MailScanner Installation Guide ? mailscanner.conf All the configuration options are held in the file /opt/mailscanner/etc/mailscanner.conf by default, and each is described below. To use a different configuration file, specify it on the MailScanner command line. Blank lines are ignored, as are leading and trailing spaces. Comments start at a '#' character and extend to the end of the line. All options are expressed in the form option = value Many of the options can also be the filename of a ruleset, which can be used to control features depending on the addresses of the message, and/or the IP address where the message came from. You will find some examples of rulesets and an explanation of them in the etc/rules directories within the MailScanner installation. The options are best listed in a few categories. This is also the order in which you will find them in the mailscanner.conf file. If this list looks very large then don't worry, the supplied mailscanner.conf file contains sensible defaults for all the values. You will probably only need to change a very few of them to start with. * System settings <#system> * Processing incoming mail <#incoming> * Virus scanning and vulnerability testing <#scanning> * Removing dangerous or potentially offensive content <#content> * Attachment filename checking <#attachments> * Reports and responses <#reports> * Changes to message headers <#headers> * Changes to the Subject: line <#subject> * Changes to the message body <#body> * Mail archiving and monitoring <#archiving> * Notices to system administrators <#notices> * Definitions of virus scanners and spam detectors <#defs> * Spam detection and spam lists (DNS blocklists) <#rbl> * SpamAssassin <#spamassassin> * What to do with spam <#spam> * System logging <#logging> * Advanced settings <#advanced> System Settings *Max Children* Default is 5 MailScanner uses your server efficiently by running several identical processes at the same time, all processing mail. This is the number of these processes to run at once. Tuning this figure will optimise the performance of your system if you process a lot of mail. A good figure to start with is 5 children per CPU. So if you have 4 CPU's in your server, start by setting this to 20. *Run As User* Default is to not change user Provided for Exim users (and anyone not running sendmail as root), this changes the user under which MailScanner runs *Run As Group* Default is to not change group Provided for Exim users (and anyone not running sendmail as root), this changes the group under which MailScanner runs *Incoming queue dir* Default is /var/spool/mqueue.in Directory in which MailScanner should find e-mail messages for scanning *Outgoing queue dir* Default is /var/spool/mqueue Directory in which MailScanner should place scanned e-mail messages *Incoming work dir* Default is /opt/MailScanner/var/incoming Directory in which to temporarily store unpacked MIME messages during scanning process *Quarantine dir* Default is /opt/MailScanner/var/quarantine Directory under which to archive quarantined infected e-mail attachments *PID dir* Default is /opt/MailScanner/var Directory in which to store MailScanner process id files *MTA* sendmail or exim Default is sendmail Specifies which email package you are using *Sendmail* Default is /usr/lib/sendmail Location of sendmail program *Sendmail2* Default is the value of the Sendmail setting Command line used to deliver outgoing/cleaned messages. Provided for Exim users so they can specify a different exim.conf file for delivering from the outgoing queue. Processing Incoming Mail *Max Unscanned Bytes Per Scan* *Max Unsafe Bytes Per Scan* *Max Unscanned Messages Per Scan* *Max Unsafe Messages Per Scan* These values define the maximum size of a batch of messages which are all processed together. If you have problems with your server not processing messages fast enough, you might want to increase these values from those supplied. *Expand TNEF* Default is yes Should we use an external TNEF decoder or not? TNEF decoding is built into Sophos and McAfee, so this should be no for Sophos/McAfee users and yes for all others. *Deliver Unparsable TNEF* Default is no Rich Text format attachments produced by some versions of Microsoft Outlook cannot be completely decoded at present. Setting this option to yes allows compatibility with the behaviour of earlier versions where these attachments were still delivered. This would introduce the slight chance of a virus getting through in the segment of the attachment that could not be decoded, but the setting may be necessary if you have a large number of Microsoft Outlook users who are troubled by the new behaviour. *TNEF Expander* Default is /opt/mailscanner/bin/tnef Full pathname giving location of the MS-TNEF expander/decoder program, or the keyword internal which will force use of the optional Perl Convert::TNEF module instead of the external program. *TNEF Timeout* Default is 120 The maximum time (in seconds) that the TNEF decoder is allowed to take to disassemble 1 Microsoft Outlook attachment. *Block Encrypted Messages* Default is no This is intended for use with a ruleset to ensure that none of your users is covertly mailing sites with which you would not normally communicate (e.g. your competitors). *Block Unencrypted Messages* Default is no This is intended for use with a ruleset to ensure that mail is always encrypted before being sent. This could be used to ensure that mail to your business partners is sent securely. Virus Scanning and Vulnerability Testing *Virus Scanning* yes or no Default is yes Scan email for viruses? Switching this to no completely disables all virus-scanning functionality. *Virus Scanners* sophos, mcafee, command, kaspersky, inoculate, inoculan, nod32, f-prot, f-secure, antivir, panda, rav, none Default is none Specified which anti-virus package you are using *Note:* If you are using several virus scanners, then this should be a space-separated list of the names of the scanners. *Virus Scanner Timeout* Default is 300 The maximum time (in seconds) that the virus scanner is allowed to take to scan 1 batch of messages. *Deliver Disinfected Files* Default is yes Value is "yes" or "no" Should infected attached documents be automatically disinfected and sent on to the original recipients *Silent Viruses* Messages whose virus reports contain any of the words listed here will be treated as "silent" viruses. No messages will be sent back to the senders of these viruses, and the delivery to the recipient of the message can be controlled by the next option "Still Deliver Silent Viruses". This is primarily designed for viruses such as "Klez" and "Bugbear" which put fake addresses on messages they send, so there is no point informing the sender of the message, as it won't actually be them who sent it anyway. *Still Deliver Silent Viruses* If this is set to yes then disinfected messsages that originally contained one of the "silent" viruses will still be delivered to the original recipients, even those addresses were chosen at random by the infected PC and do not correspond to anything a user intended to send. Set this to yes so that your users (and your management) appreciate how much MailScanner is doing to protect them, but set it to no if they complain a lot about receiving lots of virus warnings. Removing Dangerous or Potentially Offensive Content *Allow Partial Messages* Default is no Do you want to allow partial messages, which only contain a fraction of the attachments, not the whole thing? There is no way that "partial messages" can be scanned for viruses properly, as only a fragment of the message is ever processed, never the whole message at once. Setting this option to yes is *very dangerous* as it can let viruses in. But you might want to use a ruleset to set it for some customers' outgoing mail, for example. *Allow External Message Bodiees* Default is no There is a mechanism, very rarely used, in which the body of a message is contained on a remote server, which the user's email application should download when it displays the message. Currently, I am only aware of this feature being supported by a few versions of Netscape, and the only people who use it are the IETF. There is no way to guarantee that the fetched file has no viruses in it, as MailScanner never sees it. Setting this option to yes is *very dangerous* as it can let viruses in from remote "message body servers". *Allow IFrame Tags* Default is no Do you want to allow HTML