uncomment to DISABLE anti-spam code
+-#
+-# Any setting can be changed with a new assignment, so make sure
+-# you do not unintentionally override these settings further down!
+-
+-
+-# Lookup list of local domains (see README.lookups for syntax details)
+-#
+-# NOTE:
+-#   For backwards compatibility the variable names @local_domains (old) and
+-#   @local_domains_acl (new) are synonyms. For consistency with other lookups
+-#   the name @local_domains_acl is now preferred. It also makes it more
+-#   obviously distinct from the new %local_domains hash lookup table.
+-#
+-# local_domains* lookup tables are used in deciding whether a recipient
+-# is local or not, or in other words, if the message is outgoing or not.
+-# This affects inserting spam-related headers for local recipients,
+-# limiting recipient virus notifications (if enabled) to local recipients,
+-# in deciding if address extension may be appended, and in SQL lookups
+-# for non-fqdn addresses. Set it up correctly if you need features
+-# that rely on this setting (or just leave empty otherwise).
+-#
+-# With Postfix (2.0) a quick reminder on what local domains normally are:
+-# a union of domains specified in: $mydestination, $virtual_alias_domains,
+-# $virtual_mailbox_domains, and $relay_domains.
+-#
+-# @local_domains_acl = ( ".$mydomain" );  # $mydomain and its subdomains
+-# @local_domains_acl = qw();  # default is empty, no recipient treated as local
+-# @local_domains_acl = qw( .example.com );
+-# @local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net );
+-# @local_domains_acl = ( ".$mydomain", '.example.com', 'sub.example.net' );
+- at local_domains_acl = ( ".@@@postfix-mydestination|join(", ".)@@@" );
+-
+-# or alternatively(A), using a Perl hash lookup table, which may be assigned
+-# directly, or read from a file, one domain per line; comments and empty lines
+-# are ignored, a dot before a domain name implies its subdomains:
+-#
+-#read_hash(\%local_domains, '@amavisd_home@/local_domains');
+-
+-#or alternatively(B), using a list of regular expressions:
+-# $local_domains_re = new_RE( qr'[@.]example\.com$'i );
+-#
+-# see README.lookups for syntax and semantics
+-
+-
+-#
+-# Section II - MTA specific (defaults should be ok)
+-#
+-
+-# If $relayhost_is_client is true, the IP address in $notify_method and
+-# $forward_method is dynamically overridden with SMTP client peer address
+-# (if available), which makes possible for several hosts to share one daemon.
+-# The static port number is also overridden, and is dynamically calculated
+-# as being one above the incoming SMTP/LMTP session port number.
+-#$relayhost_is_client = 1;        # (defaults to false)
+-
+-#$insert_received_line = 1;       # behave like MTA: insert 'Received:' header
+-			          # (does not apply to sendmail/milter)
+-			          # (default is true)
+-
+-# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
+-#   (used with amavis helper clients like amavis-milter.c and amavis.c,
+-#   NOT needed for Postfix or Exim or dual-sendmail - keep it undefined.
+-$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
+-#$unix_socketname = undef;        # disable listening on a unix socket
+-                                  # (default is undef, i.e. disabled)
+-                                  # (usual setting is $MYHOME/amavisd.sock)
+-
+-# Do we receive quoted or raw addresses from the helper program?
+-# (does not apply to SMTP;  defaults to true)
+-#$gets_addr_in_quoted_form = 1;   # "Bob \"Funny\" Dude"@example.com
+-#$gets_addr_in_quoted_form = 0;   # Bob "Funny" Dude at example.com
+-
+-
+-
+-# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
+-#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
+-$inet_socket_port = 10024;        # accept SMTP on this local TCP port
+-                                  # (default is undef, i.e. disabled)
+-# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
+-
+-# SMTP SERVER (INPUT) access control
+-# - do not allow free access to the amavisd SMTP port !!!
+-#
+-# when MTA is at the same host, use the following (one or the other or both):
+-$inet_socket_bind = '@@@local_addr@@@'; # limit socket bind to loopback interface
+-                                  # (default is '127.0.0.1')
+- at inet_acl = qw( @@@local_addr@@@ );      # allow SMTP access only from localhost IP
+-                                  # (default is qw( 127.0.0.1 ) )
+-
+-# when MTA (one or more) is on a different host, use the following:
+-#@inet_acl = qw(127/8 10.1.0.1 10.1.0.2);  # adjust the list as appropriate
+-#$inet_socket_bind = undef;       # bind to all IP interfaces if undef
+-
+-#
+-# Example1:
+-# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
+-# permit only SMTP access from loopback and rfc1918 private address space
+-#
+-# Example2:
+-# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
+-#		  127.0.0.1 10/8 172.16/12 192.168/16 );
+-# matches loopback and rfc1918 private address space except host 192.168.1.12
+-# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
+-#
+-# Example3:
+-# @inet_acl = qw( 127/8
+-#		  !172.16.3.0   !172.16.3.127 172.16.3.0/25
+-#		  !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
+-# matches loopback and both halves of the 172.16.3/24 C-class,
+-# split into two subnets, except all four broadcast addresses
+-# for these subnets
+-#
+-# See README.lookups for details on specifying access control lists.
+-
+-
+-#
+-# Section III - Logging
+-#
+-
+-# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file
+-$DO_SYSLOG = 0;                   # (defaults to false)
+-#$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')
+-
+-# Log file (if not using syslog)
+-$LOGFILE = "@amavisd_logfile@"; # (defaults to empty, no log)
+-
+-#NOTE: levels are not strictly observed and are somewhat arbitrary
+-# 0: startup/exit/failure messages, viruses detected
+-# 1: args passed from client, some more interesting messages
+-# 2: virus scanner output, timing
+-# 3: server, client
+-# 4: decompose parts
+-# 5: more debug details
+-#$log_level = 5;		  # (defaults to 0)
+-
+-# Customizable template for the most interesting log file entry (e.g. with
+-# $log_level=0) (take care to properly quote Perl special characters like '\')
+-# For a list of available macros see README.customize .
+-
+-# only log infected messages (useful with log level 0):
+-# $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])]#
+-# [? %#V |[? %#F ||, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]#
+-# |, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]';
+-
+-# log both infected and noninfected messages (default):
+-$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
+-<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
+-
+-
+-#
+-# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
+-#
+-
+-# Select notifications text encoding when Unicode-aware Perl is converting
+-# text from internal character representation to external encoding (charset
+-# in MIME terminology). Used as argument to Perl Encode::encode subroutine.
+-#
+-#   to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
+-#$hdr_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
+-#
+-#   to be used in notification body text: its encoding and Content-type.charset
+-#$bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
+-
+-# Default template texts for notifications may be overruled by directly
+-# assigning new text to template variables, or by reading template text
+-# from files. A second argument may be specified in a call to read_text(),
+-# specifying character encoding layer to be used when reading from the
+-# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
+-# Text will be converted to internal character representation by Perl 5.8.0
+-# or later; second argument is ignored otherwise. See PerlIO::encoding,
+-# Encode::PerlIO and perluniintro man pages.
+-#
+-# $notify_sender_templ      = read_text('@amavisd_home@/notify_sender.txt');
+-# $notify_virus_sender_templ= read_text('@amavisd_home@/notify_virus_sender.txt');
+-# $notify_virus_admin_templ = read_text('@amavisd_home@/notify_virus_admin.txt');
+-# $notify_virus_recips_templ= read_text('@amavisd_home@/notify_virus_recips.txt');
+-# $notify_spam_sender_templ = read_text('@amavisd_home@/notify_spam_sender.txt');
+-# $notify_spam_admin_templ  = read_text('@amavisd_home@/notify_spam_admin.txt');
+-
+-# If notification template files are collectively available in some directory,
+-# use read_l10n_templates which calls read_text for each known template.
