ALT Linux repos
| S: | 0.2.5-alt8.20040310 |
| 5.0: | 0.2.5-alt6.20040310 |
| 4.1: | 0.2.5-alt5.20040310 |
| 4.0: | 0.2.5-alt6.20040310 |
| 3.0: | |
| +backports: | 0.2.5-alt0.M30.2.20040310 |
Group :: System/Servers
RPM: spam_check
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
# Amount of memory for caching when accessing DB-files.
use constant DB_CACHE_SIZE => 5242880;
# Maximum test duration, sec.
use constant TIMEOUT => 10;
# Path to daa dirictory and blocklist directory.
$cfg_data_path="/var/lib/spam_check";
$cfg_block_dir="/var/lib/spam_check/blocklist";
# Maillog path.
$cfg_maillog_file = "/var/log/maillog";
# Path to file with hashes for preventing double IP checking.
# Purging of old records are made throught separate script. IP acting as key,
# and time of the check of this IP as a value. If time of the check is negative,
# then result of the check indicates attribute of spammer host.
$cfg_checker_cache_file = "$cfg_data_path/checked_ip.db";
# Path to logfile with check results. "-" means STDOUT
$cfg_log_file = "/var/log/spam_check/spam_check.log";
# Path to file with unfinished queries in previous iteration.
$cfg_active_mail_file = "$cfg_data_path/.active_mail";
# Debug level: 0 - only errors are logged,
# 1 - only spam-hosts are logged,
# 2 - all checks are logged,
# 3 - debug
$cfg_verbose_level = 2;
# Path to file in access(5) format with block rules.
$cfg_blocklist_file = "$cfg_block_dir/block_list";
# Logfile handling mode:
# 0 - cron, periodic launching from cron - see /etc/cron.d/spam_check
# 1 - tail, one start, daemon-mode. Host check executed immediately after
# connection from remote host. Use `service spam_check start' for this mode.
$cfg_log_watch_mode = 1;
# This command will be launched after all block_list file updates.
$cfg_blocklist_rebuild_cmd = "/usr/sbin/postmap -w $cfg_block_dir/block_list";
# Another variant of previous command.
# $cfg_blocklist_rebuild_cmd = "/usr/sbin/postmap -w $cfg_block_dir/block_list; mv -f $cfg_block_dir/block_list.db $cfg_block_dir/block_list.db";
# Another variant when using DNSBL server.
# $cfg_blocklist_rebuild_cmd = "/bin/gzip -c $cfg_block_dir/block_list > $cfg_block_dir/block_list.gz.new;mv $cfg_block_dir/block_list.gz.new $cfg_block_dir/block_list.gz";
# Minimal time in seconds between rebuilding block_list file. Needed only for
# "tail"-mode (cfg_log_watch_mode=1).
$cfg_blocklist_rebuild_interval = 20;
# block_list file formet:
# 0 - access" - access(5) format for Postfix MTA
# 1 - rbldnsd format
$cfg_blocklist_format = 0;
# Patch to lockfile
$cfg_lock_file = "$cfg_data_path/.lock";
# Maximal lock lifetime.
$cfg_lock_timetolive = 3600; # one hour.
# Path to file with latest seen position of maillog.
$cfg_seek_file = "$cfg_data_path/.seek";
