#---------------------------------------------------------------------------# #-- spamradar.conf - user-configurable options for spamradar.pl #---------------------------------------------------------------------------# #-- System-specific information #---------------------------------------------------------------------------# # Hostname where program will run. #HOST = mylogserver.mydomain.int # Location of mail log. log = /var/log/mail.log # List of hosts/domains/networks that should NEVER be tested or blocked # (your own relays) ALLOWFILE = /etc/spamradar.allow # List of hosts/domains/networks that we shouldn't bother testing # (because they're too big like AOL or known good, but not our own relays) # but that should be blocked temporarily if they're sending too many # messages to us at once. IGNOREFILE = /etc/spamradar.ignore # If this string isn't found in a mail-log record, ignore it. logstring = sendmail # Location of spamradar log. mylogfile = /var/log/spamradar.log # Location of spamradar database. DBFILE = /etc/mail/spamradar.db # Location of spamradar's "relays to block as open" database. REJECTDBFILE = /etc/mail/spamradarreject.db # Location of external "tail" binary. # (Hoping to replace this with something internal soon) TAIL = /usr/bin/tail # Location of external "rlytest.pl" binary. # This is a modified version of Chip Rosenthal's rlytest.pl utility, # available from http://www.unicom.com/sw/#rlytest. RLYTEST = /usr/local/bin/rlytest.pl # Location of external "sendmail" binary for mailing reports to ORBS or admins. # (Hoping to replace this with something internal soon) MAILER = /usr/local/bin/sendmail # Location of sendmail access file. ACCESSFILE = /etc/mail/access # Control our program-execution path. # The shorter this list is, the more secure. PRG_EXEC_PATH = /usr/bin:/usr/sbin #---------------------------------------------------------------------------# #-- Site-specific information #---------------------------------------------------------------------------# # Hostname where we can pop our relaytest results from. #POPHOST = pop.mydomain.int # Password for the account that receives relay tests. # Make sure that this file is not readable by anyone but root. #POP_PWD = supersecretpasswordhere # Where alerts should be mailed and where questions should be sent. # This should be read daily by a real person, and should probably # be a role account rather than an individual name. #LOCAL_CONTACT = realperson@mydomain.int # Address where relay tests will be mailed (must be a real address). #TEST_RECIPIENT = testcatcher@mydomain.int # Email address of testing sender (must be a real address). #TEST_SENDER = nobody@mydomain.int # Email address of service that accepts autosubmission of relays. # Note that you may need to arrange for permission to submit. # If not defined, automatic reporting is disabled. #TEST_SERVICE_ADDR = relays@orbs.org # Domain for which we are monitoring (primary administration domain). #LOCAL_TEST_DOMAIN = mydomain.int #---------------------------------------------------------------------------# #-- User-defined thresholds and tuning parameters #---------------------------------------------------------------------------# # Number of lines to pull from end of log. lastlines = 8000 # Default level of verbosity. # 0 - no output, just test, log, and show errors/warnings # 1 - output just data # 2 - report data and basic progress info # 3 - show information about each maillog record # 4 - show data extracted from each maillog record # 5 - show all other extraneous debugging info debug = 1 # How many unknown-user errors we'll tolerate. max_username_guesses = 2 # How many successful deliveries we'll tolerate. max_recipients = 200 # Percentage of bad deliveries we'll tolerate ( 0 < x < 1 ). MAX_UNKNOWN_RATIO = .3 # Ratio of username guesses to unique first letters we'll tolerate. # For example, if someone tries to send email to 30 unknown users, # and half of the usernames begin with "a" and the other half begin # with "b", this number is # # ( 30 / 2 ) = 15 # # The bigger the number, the more likely it is to be # spam attack. # MAX_FIRSTCHAR_RATIO = 2 # How long to wait before re-examining/discarding relays (in days). MAX_TEST_AGE = 7 # How many successful deliveries we'll tolerate, # even from hosts in spamradar.ignore. hard_unknown_limit = 300 # How long to temporarily block the most egregious senders, # measured in seconds. # (Not currently implemented) #temp_block_time = 3600 # # Whether we should show all hosts (1), or to omit hosts # that are already blocked and hosts we should never block (0). show_all_hosts = 0