+-#
+-read_l10n_templates('@amavisd_templatedir@/en_US');
+-#read_l10n_templates('@amavisd_templatedir@/de');
+-
+-
+-# Here is an overall picture (sequence of events) of how pieces fit together
+-# (only virus controls are shown, spam controls work the same way):
+-#
+-#   bypass_virus_checks set for all recipients? ==> PASS
+-#   no viruses?   ==> PASS
+-#   log virus     if $log_templ is nonempty
+-#   quarantine    if $virus_quarantine_to is nonempty
+-#   notify admin  if $virus_admin (lookup) nonempty
+-#   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
+-#   add address extensions for local recipients (when enabled)
+-#   send (non-)delivery notifications
+-#      to sender if DSN needed (BOUNCE or ($warnvirussender and D_PASS))
+-#   virus_lovers or final_destiny==D_PASS  ==> PASS
+-#   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
+-#
+-# Equivalent flow diagram applies for spam checks.
+-# If a virus is detected, spam checking is skipped entirely.
+-
+-# The following symbolic constants can be used in *destiny settings:
+-#
+-# D_PASS     mail will pass to recipients, regardless of bad contents;
+-#
+-# D_DISCARD  mail will not be delivered to its recipients, sender will NOT be
+-#            notified. Effectively we lose mail (but will be quarantined
+-#            unless disabled). Losing mail is not decent for a mailer,
+-#            but might be desired.
+-#
+-# D_BOUNCE   mail will not be delivered to its recipients, a non-delivery
+-#            notification (bounce) will be sent to the sender by amavisd-new;
+-#            Exception: bounce (DSN) will not be sent if a virus name matches
+-#            $viruses_that_fake_sender_re, or to messages from mailing lists
+-#            (Precedence: bulk|list|junk);
+-#
+-# D_REJECT   mail will not be delivered to its recipients, sender should
+-#            preferably get a reject, e.g. SMTP permanent reject response
+-#            (e.g. with milter), or non-delivery notification from MTA
+-#            (e.g. Postfix). If this is not possible (e.g. different recipients
+-#            have different tolerances to bad mail contents and not using LMTP)
+-#            amavisd-new sends a bounce by itself (same as D_BOUNCE).
+-#
+-# Notes:
+-#   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
+-#            for informing the sender about non-delivery, and how informative
+-#            the notification can be (amavisd-new knows more than MTA);
+-#   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
+-#            notification, colloquially called 'bounce') - depending on MTA;
+-#            Best suited for sendmail milter, especially for spam.
+-#   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
+-#            reason for mail non-delivery, but unable to reject the original
+-#            SMTP session). Best suited to reporting viruses, and for Postfix
+-#            and other dual-MTA setups, which can't reject original client SMTP
+-#            session, as the mail has already been enqueued.
+-
+-$final_virus_destiny      = D_DISCARD;  # (defaults to D_BOUNCE)
+-$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)
+-$final_spam_destiny       = D_PASS;  # (defaults to D_REJECT)
+-$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested
+-
+-# Alternatives to consider for spam:
+-# - use D_PASS if clients will do filtering based on inserted mail headers;
+-# - use D_DISCARD, if kill_level is set safely high;
+-# - use D_BOUNCE instead of D_REJECT if not using milter;
+-#
+-# D_BOUNCE is preferred for viruses, but consider:
+-# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
+-# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
+-#   virus storm;
+-#
+-# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
+-# to D_BOUNCE.
+-#
+-# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
+-# and D_PASS made settings $warnvirussender and $warnspamsender only still
+-# useful with D_PASS.
+-
+-# The following $warn*sender settings are ONLY used when mail is
+-# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
+-# Bounces or rejects produce non-delivery status notification anyway.
+-
+-# Notify virus sender?
+-#$warnvirussender = 1;	# (defaults to false (undef))
+-
+-# Notify spam sender?
+-#$warnspamsender = 1;	# (defaults to false (undef))
+-
+-# Notify sender of banned files?
+-#$warnbannedsender = 1;	# (defaults to false (undef))
+-
+-# Notify sender of syntactically invalid header containing non-ASCII characters?
+-#$warnbadhsender = 1;	# (defaults to false (undef))
+-
+-# Notify virus (or banned files) RECIPIENT?
+-#  (not very useful, but some policies demand it)
+-$warnvirusrecip = 1;	# (defaults to false (undef))
+-$warnbannedrecip = 1;	# (defaults to false (undef))
+-
+-# Notify also non-local virus/banned recipients if $warn*recip is true?
+-#  (including those not matching local_domains*)
+-#$warn_offsite = 1;	# (defaults to false (undef), i.e. only notify locals)
+-
+-
+-# Treat envelope sender address as unreliable and don't send sender
+-# notification / bounces if name(s) of detected virus(es) match the list.
+-# Note that virus names are supplied by external virus scanner(s) and are
+-# not standardized, so virus names may need to be adjusted.
+-# See README.lookups for syntax, check also README.policy-on-notifications
+-#
+-# $viruses_that_fake_sender_re = new_RE(
+-#   qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
+-#   qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
+-#   qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
+-#   qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
+-#   qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and @bindir@/uvscan
+-#   qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
+-#   [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
+-#   [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
+-#   [qr/.*/ => 1],  # true by default  (remove or comment-out if undesired)
+-# );
+-# Since we only bounce to internal users with trusted addresses,
+-# we'll leave this empty
+-$viruses_that_fake_sender_re = new_RE();
+- at viruses_that_fake_sender_maps = ();
+-
+-
+-# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
+-# - the administrator address may be a simple fixed e-mail address (a scalar),
+-#   or may depend on the SENDER address (e.g. its domain), in which case
+-#   a ref to a hash table can be specified (specify lower-cased keys,
+-#   dot is a catchall, see README.lookups).
+-#
+-#   Empty or undef lookup disables virus admin notifications.
+-
+-#$virus_admin = "virusalert\@$mydomain";
+- $virus_admin = undef;   # do not send virus admin notifications (default)
+-# $virus_admin = {'not.example.com' => '', '.' => 'virusalert at example.com'};
+-# $virus_admin = 'virus-admin at example.com';
+-
+-# equivalent to $virus_admin, but for spam admin notifications:
+-# $spam_admin = "spamalert\@$mydomain";
+-# $spam_admin = undef;    # do not send spam admin notifications (default)
+-# $spam_admin = {'not.example.com' => '', '.' => 'spamalert at example.com'};
+-
+-#advanced example, using a hash lookup table:
+-#$virus_admin = {
+-# 'baduser at sub1.example.com' => 'HisBoss at sub1.example.com',
+-# '.sub1.example.com'  => 'virusalert at sub1.example.com',
+-# '.sub2.example.com'  => '',                  # don't send admin notifications
+-# 'a.sub3.example.com' => 'abuse at sub3.example.com',
+-# '.sub3.example.com'  => 'virusalert at sub3.example.com',
+-# '.example.com'       => 'noc at example.com',   # catchall for our virus senders
+-# '.'                  => 'virusalert at hq.example.com',  # catchall for the rest
+-#};
+-
+-
+-# whom notification reports are sent from (ENVELOPE SENDER);
+-# may be a null reverse path, or a fully qualified address:
+-#   (admin and recip sender addresses default to $mailfrom
+-#   for compatibility, which in turn defaults to undef (empty) )
+-#   If using strings in double quotes, don't forget to quote @, i.e. \@
+-#
+-$mailfrom_notify_admin     = "virusalert\@$mydomain";
+-$mailfrom_notify_recip     = "virusalert\@$mydomain";
+-$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
+-
+-# 'From' HEADER FIELD for sender and admin notifications.
