man messagewall_profiles (Formats) - messagewall user profile configuration

NAME

messagewall_profiles - messagewall user profile configuration

DESCRIPTION

Any regular files in the directory defined as profile_dir in messagewall.conf (5) are read as profiles that can be referenced from default_profile, relay_profile or the special_users file. Each profile must contain at least one key/value pair.

Regular variables are in the format::

variable_name="value""

variable_name2="value2""

Scored variables are in the format:

variable_name="score,value""

If the score is omitted, it defaults to 1. If the value contains a comma, score is required.

Regular Variables:

reject

Default: 0

Setting this variable to '1' indicates that any messages using this profile should be denied. This is used for testing and for preventing addresses under attack from clogging the backend MTA.

reject_score

Default: 1

This is the score at which MessageWall will reject the message. Any message acheiving a score below this will simply have warnings added to its headers indicating which tests it failed.

mime_strip

Example:

mime_strip=text/html

The value of a mime_strip line is case-insensitively matched against MIME types of each part of the message. If a match is found, that MIME section is stripped from the message, and will not reach the recipient. There can be multiple mime_strip lines. If, after processing all mime_strip lines, there are no useful (non-multipart) sections of the message left, the message is refused. Stripping text/html sections from messages can be extremely effective against viruses that self-run attachments using bugs in Microsoft Outlook's & Outlook Express's HTML-handling code, as well as against HTML-only spam.

mime_allow

Example:

mime_allow=text/plain

mime_allow is a stricter version of mime_strip. It acts the same way except that only parts with MIME types specificially listed are allowed through. There can be multiple mime_allow lines. Presence of a mime_allow line nullifies any mime_strip lines in the profile.

Scored Variables:

to_cc_check

Default: 0

Setting this variable to '1' causes MessageWall to check that the envelope destination address is in either the To: or CC: fields in the message header. This check stops a significant amount of UBE. However, it also breaks most legitimate mailing lists. Do not use this check in the relay_profile, as there may be multiple destination addresses and it will provide inconsistent results.

from_check

Default: 0

Setting this variable to '1' causes MessageWall to check that the envelope source address is in the From: field of the message header. The realistic impact of using this check is unknown.

realname_check

Default: 0

Setting this variable to '1' causes MessageWall to check for the presence of a real name before the <> address section of the From: field of the message header. The realistic impact of using this check is unknown.

rdns_required

Default: 0

Setting this variable to '1' causes MessageWall to reject messages from IP address that lack reverse DNS. The realistic impact of using this check is unknown.

rmx_required

Default: 0

Setting this variable to '1' causes MessageWall to reject messages with return path domains without an MX or A record. This means that domains in the reverse path that would be undeliverable for return mail cause the message to be rejected. This should be safe to use in almost all cases.

header_reject

Example:

header_reject=1,Precedence:bulk

The value of a header_reject line should contain a colon seperated string of Header:Key. The "Key" will be case-sensitively searched for in the value of the header. If a match is found, the message is refused. There can be multiple header_reject lines.

header_rejecti

Example:

header_rejecti=1,X-Mailer:gold

The value of a header_rejecti line should contain a colon seperated string of Header:Key. The "Key" will be case-insensitively searched for in the value of the header. If a match is found, the message is refused. There can be multiple header_reject lines.

body_reject

Example:

body_reject=1,FREE

The value of a body_reject line is case-sensitively searched for in the decoded body of each MIME part. If a match is found, the message is refused. There can be multiple body_reject lines.

body_rejecti

Example:

body_rejecti=1,viagra

The value of a body_rejecti line is case-insensitively searched for in the decoded body of each MIME part. If a match is found, the message is refused. There can be multiple body_rejecti lines.

filename_reject

Example:

filename_reject=1,.pif

The value of a filename_reject line is case-insensitively searched for in any filenames of attachments to the message. If a match is found, the message is refused. There can be multiple filename_reject lines. filename_reject is the most powerful MessageWall tool to stop virus propagation.

mime_reject

mime_reject=1,application/x-wav

The value of a mime_reject line is case-insensitively matched against content-types in all parts of the message. If a match is found, the message is refused. There can be multiple mime_reject lines. mime_reject is provided as a counterpart to filename_reject for platforms that determine execution based on MIME type instead of filename extension.

dnsbl

Examples:

dnsbl=2,list.dsbl.org/127.0.0.2

dnsbl=1,multihop.dsbl.org

dnsbl=1,bl.spamcop.net

Each dnsbl line causes queries for connecting IP addresses to be sent to the list in question. If a connecting IP address is present on one of the lists (and the result IP matches the one provided, if any), the message is refused with a message pointing to http://openrbl.org/. To speed up transactions, requests for all lists from all profiles are sent on initial connection; later, when we determine what profile applies to the message, responses from the lists are checked, and waited for (up to dnsbl_timeout) if necessary. The effectiveness of this feature is based strictly on which lists are used.

dnsbl_domain

Examples:

dnsbl_domain=1,dsn.rfc-ignorant.org/127.0.0.2

dnsbl_domain=2,postmaster.rfc-ignorant.org

dnsbl_domain=1,abuse.rfc-ignorant.org

Each dnsbl_domain line causes queries for reverse path domains to be sent to the list in question. If a connecting IP address is present on one of the lists (and the result IP matches the one provided, if any), the message is refused. To speed up transactions, requests for all lists from all profiles are sent on MAIL FROM; later, when we determine what profile applies to the message, responses from the lists are checked, and waited for (up to dnsbl_domain_timeout) if necessary. The effectiveness of this feature is based on the lists being used, but is slightly less than IP-based blacklists, as it is more easily spoofable.

dnsdcc

Examples:

dnsdcc=1,aa.dcc.dsbl.org

dnsdcc=1,ba.dcc.dsbl.org

Each dnsdcc line causes queries for each MIME part of a message to be sent to the specified checksum servers. The first two letters of the value specifies the checksum to be calculated. If a match is found, the message is refused. This system is very effective against common viruses and UBE, but also breaks legitimate mailing list messages.

virus_scan

Examples:

virus_scan=1,virus.profiles

Each virus_scan line causes MessageWall to scan decoded attachments against the Open AntiVirus format pattern file specified. If a match is found, the message is refused. Virus pattern files are reloaded on messagewallctl reload-virus.

EXAMPLES

See the profiles directory in the distribution for sample profiles.

AUTHOR

Ian Gulliver <ian@penguinhosting.net>

SEE ALSO

messagewall(1),

messagewall.conf(5)