From: frank Date: Sun, 29 Jan 2012 10:51:25 +0000 (+0100) Subject: committing changes in /etc after emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=a449549b0043203a47d7c27b592808bc7022ddd7;p=config%2Fuhu1%2Fetc.git committing changes in /etc after emerge run Package changes: +mail-filter/policyd-weight-0.1.15.1 --- diff --git a/.etckeeper b/.etckeeper index 0a01ed7..9ccaea1 100755 --- a/.etckeeper +++ b/.etckeeper @@ -580,6 +580,7 @@ maybe chmod 0755 './init.d/numlock' maybe chmod 0755 './init.d/openvpn' maybe chmod 0755 './init.d/pciparm' maybe chmod 0755 './init.d/php-fpm' +maybe chmod 0755 './init.d/policyd-weight' maybe chmod 0755 './init.d/portmap' maybe chmod 0755 './init.d/postfix' maybe chmod 0755 './init.d/postgrey' @@ -829,6 +830,7 @@ maybe chmod 0755 './php/fpm-php5.3/ext' maybe chmod 0755 './php/fpm-php5.3/ext-active' maybe chmod 0644 './php/fpm-php5.3/php-fpm.conf' maybe chmod 0644 './php/fpm-php5.3/php.ini' +maybe chmod 0644 './policyd-weight.conf' maybe chmod 0755 './portage' maybe chmod 0644 './portage/.keep_sys-apps_portage-0' maybe chmod 0644 './portage/bashrc' diff --git a/init.d/policyd-weight b/init.d/policyd-weight new file mode 100755 index 0000000..d47e5be --- /dev/null +++ b/init.d/policyd-weight @@ -0,0 +1,25 @@ +#!/sbin/runscript +opts="${opts} reload" + +depend(){ + before postfix + need net +} + +start(){ + ebegin "Starting policyd-weight" + /usr/lib/postfix/policyd-weight start + eend $? +} + +stop(){ + ebegin "Stopping policyd-weight" + /usr/lib/postfix/policyd-weight -k stop + eend $? +} + +reload(){ + ebegin "Reloading policyd-weight" + /usr/lib/postfix/policyd-weight reload + eend $? +} diff --git a/policyd-weight.conf b/policyd-weight.conf new file mode 100644 index 0000000..0b33774 --- /dev/null +++ b/policyd-weight.conf @@ -0,0 +1,260 @@ +# ---------------------------------------------------------------- +# policyd-weight configuration (defaults) Version 0.1.14 beta-17 +# ---------------------------------------------------------------- + + + $DEBUG = 0; # 1 or 0 - don't comment + + $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; + + $REJECTLEVEL = 1; # Mails with scores which exceed this + # REJECTLEVEL will be rejected + + $DEFER_STRING = 'IN_SPAMCOP= BOGUS_MX='; + # A space separated case-sensitive list of + # strings on which if found in the $RET + # logging-string policyd-weight changes + # its action to $DEFER_ACTION in case + # of rejects. + # USE WITH CAUTION! + # DEFAULT: "IN_SPAMCOP= BOGUS_MX=" + + + $DEFER_ACTION = '450'; # Possible values: DEFER_IF_PERMIT, + # DEFER_IF_REJECT, + # 4xx response codes. See also access(5) + # DEFAULT: 450 + + $DEFER_LEVEL = 5; # DEFER mail only up to this level + # scores greater than DEFER_LEVEL will be + # rejected + # DEFAULT: 5 + + $DNSERRMSG = '450 No DNS entries for your MTA, HELO and Domain. Contact YOUR administrator'; + + $dnsbl_checks_only = 0; # 1: ON, 0: OFF (default) + # If ON request that ALL clients are only + # checked against RBLs + + @dnsbl_checks_only_regexps = ( + # qr/[^.]*(exch|smtp|mx|mail).*\..*\../, + # qr/yahoo.com$/ +); # specify a comma-separated list of regexps + # for client hostnames which shall only + # be RBL checked. This does not work for + # postfix' "unknown" clients. + # The usage of this should not be the norm + # and is a tool for people which like to + # shoot in their own foot. + # DEFAULT: empty + + + $LOG_BAD_RBL_ONLY = 1; # 1: ON (default), 0: OFF + # When set to ON it logs only RBLs which + # affect scoring (positive or negative) + +## DNSBL settings + @dnsbl_score = ( +# HOST, HIT SCORE, MISS SCORE, LOG NAME + 'pbl.spamhaus.org', 3.25, 0, 'DYN_PBL_SPAMHAUS', + 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', + 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', + 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', + 'list.dsbl.org', 4.35, 0, 'DSBL_ORG', + 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' +); + + $MAXDNSBLHITS = 2; # If Client IP is listed in MORE + # DNSBLS than this var, it gets + # REJECTed immediately + + $MAXDNSBLSCORE = 8; # alternatively, if the score of + # DNSBLs is ABOVE this + # level, reject immediately + + $MAXDNSBLMSG = '550 Your MTA is listed in too many DNSBLs'; + +## RHSBL settings + @rhsbl_score = ( + 'multi.surbl.org', 4, 0, 'SURBL', + 'rhsbl.ahbl.org', 4, 0, 'AHBL', + 'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI', + 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', + 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' +); + + $BL_ERROR_SKIP = 2; # skip a RBL if this RBL had this many continuous + # errors + + $BL_SKIP_RELEASE = 10; # skip a RBL for that many times + +## cache stuff + $LOCKPATH = '/var/run/policyd-weight/'; # must be a directory (add + # trailing slash) + + $SPATH = $LOCKPATH.'