+-# This should be a replyable address, see rfc1894. Not to be confused
+-# with $mailfrom_notify_sender, which is the envelope return address
+-# and should be empty (null reverse path) according to rfc2821.
+-#
+-# The syntax of the 'From' header field is specified in rfc2822, section
+-# '3.4. Address Specification'. Note in particular that display-name must be
+-# a quoted-string if it contains any special characters like spaces and dots.
+-#
+-# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
+-# $hdrfrom_notify_sender = 'amavisd-new <postmaster at example.com>';
+-# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster at example.com>';
+-#   (defaults to: "amavisd-new <postmaster\@$myhostname>")
+-# $hdrfrom_notify_admin = $mailfrom_notify_admin;
+-#   (defaults to: $mailfrom_notify_admin)
+-# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
+-#   (defaults to: $mailfrom_notify_spamadmin)
+-
+-# whom quarantined messages appear to be sent from (envelope sender);
+-# keeps original sender if undef, or set it explicitly, default is undef
+-$mailfrom_to_quarantine = '';   # override sender address with null return path
+-
+-
+-# Location to put infected mail into: (applies to 'local:' quarantine method)
+-#   empty for not quarantining, may be a file (mailbox),
+-#   or a directory (no trailing slash)
+-#   (the default value is undef, meaning no quarantine)
+-#
+-$QUARANTINEDIR = '@amavisd_home@/virusmails';
+-
+-#$virus_quarantine_method = "local:virus-%i-%n";    # default
+-#$spam_quarantine_method  = "local:spam-%b-%i-%n";  # default
+-$bad_header_quarantine_method = undef;              # default: 'local:badh-%m';
+-#
+-#use the new 'bsmtp:' method as an alternative to the default 'local:'
+-#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
+-#$spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";
+-
+-# When using the 'local:' quarantine method (default), the following applies:
+-#
+-# A finer control of quarantining is available through variable
+-# $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string,
+-# or a ref to a hash lookup table, or a regexp lookup table object,
+-# which makes possible to set up per-recipient quarantine addresses.
+-#
+-# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
+-# per-recipient lookup result from the hash table %$virus_quarantine_to)
+-# is/are interpreted as follows:
+-#
+-# VARIANT 1:
+-#   empty or undef disables quarantine;
+-#
+-# VARIANT 2:
+-#   a string NOT containing an '@';
+-# amavisd will behave as a local delivery agent (LDA) and will quarantine
+-# viruses to local files according to hash %local_delivery_aliases (pseudo
+-# aliases map) - see subroutine mail_to_local_mailbox() for details.
+-# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
+-# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
+-#
+-# * if $QUARANTINEDIR is a directory, each quarantined virus will go
+-#   to a separate file in the $QUARANTINEDIR directory (traditional
+-#   amavis style, similar to maildir mailbox format);
+-#
+-# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
+-#   mailbox. All quarantined messages will be appended to this file.
+-#   Amavisd child process must obtain an exclusive lock on the file during
+-#   delivery, so this may be less efficient than using individual files
+-#   or forwarding to MTA, and it may not work across NFS or other non-local
+-#   file systems (but may be handy for pickup of quarantined files via IMAP
+-#   for example);
+-#
+-# VARIANT 3:
+-#   any email address (must contain '@').
+-# The e-mail messages to be quarantined will be handed to MTA
+-# for delivery to the specified address. If a recipient address local to MTA
+-# is desired, you may leave the domain part empty, e.g. 'infected@', but the
+-# '@' character must nevertheless be included to distinguish it from variant 2.
+-#
+-# This method enables more refined delivery control made available by MTA
+-# (e.g. its aliases file, other local delivery agents, dealing with
+-# privileges and file locking when delivering to user's mailbox, nonlocal
+-# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
+-# will not be handed back to amavisd for checking, as this will cause a loop
+-# (hopefully broken at some stage)! If this can be assured, notifications
+-# will benefit too from not being unnecessarily virus-scanned.
+-#
+-# By default this is safe to do with Postfix and Exim v4 and dual-sendmail
+-# setup, but probably not safe with sendmail milter interface without
+-# precaution.
+-
+-# (the default value is undef, meaning no quarantine)
+-
+-$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine
+-#$virus_quarantine_to = 'infected@';           # forward to MTA for delivery
+-#$virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar
+-#$virus_quarantine_to = 'virus-quarantine at example.com';  # similar
+-#$virus_quarantine_to = undef;                 # no quarantine
+-#
+-#$virus_quarantine_to = new_RE(                # per-recip multiple quarantines
+-#  [qr'^user at example\.com$'i => 'infected@'],
+-#  [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
+-#  [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'],
+-#  [qr/.*/                   => 'virus-quarantine'] );
+-
+-# similar for spam
+-# (the default value is undef, meaning no quarantine)
+-#
+-#$spam_quarantine_to = 'spam-quarantine';
+-#$spam_quarantine_to = "spam-quarantine\@$mydomain";
+-#$spam_quarantine_to = new_RE(                 # per-recip multiple quarantines
+-#  [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
+-#  [qr/.*/                   => 'spam-quarantine'] );
+-
+-# In addition to per-recip quarantine, a by-sender lookup is possible. It is
+-# similar to $spam_quarantine_to, but the lookup key is the sender address:
+-#$spam_quarantine_bysender_to = undef;   # dflt: no by-sender spam quarantine
+-
+-
+-# Add X-Virus-Scanned header field to mail?
+-$X_HEADER_TAG = 'X-Virus-Scanned';	# (default: undef)
+-# Leave empty to add no header field	# (default: undef)
+-$X_HEADER_LINE = "by amavisd-new at $mydomain";
+-
+-# a string to prepend to Subject (for local recipients only) if mail could
+-# not be decoded or checked entirely, e.g. due to password-protected archives
+-$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it
+-
+-$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
+-#$remove_existing_x_scanned_headers= 1; # remove existing headers
+-					# (defaults to false)
+-#$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone
+-$remove_existing_spam_headers  = 1;     # remove existing spam headers if
+-					# spam scanning is enabled (default)
+-
+-# set $bypass_decode_parts to true if you only do spam scanning, or if you
+-# have a good virus scanner that can deal with compression and recursively
+-# unpacking archives by itself, and save amavisd the trouble.
+-# Disabling decoding also causes banned_files checking to only see
+-# MIME names and MIME content types, not the content classification types
+-# as provided by the file(1) utility.
+-# It is a double-edged sword, make sure you know what you are doing!
+-#
+-#$bypass_decode_parts = 1;		# (defaults to false)
+-
+-# don't trust this file type or corresponding unpacker for this file type,
+-# keep both the original and the unpacked file for a virus checker to see
+-# (lookup key is what file(1) utility returned):
+-#
+-$keep_decoded_original_re = new_RE(
+-# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
+-  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables
+-  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
+-# qr'^Zip archive data',
+-);
+-
+-
+-# Checking for banned MIME types and names. If any mail part matches,
+-# the whole mail is rejected, much like the way viruses are handled.
+-# A list in object $banned_filename_re can be defined to provide a list
+-# of Perl regular expressions to be matched against each part's:
+-#
+-#  * Content-Type value (both declared and effective mime-type),
+-#    including the possible security risk content types
+-#    message/partial and message/external-body, as specified by rfc2046;
+-#
+-#  * declared (i.e. recommended) file names as specified by MIME subfields
+-#    Content-Disposition.filename and Content-Type.name, both in their
+-#    raw (encoded) form and in rfc2047-decoded form if applicable;
+-#
+-#  * file content type as guessed by 'file(1)' utility, both the raw result
+-#    from file(1), as well as short type name, classified into names such as
+-#    .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe, ..., which is always
+-#    beginning with a dot - see subroutine determine_file_types().
