You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

SNFMilter_minute.xml 8.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192
  1. <!-- SNFMulti V3.0 Configuration File, Setup: Typical of SNFMilter -->
  2. <!-- http://www.armresearch.com/support/articles/software/snfServer/config/snfEngine.jsp -->
  3. <!-- Milter specific settings are found in the <platform/> section -->
  4. <snf>
  5. <node identity='/etc/snf-milter/identity.xml'>
  6. <paths>
  7. <log path='/var/log/snf-milter/'/>
  8. <rulebase path='/usr/share/snf-milter/'/>
  9. <workspace path='/usr/share/snf-milter/'/>
  10. </paths>
  11. <logs>
  12. <rotation localtime='no'/>
  13. <status>
  14. <second log='no' append='no'/>
  15. <minute log='yes' append='yes'/>
  16. <hour log='no' append='no'/>
  17. </status>
  18. <scan>
  19. <identifier force-message-id='no'/>
  20. <classic mode='none' rotate='yes' matches='unique'/>
  21. <xml mode='file' rotate='yes' matches='unique' performance='yes' gbudb='yes'/>
  22. <xheaders>
  23. <output mode='api'/>
  24. <version on-off='off'>X-MessageSniffer-Version</version>
  25. <license on-off='off'>X-MessageSniffer-License</license>
  26. <rulebase on-off='off'>X-MessageSniffer-RulebaseUTC</rulebase>
  27. <identifier on-off='off'>X-MessageSniffer-Identifier</identifier>
  28. <gbudb on-off='on'>X-GBUdb-Analysis</gbudb>
  29. <result on-off='off'>X-MessageSniffer-Scan-Result</result>
  30. <matches on-off='on'>X-MessageSniffer-Rules</matches>
  31. <black on-off='off'>X-MessageSniffer-Spam: Yes</black>
  32. <white on-off='off'>X-MessageSniffer-White: Yes</white>
  33. <clean on-off='off'>X-MessageSniffer-Clean: Yes</clean>
  34. <symbol on-off='off' n='0'>X-MessageSniffer-SNF-Group: OK</symbol>
  35. <symbol on-off='off' n='20'>X-MessageSniffer-SNF-Group: Truncated</symbol>
  36. <symbol on-off='off' n='30'>X-MessageSniffer-SNF-Group: Caution</symbol>
  37. <symbol on-off='off' n='63'>X-MessageSniffer-SNF-Group: Black</symbol>
  38. <symbol on-off='off' n='62'>X-MessageSniffer-SNF-Group: Obfuscation</symbol>
  39. <symbol on-off='off' n='61'>X-MessageSniffer-SNF-Group: Abstract</symbol>
  40. <symbol on-off='off' n='60'>X-MessageSniffer-SNF-Group: General</symbol>
  41. <symbol on-off='off' n='59'>X-MessageSniffer-SNF-Group: Casinos-Gambling</symbol>
  42. <symbol on-off='off' n='58'>X-MessageSniffer-SNF-Group: Debt-Credit</symbol>
  43. <symbol on-off='off' n='57'>X-MessageSniffer-SNF-Group: Get-Rich</symbol>
  44. <symbol on-off='off' n='56'>X-MessageSniffer-SNF-Group: Ink-Toner</symbol>
  45. <symbol on-off='off' n='55'>X-MessageSniffer-SNF-Group: Malware</symbol>
  46. <symbol on-off='off' n='54'>X-MessageSniffer-SNF-Group: Porn-Dating-Adult</symbol>
  47. <symbol on-off='off' n='53'>X-MessageSniffer-SNF-Group: Scam-Phishing</symbol>
  48. <symbol on-off='off' n='52'>X-MessageSniffer-SNF-Group: Snake-Oil</symbol>
  49. <symbol on-off='off' n='51'>X-MessageSniffer-SNF-Group: Spamware</symbol>
  50. <symbol on-off='off' n='50'>X-MessageSniffer-SNF-Group: Media-Theft</symbol>
  51. <symbol on-off='off' n='49'>X-MessageSniffer-SNF-Group: AV-Push</symbol>
  52. <symbol on-off='off' n='48'>X-MessageSniffer-SNF-Group: Insurance</symbol>
  53. <symbol on-off='off' n='47'>X-MessageSniffer-SNF-Group: Travel</symbol>
  54. </xheaders>
  55. </scan>
  56. </logs>
  57. <network>
  58. <sync secs='30' host='sync.messagesniffer.net' port='25'/>
  59. <update-script on-off='on' call='/usr/sbin/getRulebase' guard-time='180'/>