/polw.sock'; # socket path for the cache + # daemon. + + $MAXIDLECACHE = 60; # how many seconds the cache may be idle + # before starting maintenance routines + # NOTE: standard maintenance jobs happen + # regardless of this setting. + + $MAINTENANCE_LEVEL = 5; # after this number of requests do following + # maintenance jobs: + # checking for config changes + +# negative (i.e. SPAM) result cache settings ################################## + + $CACHESIZE = 2000; # set to 0 to disable caching for spam results. + # To this level the cache will be cleaned. + + $CACHEMAXSIZE = 4000; # at this number of entries cleanup takes place + + $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; + + $NTTL = 1; # after NTTL retries the cache entry is deleted + + $NTIME = 30; # client MUST NOT retry within this seconds in order + # to decrease TTL counter + + +# positve (i.,e. HAM) result cache settings ################################### + + $POSCACHESIZE = 1000; # set to 0 to disable caching of HAM. To this number + # of entries the cache will be cleaned + + $POSCACHEMAXSIZE = 2000; # at this number of entries cleanup takes place + + $POSCACHEMSG = 'using cached result'; + + $PTTL = 60; # after PTTL requests the HAM entry must + # succeed one time the RBL checks again + + $PTIME = '3h'; # after $PTIME in HAM Cache the client + # must pass one time the RBL checks again. + # Values must be nonfractal. Accepted + # time-units: s, m, h, d + + $TEMP_PTIME = '1d'; # The client must pass this time the RBL + # checks in order to be listed as hard-HAM + # After this time the client will pass + # immediately for PTTL within PTIME + + +## DNS settings + $DNS_RETRIES = 2; # Retries for ONE DNS-Lookup + + $DNS_RETRY_IVAL = 2; # Retry-interval for ONE DNS-Lookup + + $MAXDNSERR = 3; # max error count for unresponded queries + # in a complete policy query + + $MAXDNSERRMSG = 'passed - too many local DNS-errors'; + + $PUDP = 0; # persistent udp connection for DNS queries. + # broken in Net::DNS version 0.51. Works with + # Net::DNS 0.53; DEFAULT: off + + $USE_NET_DNS = 0; # Force the usage of Net::DNS for RBL lookups. + # Normally policyd-weight tries to use a faster + # RBL lookup routine instead of Net::DNS + + + $NS = ''; # A list of space separated NS IPs + # This overrides resolv.conf settings + # Example: $NS = '1.2.3.4 1.2.3.5'; + # DEFAULT: empty + + + $IPC_TIMEOUT = 2; # timeout for receiving from cache instance + + $TRY_BALANCE = 0; # If set to 1 policyd-weight closes connections + # to smtpd clients in order to avoid too many + # established connections to one policyd-weight + # child + +# scores for checks, WARNING: they may manipulate eachother +# or be factors for other scores. +# HIT score, MISS Score + @client_ip_eq_helo_score = (1.5, -1.25 ); + @helo_score = (1.5, -2 ); + @helo_from_mx_eq_ip_score = (1.5, -3.1 ); + @helo_numeric_score = (2.5, 0 ); + @from_match_regex_verified_helo = (1, -2 ); + @from_match_regex_unverified_helo = (1.6, -1.5 ); + @from_match_regex_failed_helo = (2.5, 0 ); + @helo_seems_dialup = (1.5, 0 ); + @failed_helo_seems_dialup = (2, 0 ); + @helo_ip_in_client_subnet = (0, -1.2 ); + @helo_ip_in_cl16_subnet = (0, -0.41 ); + @client_seems_dialup_score = (3.75, 0 ); + @from_multiparted = (1.09, 0 ); + @from_anon = (1.17, 0 ); + @bogus_mx_score = (2.1, 0 ); + @random_sender_score = (0.25, 0 ); + @rhsbl_penalty_score = (3.1, 0 ); + @enforce_dyndns_score = (3, 0 ); + + + $VERBOSE = 0; + + $ADD_X_HEADER = 1; # Switch on or off an additional + # X-policyd-weight: header + # DEFAULT: on + + + $DEFAULT_RESPONSE = 'DUNNO default'; # Fallback response in case + # the weighted check didn't + # return any response (should never + # appear). + + + +# +# Syslogging options for verbose mode and for fatal errors. +# NOTE: comment out the $syslog_socktype line if syslogging does not +# work on your system. +# + + $syslog_socktype = 'unix'; # inet, unix, stream, console + + $syslog_facility = "mail"; + $syslog_options = "pid"; + $syslog_priority = "info"; + $syslog_ident = "postfix/policyd-weight"; + + +# +# Process Options +# + $USER = "polw"; # User must be a username, no UID + + $GROUP = ""; # specify GROUP if necessary + # DEFAULT: empty, will be initialized as + # $USER + + $MAX_PROC = 50; # Upper limit if child processes + $MIN_PROC = 3; # keep that minimum processes alive + + $TCP_PORT = 12525; # The TCP port on which policyd-weight + # listens for policy requests from postfix + + $BIND_ADDRESS = '127.0.0.1'; # IP-Address on which policyd-weight will + # listen for requests. + # You may only list ONE IP here, if you want + # to listen on all IPs you need to say 'all' + # here. Default is '127.0.0.1'. + # You need to restart policyd-weight if you + # change this. + + $SOMAXCONN = 1024; # Maximum of client connections + # policyd-weight accepts + # Default: 1024 + + + $CHILDIDLE = 240; # how many seconds a child may be idle before + # it dies. + + $PIDFILE = "/var/run/policyd-weight.pid"; +