+-#    This step is done only if $bypass_decode_parts is not true.
+-#
+-#  * leave $banned_filename_re undefined to disable these checks
+-#    (giving an empty list to new_RE() will also always return false)
+-
+-$banned_filename_re = new_RE(
+-#  qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
+-   qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # double extension
+-#  qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i,           # banned extension - basic
+-#  qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
+-#         jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
+-#         vbe|vbs|wsc|wsf|wsh)$'ix,                  # banned extension - long
+-#  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
+-#  qr'^\.(zip|lha|tnef|cab)$'i,                      # banned file(1) types
+-   qr'^\.exe$'i,                                     # banned file(1) types
+-   qr'^application/x-msdownload$'i,                  # banned MIME types
+-   qr'^application/x-msdos-program$'i,
+-#  qr'^message/partial$'i, qr'^message/external-body$'i, # block rfc2046
+-);
+-# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
+-# and http://www.cknow.com/vtutor/vtextensions.htm
+-
+-# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
+-# as well as any file name which happens to end with .exe. If only matching
+-# a file name is desired, but not the short name, a pattern qr'.\.exe$'i
+-# or similar may be used, which requires that at least one character precedes
+-# the '.exe', and so it will never match short file types, which always start
+-# with a dot.
+-
+-
+-#
+-# Section V - Per-recipient and per-sender handling, whitelisting, etc.
+-#
+-
+-# %virus_lovers, @virus_lovers_acl and $virus_lovers_re lookup tables:
+-#   (these should be considered policy options, they do not disable checks,
+-#   see bypass*checks for that!)
+-#
+-# Exclude certain RECIPIENTS from virus filtering by adding their lower-cased
+-# envelope e-mail address (or domain only) to the hash %virus_lovers, or to
+-# the access list @virus_lovers_acl - see README.lookups and examples.
+-# Make sure the appropriate form (e.g. external/internal) of address
+-# is used in case of virtual domains, or when mapping external to internal
+-# addresses, etc. - this is MTA-specific.
+-#
+-# Notifications would still be generated however (see the overall
+-# picture above), and infected mail (if passed) gets additional header:
+-#   X-AMaViS-Alert: INFECTED, message contains virus: ...
+-# (header not inserted with milter interface!)
+-#
+-# NOTE (milter interface only): in case of multiple recipients,
+-# it is only possible to drop or accept the message in its entirety - for all
+-# recipients. If all of them are virus lovers, we'll accept mail, but if
+-# at least one recipient is not a virus lover, we'll discard the message.
+-
+-
+-# %bypass_virus_checks, @bypass_virus_checks_acl and $bypass_virus_checks_re
+-# lookup tables:
+-#   (this is mainly a time-saving option, unlike virus_lovers* !)
+-#
+-# Similar in concept to %virus_lovers, a hash %bypass_virus_checks,
+-# access list @bypass_virus_checks_acl and regexp list $bypass_virus_checks_re
+-# are used to skip entirely the decoding, unpacking and virus checking,
+-# but only if ALL recipients match the lookup.
+-#
+-# %bypass_virus_checks/@bypass_virus_checks_acl/$bypass_virus_checks_re
+-# do NOT GUARANTEE the message will NOT be checked for viruses - this may
+-# still happen when there is more than one recipient for a message, and
+-# not all of them match these lookup tables. To guarantee virus delivery,
+-# a recipient must also match %virus_lovers/@virus_lovers_acl lookups
+-# (but see milter limitations above),
+-
+-# NOTE: it would not be clever to base virus checks on SENDER address,
+-# since there are no guarantees that it is genuine. Many viruses
+-# and spam messages fake sender address. To achieve selective filtering
+-# based on the source of the mail (e.g. IP address, MTA port number, ...),
+-# use mechanisms provided by MTA if available.
+-
+-
+-# Similar to lookup tables controlling virus checking, there exist
+-# spam scanning, banned names/types, and headers_checks control counterparts:
+-#   %spam_lovers, @spam_lovers_acl, $spam_lovers_re
+-#   %banned_files_lovers, @banned_files_lovers_acl, $banned_files_lovers_re
+-#   %bad_header_lovers, @bad_header_lovers_acl, $bad_header_lovers_re
+-# and:
+-#   %bypass_spam_checks/@bypass_spam_checks_acl/$bypass_spam_checks_re
+-#   %bypass_banned_checks/@bypass_banned_checks_acl/$bypass_banned_checks_re
+-#   %bypass_header_checks/@bypass_header_checks_acl/$bypass_header_checks_re
+-# See README.lookups for details about the syntax.
+-
+-# The following example disables spam checking altogether,
+-# since it matches any recipient e-mail address (any address
+-# is a subdomain of the top-level root DNS domain):
+-#   @bypass_spam_checks_acl = qw( . );
+-
+-#   @bypass_header_checks_acl = qw( user at example.com );
+-#   @bad_header_lovers_acl    = qw( user at example.com );
+-
+-
+-# See README.lookups for further detail, and examples below.
+-
+-# $virus_lovers{lc("postmaster\@$mydomain")} = 1;
+-# $virus_lovers{lc('postmaster at example.com')} = 1;
+-# $virus_lovers{lc('abuse at example.com')} = 1;
+-# $virus_lovers{lc('some.user@')} = 1;  # this recipient, regardless of domain
+-# $virus_lovers{lc('boss at example.com')} = 0; # never, even if domain matches
+-# $virus_lovers{lc('example.com')} = 1; # this domain, but not its subdomains
+-# $virus_lovers{lc('.example.com')}= 1; # this domain, including its subdomains
+-#or:
+-# @virus_lovers_acl = qw( me at lab.xxx.com !lab.xxx.com .xxx.com yyy.org );
+-#
+-# $bypass_virus_checks{lc('some.user2 at butnot.example.com')} = 1;
+-# @bypass_virus_checks_acl = qw( some.ddd !butnot.example.com .example.com );
+-
+-# @virus_lovers_acl = qw( postmaster at example.com );
+-# $virus_lovers_re = new_RE( qr'^(helpdesk|postmaster)@example\.com$'i );
+-
+-# $spam_lovers{lc("postmaster\@$mydomain")} = 1;
+-# $spam_lovers{lc('postmaster at example.com')} = 1;
+-# $spam_lovers{lc('abuse at example.com')} = 1;
+-# @spam_lovers_acl = qw( !.example.com );
+-# $spam_lovers_re = new_RE( qr'^user at example\.com$'i );
+-
+-
+-# don't run spam check for these RECIPIENT domains:
+-#   @bypass_spam_checks_acl = qw( d1.com .d2.com a.d3.com );
+-# or the other way around (bypass check for all BUT these):
+-#   @bypass_spam_checks_acl = qw( !d1.com !.d2.com !a.d3.com . );
+-# a practical application: don't check outgoing mail for spam:
+-#   @bypass_spam_checks_acl = ( "!.$mydomain", "." );
+-# (a downside of which is that such mail will not count as ham in SA bayes db)
+-
+-
+-# Where to find SQL server(s) and database to support SQL lookups?
+-# A list of triples: (dsn,user,passw).   (dsn = data source name)
+-# More than one entry may be specified for multiple (backup) SQL servers.
+-# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.
+-# When chroot-ed, accessing SQL server over inet socket may be more convenient.
