# Example configuration for smtp-gated 1.4.16.2 # Scans all outgoing mail from internal network # using NAT framework (ipfw/netfilter) # # You can check all default values using: # $ smtp-gated -T |more # or effective values: # $ smtp-gated -T nat-advanced.conf |more # # Watch your logs on fresh install and after changes! # name visible in SMTP responses: proxy_name smtp-proxy.example.org # listen for client connections on following IP and port: # IP 0.0.0.0 means: all interfaces (IPs) # iptables -t nat -A PREROUTING -i LAN_INTERFACE -p tcp --dport 25 -j DNAT --to 127.0.0.1:9199 bind_address 127.0.0.1 port 9199 # source address for outgoing connections to SMTP servers: # IP 0.0.0.0 means: let the system decide ;outgoing_addr 0.0.0.0 # .pid file path: pidfile /run/smtp-gated/smtp-gated.pid # save state file to following: statefile /run/smtp-gated/state # create lock files and spool messages in following directories: lock_path /var/spool/smtp-gated/lock spool_path /var/spool/smtp-gated/msg # connection routing mode: mode netfilter # run as user (never run as root!): set_user smtpgw # change proxy priority (nice): ;priority 0 # lock user for lock_duration seconds, on following events: lock_on virus,spam,maxhost,maxident,spf,regex lock_duration 1800 # run some script if event is found: action_script /usr/sbin/smtp-gated-action.sh # do not delete spool files under following conditions: spool_leave_on never # maximum connections count, others will be shut down: max_connections 64 # maximum connections per user (source IP): max_per_host 8 # maximum load to accept connections, others will be shut down: max_load 2.000000 # antivirus/antispam scanning below message size: scan_max_size 10000000 spam_max_size 500000 # spamassasin's "this is a spam" threshold: spam_threshold 2.000000 # skip spam if system load is above: spam_max_load 0.900000 # ignore errors, and do not shut down connections: ignore_errors yes # log some data about sessions: log_helo yes log_mail_from accepted,rejected log_rcpt_to accepted,rejected # require SMTP authentication: auth_require no # how many messages to log: log_level debug # abuse e-mail, set this to your own! abuse abuse@example.org # antivirus config: antivirus_type clamd antivirus_path /var/lib/clamav/clamd.socket # spamassassin config: antispam_type spamassassin antispam_path /run/spamd/spamd.socket # locale for system messages (i.e. connection refused) locale en_US # reject if HELO/EHLO matches following regex regex_reject_helo comcast\.com$ # check spf, outgoing means to check against (real) outgoing_addr spf outgoing ;spf_log_only yes # message customization msg_virus_found Malware found / Znaleziono wirusa msg_virus_locked Dostep do SMTP automatycznie zablokowany na 30 minut. Zobacz http://example.org/blokada-spam