  60. </network>
  61. <xci on-off='off' port='9001'/>
  62. <gbudb>
  63. <database>
  64. <condense minimum-seconds-between='600'>
  65. <time-trigger on-off='on' seconds='86400'/>
  66. <posts-trigger on-off='off' posts='1200000'/>
  67. <records-trigger on-off='off' records='600000'/>
  68. <size-trigger on-off='on' megabytes='150'/>
  69. </condense>
  70. <checkpoint on-off='on' secs='3600'/>
  71. </database>
  72. <regions>
  73. <white on-off='on' symbol='0'>
  74. <edge probability='-1.0' confidence='0.4'/>
  75. <edge probability='-0.8' confidence='1.0'/>
  76. <panic on-off='on' rule-range='1000'/>
  77. </white>
  78. <caution on-off='on' symbol='40'>
  79. <edge probability='0.4' confidence='0.0'/>
  80. <edge probability='0.8' confidence='0.5'/>
  81. </caution>
  82. <black on-off='on' symbol='63'>
  83. <edge probability='0.8' confidence='0.2'/>
  84. <edge probability='0.8' confidence='1.0'/>
  85. <truncate on-off='on' probability='0.9' peek-one-in='5' symbol='20'/>
  86. <sample on-off='on' probability='0.8' grab-one-in='5' passthrough='no' passthrough-symbol='0'/>
  87. </black>
  88. </regions>
  89. <training on-off='on'>
  90. <bypass>
  91. <!-- <header name='To:' find='spam@example.com'/> -->
  92. <!-- <header name='Received:' ordinal='1' find='friendlyhost.com'/> -->
  93. </bypass>
  94. <drilldown>
  95. <!-- <received ordinal='0' find='[12.34.56.'/> where we want to ignore 12.34.56.0/24 -->
  96. <!-- <received ordinal='0' find='mixed-source.com'/> -->
  97. <!-- <received ordinal='1' find='mixed-source-internal.com'/> -->
  98. </drilldown>
  99. <source>
  100. <!-- <header name='X-Use-This-Source:' received='mixedsource.com [' ordinal='0' /> -->
  101. <!-- <header name='X-Originating-IP:' received='hotmail.com [' ordinal='0' /> -->
  102. </source>
  103. <white>
  104. <result code='1'/>
  105. <!-- <header name='Received:' ordinal='0' find='.friendlyhost.com'/> -->
  106. </white>
  107. </training>
  108. </gbudb>
  109. <rule-panics>
  110. <!--
  111. <rule id='123456'/>
  112. <rule id='123457'/>
  113. -->
  114. </rule-panics>
  115. <!-- Platform Specific Configuration -->
  116. <platform>
  117. <milter>
  118. <!--
  119. Socket for communication with the MTA. This
  120. element is required.
  121. <socket type='tcp' ip='127.0.0.1' port='1234'/>
  122. -->
  123. <socket type='unix' path='/var/snf-milter/socket' group='snfuser'/>
  124. <!--
  125. Actions:
  126. Allow - Process the message, return SMFIS_CONTINUE*
  127. Accept - White-list accept, return SMFIS_ACCEPT
  128. Retry - Try again later, return SMFIS_TEMPFAIL*
  129. Reject - Reject the message, return SMFIS_REJECT*
  130. Discard - Discard the message, return SMFIS_DISCARD
  131. Quarantine - Quarantine the message, Call smfi_quarantine()
  132. Valid Connect Actions: Allow, Accept, Retry, Reject
  133. Valid Scan Actions: Allow, Accept, Retry, Reject, Discard, Quarantine
  134. -->
  135. <connect>
  136. <white action='Accept'/>
  137. <caution action='Allow'/>
  138. <black action='Allow'/>
  139. <truncate action='Reject'/>
  140. </connect>
  141. <scan>
  142. <result code='20' action='Discard'/>
  143. <result code='40' action='Allow'/>
  144. <result code='63' action='Quarantine'/>
  145. <result code='1' action='Accept'/>
  146. <nonzero action='Quarantine'/>
  147. </scan>
  148. </milter>
  149. </platform>
  150. <msg-file type='rfc822'/>
  151. </node>
  152. </snf>