+-#
+-# @lookup_sql_dsn =
+-#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
+-#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] );
+-#
+-# ('mail' in the example is the database name, choose what you like)
+-# With PostgreSQL the dsn (first element of the triple) may look like:
+-#      'DBI:Pg:host=host1;dbname=mail'
+-
+-# The SQL select clause to fetch per-recipient policy settings.
+-# The %k will be replaced by a comma-separated list of query addresses
+-# (e.g. full address, domain only, catchall).  Use ORDER, if there
+-# is a chance that multiple records will match - the first match wins.
+-# If field names are not unique (e.g. 'id'), the later field overwrites the
+-# earlier in a hash returned by lookup, which is why we use '*,users.id'.
+-# No need to uncomment the following assignment if the default is ok.
+-#   $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
+-#     ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
+-#     ' ORDER BY users.priority DESC';
+-#
+-# The SQL select clause to check sender in per-recipient whitelist/blacklist
+-# The first SELECT argument '?' will be users.id from recipient SQL lookup,
+-# the %k will be sender addresses (e.g. full address, domain only, catchall).
+-# The default value is:
+-#   $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
+-#     ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
+-#     '   AND (mailaddr.email IN (%k))'.
+-#     ' ORDER BY mailaddr.priority DESC';
+-#
+-# To disable SQL white/black list, set to undef (otherwise comment-out
+-# the following statement, leaving it at the default value):
+-$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting
+-
+-
+-# If you decide to pass viruses (or spam) to certain recipients using the
+-# above lookup tables or using $final_virus_destiny=D_PASS, you can set
+-# the variable $addr_extension_virus ($addr_extension_spam) to some
+-# string, and the recipient address will have this string appended
+-# as an address extension to the local-part of the address. This extension
+-# can be used by final local delivery agent to place such mail in different
+-# folders. Leave these two variables undefined or empty strings to prevent
+-# appending address extensions. Setting has no effect on recipient which will
+-# not be receiving viruses/spam. Recipients who do not match lookup tables
+-# local_domains* are not affected.
+-#
+-# LDAs usually default to stripping away address extension if no special
+-# handling is specified, so having this option enabled normally does no harm,
+-# provided the $recipients_delimiter matches the setting on the final
+-# MTA's LDA.
+-
+-# $addr_extension_virus  = 'virus';	# (default is undef, same as empty)
+-# $addr_extension_spam   = 'spam';	# (default is undef, same as empty)
+-# $addr_extension_banned = 'banned';	# (default is undef, same as empty)
+-
+-
+-# Delimiter between local part of the recipient address and address extension
+-# (which can optionally be added, see variables $addr_extension_virus and
+-# $addr_extension_spam). E.g. recipient address <user at example.com> gets changed
+-# to <user+virus at example.com>.
+-#
+-# Delimiter should match equivalent (final) MTA delimiter setting.
+-# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
+-# Setting it to an empty string or to undef disables this feature
+-# regardless of $addr_extension_virus and $addr_extension_spam settings.
+-
+-$recipient_delimiter = '+';		# (default is '+')
+-
+-# true: replace extension;  false: append extension
+-# $replace_existing_extension = 1;	# (default is false)
+-
+-# Affects matching of localpart of e-mail addresses (left of '@')
+-# in lookups: true = case sensitive, false = case insensitive
+-$localpart_is_case_sensitive = 0;	# (default is false)
+-
+-
+-# ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT)
+-# (affects spam checking only, has no effect on virus and other checks)
+-
+-# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted
+-# senders even if the message would be recognized as spam. Effectively, for
+-# the specified senders, message recipients temporarily become 'spam_lovers'.
+-# To avoid surprises, whitelisted sender also suppresses inserting/editing
+-# the tag2-level header fields (X-Spam-*, Subject), appending spam address
+-# extension, and quarantining.
+-
+-# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
+-# Effectively, for messages from blacklisted senders, spam level
+-# is artificially pushed high, and the normal spam processing applies,
+-# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
+-# reactions to spam, including possible rejection. If the message nevertheless
+-# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED
+-# in the 'X-Spam-Status' header field, but the reported spam value and
+-# set of tests in this report header field (if available from SpamAssassin,
+-# which may have not been called) is not adjusted.
+-#
+-# A sender may be both white- and blacklisted at the same time, settings
+-# are independent. For example, being both white- and blacklisted, message
+-# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;
+-# X-Spam-Status: No, ...), but the reported spam level (if computed) may
+-# still indicate high spam score.
+-#
+-# If ALL recipients of the message either white- or blacklist the sender,
+-# spam scanning (calling the SpamAssassin) is bypassed, saving on time.
+-#
+-# The following variables (lookup tables) are available, with the semantics
+-# and syntax as specified in README.lookups:
+-#
+-# %whitelist_sender, @whitelist_sender_acl, $whitelist_sender_re
+-# %blacklist_sender, @blacklist_sender_acl, $blacklist_sender_re
+-
+-# SOME EXAMPLES:
+-#
+-#ACL:
+-# @whitelist_sender_acl = qw( .example.com );
+-#
+-# @whitelist_sender_acl = ( ".$mydomain" );  # $mydomain and its subdomains
+-# NOTE: This is not a reliable way of turning off spam checks for
+-#       locally-originating mail, as sender address can easily be faked.
+-#       To reliably avoid spam-scanning outgoing mail,
+-#       use @bypass_spam_checks_acl .
+-
+-#RE:
+-# $whitelist_sender_re = new_RE(
+-#   qr'^postmaster at .*\bexample\.com$'i,
+-#   qr'^owner-[^@]*@'i,  qr'-request@'i,
+-#   qr'\.example\.com$'i );
+-#
+-$blacklist_sender_re = new_RE(
+-    qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
+-    qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i,
+-    qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
+-    qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
+-    qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
+-    qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
+-);
+-
+-#HASH lookup variant:
+-# NOTE: Perl operator qw splits its argument string by whitespace
+-# and produces a list. This means that addresses can not contain
+-# whitespace, and there is no provision for comments within the string.
+-# You can use the normal Perl list syntax if you have special requirements,
+-# e.g. map {...} ('one user at bla', '.second.com'), or use read_hash to read
+-# addresses from a file.
+-#
+-
+-# a hash lookup table can be read from a file,
+-# one address per line, comments and empty lines are permitted:
+-#
+-# read_hash(\%whitelist_sender, '@amavisd_home@/whitelist_sender');
+-
+-# ... or set directly:
+-
+-# $whitelist_sender{''} = 1;  # don't spam-check MTA bounces
+-
+-map { $whitelist_sender{lc($_)}=1 } (qw(
+-  nobody at cert.org
+-  owner-alert at iss.net
+-  slashdot at slashdot.org
+-  bugtraq at securityfocus.com
+-  NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM
+-  security-alerts at linuxsecurity.com
+-  amavis-user-admin at lists.sourceforge.net
+-  notification-return at lists.sophos.com
+-  mailman-announce-admin at python.org
+-  owner-postfix-users at postfix.org
+-  owner-postfix-announce at postfix.org
+-  owner-sendmail-announce at Lists.Sendmail.ORG
+-  owner-technews at postel.ACM.ORG
+-  lvs-users-admin at LinuxVirtualServer.org
+-  ietf-123-owner at loki.ietf.org
+-  cvs-commits-list-admin at gnome.org
+-  rt-users-admin at lists.fsck.com
+-  clp-request at comp.nus.edu.sg
+-  surveys-errors at lists.nua.ie
+-  emailNews at genomeweb.com
+-  owner-textbreakingnews at CNNIMAIL12.CNN.COM
+-  yahoo-dev-null at yahoo-inc.com
+-  returns.groups.yahoo.com
+-));
+-
+-
+-# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
+-
+-# The same semantics as for global white/blacklisting applies, but this
+-# time each recipient (or its domain, or subdomain, ...) can be given
+-# an individual lookup table for matching senders. The per-recipient lookups
+-# override the global lookups, which serve as a fallback default.
