# $Id: sample.conf,v 1.24 2005/09/25 15:38:29 carl Exp $ # # Partial bnf description of this configuration language. Any sequence of # three tokens ("include" FILENAME ";") are replaced by the content of the # specified file. # # # CONFIG = {CONTEXT ";"}+ # CONTEXT = "context" NAME "{" {STATEMENT}+ "}" # STATEMENT = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY | CONTEXT | ENV-FROM) ";" # DNSBL = "dnsbl" NAME DNSPREFIX ERROR-MSG # DNSBLLIST = "dnsbl_list" {NAME}+ # CONTENT = "content" ("on" | "off") "{" {CONTENT-STATEMENT}+ "}" # CONTENT-STATEMENT = (FILTER | IGNORE | TLD | HTML-TAGS | HTML-LIMIT | HOST-LIMIT) ";" # FILTER = "filter" DNSPREFIX ERROR-MSG # IGNORE = "ignore" "{" {HOSTNAME [";"]}+ "}" # TLD = "tld" "{" {TLD [";"]}+ "}" # HTML-TAGS = "html_tags" "{" {HTMLTAG [";"]}+ "}" # ERROR-MSG = string containing exactly two %s replacement tokens for the client ip address # HTML-LIMIT = "html_limit" ("on" INTEGER ERROR-MSG | "off") # HOST-LIMIT = "host_limit" ("on" INTEGER ERROR-MSG | "off" | "soft" INTEGER) # ENV-TO = "env_to" "{" {(TO-ADDR | DCC-TO)}+ "}" # TO-ADDR = ADDRESS [";"] # DCC-TO = "dcc_to" ("ok" | "many") "{" DCCINCLUDEFILE "}" ";" # VERIFY = "verify" HOSTNAME ";" # ENV_FROM = "env_from" [DEFAULT] "{" {(FROM-ADDR | DCC-FROM)}+ "}" # FROM-ADDR = ADDRESS VALUE [";"] # DCC-FROM = "dcc_from" "{" DCCINCLUDEFILE "}" ";" # DEFAULT = ("white" | "black" | "unknown" | "inherit" | "") # ADDRESS = (USER@ | DOMAIN | USER@DOMAIN) # VALUE = ("white" | "black" | "unknown" | CHILD-CONTEXT-NAME) context sample { dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl dul dul.dnsbl.sorbs.net "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s"; dnsbl_list local sbl dul; content on { filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; ignore { include "hosts-ignore.conf"; }; tld { include "tld.conf"; }; html_tags { include "html-tags.conf"; }; html_limit on 20 "Mail containing excessive bad html tags rejected"; html_limit off; host_limit on 20 "Mail containing excessive host names rejected"; host_limit soft 20; }; env_to { # child contexts are not allowed to specify recipient addresses outside these domains # leave this outer global context env_to empty to allow arbitrary recipients in child contexts mydomain.com; customer1.com; customer1a.com; customer1b.com; customer2.com; customer2a.com; customer2b.com; }; context whitelist { content off {}; env_to { # dcc_to ok { include "/var/dcc/whitecommon"; }; # copy the dcc OK values (env_to) into this context }; env_from white {}; # white forces all unmatched from addresses (everyone in this case) to be whitelisted # so all mail TO these env_to addresses is accepted }; context abuse { dnsbl_list xbl; content off {}; env_to { abuse@; # no content filtering on abuse reports postmaster@; # "" }; env_from unknown {}; # ignore all parent white/black listing }; context minimal { dnsbl_list sbl dul; content on {}; env_to { sales@mydomain.com; }; }; context blacklist { env_to { dcc_to many { include "/var/dcc/whitecommon"; }; # copy the dcc MANY values (env_to) into this context old-employee@mydomain.com; }; env_from black {}; # black forces all unmatched from addresses (everyone in this case) to be blacklisted # so all mail TO these env_to addresses is rejected }; context vp { # special context for the vp env_to { vp@mydomain.com; }; env_from inherit { nai.com black; # the vp does not like nai yahoo.com unknown; # override parent context blacklisting mother@spammyisp.com white; # suppress dnsbl checking }; }; context customer1 { dnsbl_list sbl dul; env_to { customer1.com; customer1a.com; customer1b.com; }; verify mail.customer1.com; context customer1a { env_to { customer1a.com; } env_from black { # blacklist everything first@acceptable.com unknown; # except these specific envelope senders second@another.com unknown; yahoo.com inherit; # delegate to the parent }; }; env_from { # default value of the default is inherit yahoo.com black; # no mail from yahoo first@yahoo.com unknown; # except this one }; }; context customer2 { dnsbl_list sbl; env_to { customer2.com; customer2a.com; customer2b.com; }; }; env_from unknown { dcc_from { include "/var/dcc/whitecommon"; }; # copy the dcc OK/MANY values (env_from, substitute mail_host) into this context abuse@ abuse; # replies to abuse reports use the abuse context yahoo.com black; # don't take mail from yahoo spammer@example.com black; }; };