# Scores definition for various spam factors.
%cfg_spam_factor = (
# Reverse check of open ports
"open_ports" => {
"25" => -3.5, # reduce spam probability: 25 port is normal MTA indicator
"80" => -3, # reduce spam probability: webserver is running on host
"110" => -3, # reduce spam probability: pop3 server is running on host
"1025" => 1, # Windows machine
"5000" => 1.5, # UPNP port
"2001" => 1.5, # Some ports which used by various trojans
"1025" => 1.5,
"1400" => 1.5,
"9100" => 1.5,
"3389" => 1.5,
"4444" => 1,
#"1000" => 2, "1058" => 2, "3000" => 2, "1024" => 2, "666" => 2, "50505" => 2,
#"5001" => 2, "12345" => 2, "12346" => 2, "30303" => 2, "31337" => 2,
"3128" => 0.8, # Probably open-proxies
"1080" => 0.8,
"8080" => 0.8,
},
# Score based on client hostname level. 0 - unresolved
"domain_level" => {
0 => 3,
1 => 0, # test.com
2 => -0.5, # mail.test.com
3 => 1, # bzq-218-1-51.cable.test.com
4 => 1.6, # 23.dsl-1.cable.test.com
5 => 1.8, # 34.53.12.53.test.com
"N" => 2, # all other
},
# Regex masks for client hostname.
"domain_mask" => {
# '(client|dial|dsl|dslam|dhcp|cable|pool|ppp|node)' => 2,
'(^|[0-9.x_-])(abo|br(e|oa)dband|cabel|(hk)?cablep?|catv|cbl|cidr|d?client2?|cust(omer)?s?|dhcp|dial?(in|up)?|d[iu]p|[asx]?dsld?|dyn(a(dsl|mic)?)?|home|in-addr|modem(cable)?|(di)?pool|ppp|ptr|rev|static|user|YahooBB[0-9]{12}|c[[:alnum:]]{6,}(\.[a-z]{3})?\.virtua|[1-9]Cust[0-9]+|AC[A-Z][0-9A-F]{5}\.ipt|pcp[0-9]{6,}pcs|S0106[[:alnum:]]{12,}\.[a-z]{2})[0-9.x_-]' => 2,
'\-\d+\-\d+\-\d+' => 3,
# 'smtp|mail|relay|mta|mx' => -3,
'^(.+[._-])*(apache|bounce|bulk|delay|d?ns|external|extranet|filter|firewall|forward|gateway|gw|m?liste?s?|(bulk|dead|mass|send|[eqw])?mail(er)?|e?mail(agent|host|hub|scan(ner)?)|messagerie|mta|v?mx|out(bound)?|pop|postfix|w?proxy|rela(is|y)|serveu?r|smarthost|v?smtp|web|www)(gate|mail|mx|pool|out|server)?[0-9]*[._-]' => -3,
},
# Coefficient of score weight multiplication for next connections from same
# IP at current day.
# - 1: score recalculation doesn't performed, blocking based on connection
# number is prohibited
# - 0: database updates on reconnections from same IP doesn't performed et
# all
# After each reconnection from same IP at current day multiply score by
# this value.
"reconnect_mul" => 1.0,
# Minimal weight for blocking IP as spammer.
"block_weight" => 3
);
# Connection indicator mask, postfix
$cfg_maillog_connect_mask=': connect from ([^\[]+)\[(\d+\.\d+\.\d+\.\d+)\]\s*';
$cfg_maillog_disconnect_mask=': disconnect from ([^\[]+)\[(\d+\.\d+\.\d+\.\d+)\]\s*';
# Maillog format:
# 0 - postfix
# 1 - sendmail
$cfg_log_format = 0;
# sendmail doesnt't have connect/disconnect messages in maillog, so use only
# this cfg_maillog_disconnect_mask:
# $cfg_maillog_disconnect_mask=': from=<[^>]*>,.* relay=([^\[ ]+)\s*\[(\d+\.\d+\.\d+\.\d+)\]\s*';
# Mask for getting already blocked hosts from maillog for avoiding useless
# check.
$cfg_maillog_reject_mask=': reject: RCPT from [^\[]+\[(\d+\.\d+\.\d+\.\d+)\]: 55.* (Client host rejected|Service unavailable)';
# Execute check only when client hostname is matched by this mask. By default
# all clients are checked.
$cfg_block_mask="";
#$cfg_block_mask='\d[\-\.](dsl|adsl|dial|cable)\.';
# Doesn't perform check for hosts matched by this mask.
#$cfg_ignore_mask='\.(ru|su|ua|by)$';
$cfg_ignore_mask='';
# IP networkds excluded from chech (put your local IPs here)
@cfg_local_ip_list = ("127.0.0.0/8", "192.168.0.0/16");
# vim: set filetype=perl :