+-
+-# Specify a two-level lookup table: the key for the outer table is recipient,
+-# and the result should be an inner lookup table (hash or ACL or RE),
+-# where the key used will be the sender.
+-#
+-#$per_recip_blacklist_sender_lookup_tables = {
+-# 'user1 at my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
+-# 'user2 at my.example.com'=>[qw( spammer at d1.example,org .d2.example,org )],
+-#};
+-#$per_recip_whitelist_sender_lookup_tables = {
+-# 'user at my.example.com' => [qw( friend at example.org .other.example.org )],
+-# '.my1.example.com'    => [qw( !foe.other.example,org .other.example,org )],
+-# '.my2.example.com'    => read_hash('@amavisd_home@/my2-wl.dat'),
+-# 'abuse@' => { 'postmaster@'=>1,
+-#               'cert-advisory-owner at cert.org'=>1, 'owner-alert at iss.net'=>1 },
+-#};
+-
+-
+-#
+-# Section VI - Resource limits
+-#
+-
+-# Sanity limit to the number of allowed recipients per SMTP transaction
+-# $smtpd_recipient_limit = 1000;  # (default is 1000)
+-
+-# Resource limits to protect unpackers, decompressors and virus scanners
+-# against mail bombs (e.g. 42.zip)
+-
+-
+-# Maximum recursion level for extraction/decoding (0 or undef disables limit)
+-$MAXLEVELS = 14;		# (default is undef, no limit)
+-
+-# Maximum number of extracted files (0 or undef disables the limit)
+-$MAXFILES = 1500;		# (default is undef, no limit)
+-
+-# For the cumulative total of all decoded mail parts we set max storage size
+-# to defend against mail bombs. Even though parts may be deleted (replaced
+-# by decoded text) during decoding, the size they occupied is _not_ returned
+-# to the quota pool.
+-#
+-# Parameters to storage quota formula for unpacking/decoding/decompressing
+-#   Formula:
+-#     quota = max($MIN_EXPANSION_QUOTA,
+-#                 $mail_size*$MIN_EXPANSION_FACTOR,
+-#                 min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
+-#   In plain words (later condition overrules previous ones):
+-#     allow MAX_EXPANSION_FACTOR times initial mail size,
+-#     but not more than MAX_EXPANSION_QUOTA,
+-#     but not less than MIN_EXPANSION_FACTOR times initial mail size,
+-#     but never less than MIN_EXPANSION_QUOTA
+-#
+-$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
+-$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
+-$MIN_EXPANSION_FACTOR =   5;  # times original mail size  (must be specified)
+-$MAX_EXPANSION_FACTOR = 500;  # times original mail size  (must be specified)
+-
+-
+-#
+-# Section VII - External programs, virus scanners
+-#
+-
+-# Specify a path string, which is a colon-separated string of directories
+-# (no trailing slashes!) to be assigned to the environment variable PATH
+-# and to serve for locating external programs below.
+-
+-# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
+-#       relative to the chroot directory specified;
+-
+-$path = '@sbindir@:@bindir@:/usr/sbin:/sbin:/usr/bin:/bin';
+-
+-# Specify one string or a search list of strings (first match wins).
+-# The string (or: each string in a list) may be an absolute path,
+-# or just a program name, to be located via $path;
+-# Empty string or undef (=default) disables the use of that external program.
+-# Optionally command arguments may be specified - only the first substring
+-# up to the whitespace is used for file searching.
+-
+-$file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability
+-
+-$gzip   = 'gzip';
+-$bzip2  = 'bzip2';
+-$lzop   = 'lzop';
+-$uncompress = ['uncompress', 'gzip -d', 'zcat'];
+-$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
+-$arc        = ['nomarch', 'arc'];
+-$unarj      = ['arj', 'unarj'];  # both can extract, arj is recommended
+-$unrar      = ['rar', 'unrar'];  # both can extract, same options
+-$zoo    = 'zoo';
+-$lha    = 'lha';
+-$cpio   = ['gcpio','cpio']; # gcpio is a GNU cpio on OpenBSD, which supports
+-                            # the options needed; the rest of us use cpio
+-
+-
+-# SpamAssassin settings
+-
+-# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
+-# of the option local_tests_only. See Mail::SpamAssassin man page.
+-# If set to 1, SA tests are restricted to local tests only, i.e. no tests
+-# that require internet access will be performed.
+-#
+-$sa_local_tests_only = 1;   # (default: false)
+-#$sa_auto_whitelist = 1;    # turn on AWL (default: false)
+-
+-$sa_timeout = 30;           # timeout in seconds for a call to SpamAssassin
+-			    # (default is 30 seconds, undef disables it)
+-$sa_mail_body_size_limit = 150*1024; # don't waste time on SA if mail is larger
+-			    # (less than 1% of spam is > 64k)
+-			    # default: undef, no limitations
+-
+-# default values, can be overridden by more specific lookups, e.g. SQL
+-$sa_tag_level_deflt  = 3.0; # add spam info headers if at, or above that level
+-$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level
+-$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
+-			    # at or above that level: bounce/reject/drop,
+-			    # quarantine, and adding mail address extension
+-
+-#$sa_dsn_cutoff_level = 10;  # spam level beyond which a DSN is not sent,
+-                            # effectively turning D_BOUNCE into D_DISCARD;
+-                            # undef disables this feature and is a default;
+-
+-#
+-# The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt
+-# may also be hashrefs to hash lookup tables, to make static per-recipient
+-# settings possible without having to resort to SQL or LDAP lookups.
+-
+-# a quick reference:
+-#   tag_level  controls adding the X-Spam-Status and X-Spam-Level headers,
+-#   tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
+-#   kill_level controls 'evasive actions' (reject, quarantine, extensions);
+-# it only makes sense to maintain the relationship:
+-# tag_level <= tag2_level <= kill_level < $sa_dsn_cutoff_level
+-
+-# string to prepend to Subject header field when message exceeds tag2 level
+-$sa_spam_subject_tag = '***SPAM*** ';	# (defaults to undef, disabled)
+-			     # (only seen when spam is not to be rejected
+-			     # and recipient is in local_domains*)
+-
+-#$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
+-
+-# Example: modify Subject for all local recipients except user at example.com
+-#$sa_spam_modifies_subj = [qw( !user at example.com . )];
+-
+-
+-# @av_scanners is a list of n-tuples, where fields semantics is:
+-#  1. av scanner plain name, to be used in log and reports;
+-#  2. scanner program name; this string will be submitted to subroutine
+-#     find_external_programs(), which will try to find the full program
+-#     path name; if program is not found, this scanner is disabled.
+-#     Besides a simple string (full program path name or just the basename
+-#     to be looked for in PATH), this may be an array ref of alternative
+-#     program names or full paths - the first match in the list will be used;
+-#     As a special case for more complex scanners, this field may be
+-#     a subroutine reference, and the whole n-tuple is passed to it as args.
+-#  3. command arguments to be given to the scanner program;
+-#     a substring {} will be replaced by the directory name to be scanned,
+-#     i.e. "$tempdir/parts", a "*" will be replaced by file names of parts;
+-#  4. an array ref of av scanner exit status values, or a regexp (to be
+-#     matched against scanner output), indicating NO VIRUSES found;
+-#  5. an array ref of av scanner exit status values, or a regexp (to be
+-#     matched against scanner output), indicating VIRUSES WERE FOUND;
+-#     Note: the virus match prevails over a 'not found' match, so it is safe
+-#     even if the no. 4. matches for viruses too;
+-#  6. a regexp (to be matched against scanner output), returning a list
+-#     of virus names found.
+-#  7. and 8.: (optional) subroutines to be executed before and after scanner
+-#     (e.g. to set environment or current directory);
+-#     see examples for these at KasperskyLab AVP and Sophos sweep.
+-
+-# NOTES:
+-#
+-# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
+-#   whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
+-#   (which can be handy if all you want to do is spam scanning);
+-#
+-# - the order matters: although _all_ available entries from the list are
+-#   always tried regardless of their verdict, scanners are run in the order
+-#   specified: the report from the first one detecting a virus will be used
+-#   (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
+-#
+-# - it doesn't hurt to keep an unused command line scanner entry in the list
+-#   if the program can not be found; the path search is only performed once
+-#   during the program startup;
+-#
+-#   COROLLARY: to disable a scanner that _does_ exist on your system,
+-#   comment out its entry or use undef or '' as its program name/path
+-#   (second parameter). An example where this is almost a must: disable
+-#   Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
+-#   (same for Trophie/vscan, and clamd/@bindir@/clamscan), or if another unrelated
+-#   program happens to have a name matching one of the entries ('sweep'
+-#   again comes to mind);
+-#
+-# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
+-#   for interfacing (where the second parameter starts with \&).
+-#   Keeping such entry and not having a corresponding virus scanner daemon
+-#   causes an unnecessary connection attempt (which eventually times out,
+-#   but it wastes precious time). For this reason the daemonized entries
+-#   are commented in the distribution - just remove the '#' where needed.
+-#
+-# CERT list of av resources: http://www.cert.org/other_sources/viruses.html
+-
+- at av_scanners = (
+-
+-# ### http://www.vanja.com/tools/sophie/
+-# ['Sophie',
+-#   \&ask_daemon, ["{}/\n", '/var/run/sophie'],
+-#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
+-#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
+-
+-# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
+-# ['Sophos SAVI', \&sophos_savi ],
+-
+- ### http://www.clamav.net/
+- ['Clam Antivirus-clamd',
+-   \&ask_daemon, ["CONTSCAN {}\n", "@clamav_socket@"],
+-   qr/\bOK$/, qr/\bFOUND$/,
+-   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+- # NOTE: run clamd under the same user as amavisd;  match the socket
+- # name (LocalSocket) in clamav.conf to the socket name in this entry
+- # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
+-
+-# ### http://www.openantivirus.org/
+-# ['OpenAntiVirus ScannerDaemon (OAV)',
+-#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
+-#   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
+-
+-# ### http://www.vanja.com/tools/trophie/
+-# ['Trophie',
+-#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
+-#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
+-#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
+-
+-# ### http://www.grisoft.com/
+-# ['AVG Anti-Virus',
+-#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
+-#   qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],
+-
+-# ### http://www.f-prot.com/
+-# ['FRISK F-Prot Daemon',
+-#   \&ask_daemon,
+-#   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
+-#     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
+-#      '127.0.0.1:10203','127.0.0.1:10204'] ],
+-#   qr/(?i)<summary[^>]*>clean<\/summary>/,
+-#   qr/(?i)<summary[^>]*>infected<\/summary>/,
+-#   qr/(?i)<name>(.+)<\/name>/ ],
+-
+-  ['KasperskyLab AVP - aveclient',
+-    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
+-     '/opt/kav/bin/aveclient','aveclient'],
+-    '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
+-    qr/(?:INFECTED|SUSPICION) (.+)/,
+-  ],
+-
+-  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
+-    '-* -P -B -Y -O- {}', [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
+-    qr/infected: (.+)/,
+-    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
+-    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+-  ],
+-
+-  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
+-  ### products and replaced by aveserver and aveclient
+-  ['KasperskyLab AVPDaemonClient',
+-    [ '/opt/AVP/kavdaemon',       'kavdaemon',
+-      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
+-      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
+-      '/opt/AVP/avpdc', 'avpdc' ],
+-    "-f=$TEMPBASE {}", [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
+-    qr/infected: ([^\r\n]+)/ ],
+-    # change the startup-script in /etc/init.d/kavd to:
+-    #   DPARMS="-* -Y -dl -f=@amavisd_home@ @amavisd_home@"
+-    #   (or perhaps:   DPARMS="-I0 -Y -* @localstatedir@/amavis" )
+-    # adjusting @localstatedir@/amavis above to match your $TEMPBASE.
+-    # The '-f=@amavisd_home@' is needed if not running it as root, so it
+-    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
+-    # defUnix.prf: there must be an entry "*@localstatedir@/amavis" (or whatever
+-    #   directory $TEMPBASE specifies) in the 'Names=' section.
+-    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
+-    # cp AvpDaemonClient /opt/AVP/
+-    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
+-
+-  ### http://www.hbedv.com/ or http://www.centralcommand.com/
+-  ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
+-    ['antivir','vexira'],
+-    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
+-    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
+-         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
+-    # NOTE: if you only have a demo version, remove -z and add 214, as in:
+-    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
+-
+-  ### http://www.commandsoftware.com/
+-  ['Command AntiVirus for Linux', 'csav',
+-    '-all -archive -packed {}', [50], [51,52,53],
+-    qr/Infection: (.+)/ ],
+-
+-  ### http://www.symantec.com/
+-  ['Symantec CarrierScan via Symantec CommandLineScanner',
+-    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
+-    qr/^Files Infected:\s+0$/, qr/^Infected\b/,
+-    qr/^(?:Info|Virus Name):\s+(.+)/ ],
+-
+-  ### http://www.symantec.com/
+-  ['Symantec AntiVirus Scan Engine',
+-    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
+-    [0], qr/^Infected\b/,
+-    qr/^(?:Info|Virus Name):\s+(.+)/ ],
+-    # NOTE: check options and patterns to see which entry better applies
+-
+-  ### http://www.sald.com/, http://drweb.imshop.de/
+-  ['drweb - DrWeb Antivirus',
+-    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
+-    '-path={} -al -go -ot -cn -upn -ok-',
+-    [0,32], [1,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
+-
+-# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
+-# ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
+-#   [pack('N',1).  # DRWEBD_SCAN_CMD
+-#    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
+-#    pack('N',     # path length
+-#      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/part-xxxxx")).
+-#    '{}/*'.       # path
+-#    pack('N',0).  # content size
+-#    pack('N',0),
+-#    '/var/drweb/run/drwebd.sock'],  # or '127.0.0.1:3000'
+-#   qr/\A\x00(\x10|\x11)\x00\x00/s,              # IS_CLEAN, EVAL_KEY
+-#   qr/\A\x00(\x00|\x01)\x00(\x20|\x40|\x80)/s,  # KNOWN_V, UNKNOWN_V, V._MODIF
+-#   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
+-# ],
+-# # NOTE: If you are using amavis-milter, change length to:
+-# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/part-xxxxx").
+-
+-  ### http://www.f-secure.com/products/anti-virus/
+-  ['F-Secure Antivirus', 'fsav',
+-   '--dumb --mime --archive {}', [0], [3,8],
+-   qr/(?:infection|Infected|Suspected): (.+)/ ],
+-
+-  ['CAI InoculateIT', 'inocucmd',
+-    '-sec -nex {}', [0], [100],
+-    qr/was infected by virus (.+)/ ],
+-
+-  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
+-    '-s {}/*', [0], [1,2],
+-    qr/--[ \t]*(.+)/ ], 
+-
+-  ['MkS_Vir daemon',
+-    'mksscan', '-s -q {}', [0], [1..7],
+-    qr/^... (\S+)/ ],
+-
+-  ### http://www.nod32.com/
+-  ['ESET Software NOD32', 'nod32',
+-    '-all -subdir+ {}', [0], [1,2],
+-    qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
+-
+-  ### http://www.nod32.com/
+-  ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
+-    '-a -r -d recurse --heur standard {}', [0], [10,11],
+-    qr/^\S+\s+infected:\s+(.+)/ ],
+-
+-  ### http://www.norman.com/products_nvc.shtml
+-  ['Norman Virus Control v5 / Linux', 'nvccmd',
+-    '-c -l:0 -s -u {}', [0], [1],
+-    qr/(?i).* virus in .* -> \'(.+)\'/ ],
+-
+-  ### http://www.pandasoftware.com/
+-  ['Panda Antivirus for Linux', ['pavcl'],
+-    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
+-    qr/Number of files infected[ .]*: 0(?!\d)/,
+-    qr/Number of files infected[ .]*: 0*[1-9]/,
+-    qr/Found virus :\s*(\S+)/ ],
+-
+-# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
+-# Check your RAV license terms before fiddling with the following two lines!
+-# ['GeCAD RAV AntiVirus 8', 'ravav',
+-#   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
+-# # NOTE: the command line switches changed with scan engine 8.5 !
+-# # (btw, assigning stdin to /dev/null causes RAV to fail)
+-
+-  ### http://www.nai.com/
+-  ['NAI McAfee AntiVirus (@bindir@/uvscan)', '@bindir@/uvscan',
+-    '--secure -rv --mime --summary --noboot - {}', [0], [13],
+-    qr/(?x) Found (?:
+-        \ the\ (.+)\ (?:virus|trojan)  |
+-        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
+-        :\ (.+)\ NOT\ a\ virus)/,
+-  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
+-  # sub {delete $ENV{LD_PRELOAD}},
+-  ],
+-  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
+-  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
+-  # and then clear it when finished to avoid confusing anything else.
+-  # NOTE2: to treat encrypted files as viruses replace the [13] with:
+-  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
+-
+-  ### http://www.virusbuster.hu/en/
+-  ['VirusBuster', ['vbuster', 'vbengcl'],
+-    # VirusBuster Ltd. does not support the daemon version for the workstation 
+-    # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
+-    # binaries, some parameters AND return codes (from 3 to 1) changed.
+-    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
+-    qr/: '(.*)' - Virus/ ],
+-
+-# ### http://www.virusbuster.hu/en/
+-# ['VirusBuster (Client + Daemon)', 'vbengd',
+-#   # HINT: for an infected file it returns always 3,
+-#   # although the man-page tells a different story
+-#   '-f -log scandir {}', [0], [3],
+-#   qr/Virus found = (.*);/ ],
+-
+-  ### http://www.cyber.com/
+-  ['CyberSoft VFind', 'vfind',
+-    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
+-  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
+-  ],
+-
+-  ### http://www.ikarus-software.com/
+-  ['Ikarus AntiVirus for Linux', 'ikarus',
+-    '{}', [0], [40], qr/Signature (.+) found/ ],
+-
+-  ### http://www.bitdefender.com/
+-  ['BitDefender', 'bdc',
+-    '--all --arc --mail {}', qr/^Infected files *:0(?!\d)/,
+-    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
+-    qr/(?:suspected|infected): (.*)$/ ],
+-
+-);
+-
+-# If no virus scanners from the @av_scanners list produce 'clean' nor
+-# 'infected' status (e.g. they all fail to run or the list is empty),
+-# then _all_ scanners from the @av_scanners_backup list are tried.
+-# When there are both daemonized and command-line scanners available,
+-# it is customary to place slower command-line scanners in the
+-# @av_scanners_backup list. The default choice is somewhat arbitrary,
+-# move entries from one list to another as desired.
+-
+- at av_scanners_backup = (
+-
+-  ### http://www.clamav.net/
+-  ['Clam Antivirus - @bindir@/clamscan', '@bindir@/clamscan',
+-    '--stdout --no-summary -r {}', [0], [1],
+-    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+-
+-  ### http://www.f-prot.com/
+-  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
+-    '-dumb -archive -packed {}', [0,8], [3,6],
+-    qr/Infection: (.+)/ ],
+-
+-  ### http://www.trendmicro.com/
+-  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
+-    '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
+-
+-  ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
+-    '-i1 -xp {}', [0,10,15], [5,20,21,25],
+-    qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
+-    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
+-    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+-  ],
+-
+-# Commented out because the name 'sweep' clashes with the Debian package of
+-# the same name. Make sure the correct sweep is found in the path when enabling
+-#
+-# ### http://www.sophos.com/
+-# ['Sophos Anti Virus (sweep)', 'sweep',
+-#   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
+-#   [0,2], qr/Virus .*? found/,
+-#   qr/^>>> Virus(?:(?: fragment)? '?(.+?)'? found)/,
+-# ],
+-# # other options to consider: -mime -oe -idedir=/usr/local/sav
+-
+-# always succeeds (uncomment to consider mail clean if all other scanners fail)
+-# ['always-clean', sub {0}],
+-
+-);
+-
+-
+-#
+-# Section VIII - Debugging
+-#
+-
+-# The most useful debugging tool is to run amavisd-new non-detached
+-# from a terminal window:  # amavisd debug
+-
+-# Some more refined approaches:
+-
+-# If sender matches ACL, turn log level fully up, just for this one message,
+-# and preserve temporary directory
+-#@debug_sender_acl = ( "test-sender\@$mydomain" );
+-#@debug_sender_acl = qw( debug at example.com );
+-
+-# May be useful along with @debug_sender_acl:
+-# Prevent all decoded originals being deleted (replaced by decoded part)
+-#$keep_decoded_original_re = new_RE( qr/.*/ );
+-
+-# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
+-#$sa_debug = 1;            # defaults to false
+-
+-#
+-# Section IX - Policy banks (dynamic policy switching)
+-#
+-
+-# the name 'MYUSERS' has special semantics: this policy bank gets loaded
+-# whenever the sender matches local_domains_maps. This only makes sense if
+-# local sender addresses can be trusted -- for example by requireing
+-# authentication before letting the users send with their local address.
+-
+- at mynetworks = qw( @@@postfix-mynetworks|join( )@@@ );
+-
+-$policy_bank{'MYUSERS'} = {  # mail from authenticated users on this system
+-  # Bounce only to local users
+-  final_virus_destiny      => D_BOUNCE,
+-  final_banned_destiny     => D_BOUNCE,
+-  warnvirusrecip_maps => undef,	# (defaults to false (undef))
+-  warnbannedrecip_maps => undef,# (defaults to false (undef))
+-  warnvirussender => 1,
+-  warnbannedsender => 1,
+-};
+-
+-
+-#-------------
+-1;  # insure a defined return
++1;

Modified: kolabd/trunk/debian/patches/series
===================================================================
--- kolabd/trunk/debian/patches/series	2010-06-17 19:28:41 UTC (rev 1497)
+++ kolabd/trunk/debian/patches/series	2010-06-17 20:40:55 UTC (rev 1498)
@@ -1,7 +1,9 @@
 10-dist_conf.diff
-55-no-distconf_kolabsrv.diff 
-70-kolab2.schema-removal.of.rfc2739.diff 
-90-slapd-template.diff 
-91-postfix-template.diff 
+55-no-distconf_kolabsrv.diff
+70-kolab2.schema-removal.of.rfc2739.diff
+90-slapd-template.diff
+91-postfix-template.diff
+92-cyrus-template.diff
+93-amavisd-template.diff
 95-resmgr-issue1383-issue2499.diff
 96-imap-user-group.diff




More information about the pkg-kolab-devel mailing list