Line 280: |
Line 280: |
| | | | | |
| |- | | |- |
| + | |MaximumDateOffset |
| + | |(0) |
| | | | | |
| | | | | |
| + | | |
| + | |- |
| + | |MaxLoad |
| + | |(7) |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |SPFRejectPolicy |
| + | |(0)[0-4] |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |DMARCReject |
| + | |<nowiki>(disabled)[enabled|disabled]</nowiki> |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |DMARCReporting |
| + | |<nowiki>(enabled)[enabled|disabled]</nowiki> |
| + | | |
| + | | |
| + | | |
| + | |- |
| + | |disclaimer |
| + | |<nowiki>(disabled)[enabled|disabled]</nowiki> |
| | | | | |
| | | | | |
Line 666: |
Line 696: |
| |- | | |- |
| |16resolvable_fromhost | | |16resolvable_fromhost |
− | | | + | |resolvable_fromhost |
| |X | | |X |
| | | | | |
Line 674: |
Line 704: |
| |- | | |- |
| |17headers | | |17headers |
− | | | + | |headers future $days past $days" if ($days) |
| | | | | |
| | | | | |
Line 682: |
Line 712: |
| |- | | |- |
| |19loadcheck | | |19loadcheck |
− | | | + | |<nowiki>loadcheck max_load { $qpsmtpd{MaxLoad} || '7' }</nowiki> |
| |X | | |X |
| | | | | |
Line 690: |
Line 720: |
| |- | | |- |
| |20rhsbl | | |20rhsbl |
− | | | + | |rhsbl |
| |X | | |X |
| | | | | |
Line 698: |
Line 728: |
| |- | | |- |
| |221spf | | |221spf |
− | | | + | |<nowiki>sender_permitted_from reject 1 no_dmarc_policy { $qpsmtpd{SPFRejectPolicy} || '0' }</nowiki> |
| |X | | |X |
| | | | | |
| |X | | |X |
| | | | | |
− | | | + | |change default to 1 |
| |- | | |- |
| |222dkim | | |222dkim |
− | | | + | |dkim reject 0 |
| | | | | |
| | | | | |
Line 714: |
Line 744: |
| |- | | |- |
| |223dmarc | | |223dmarc |
− | | | + | |<nowiki>marc reject { (( $qpsmtpd{DMARCReject} || 'disabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' } reporting { (( $qpsmtpd{DMARCReporting} || 'enabled' ) =~ m/^1|on|enabled|yes$/) ? '1' : '0' }</nowiki> |
| |X | | |X |
| | | | | |
Line 722: |
Line 752: |
| |- | | |- |
| |22dnsbl | | |22dnsbl |
− | | | + | |dnsbl reject naughty |
| |X | | |X |
| | | | | |
Line 730: |
Line 760: |
| |- | | |- |
| |23naughty | | |23naughty |
− | | | + | |naughty reject mail |
| |X | | |X |
| | | | | |
Line 738: |
Line 768: |
| |- | | |- |
| |24uribl | | |24uribl |
− | | | + | |uribl action deny |
| | | | | |
| | | | | |
Line 746: |
Line 776: |
| |- | | |- |
| |30badmailfrom | | |30badmailfrom |
− | | | + | |badmailfrom |
| | | | | |
| | | | | |
Line 754: |
Line 784: |
| |- | | |- |
| |34badrcptto | | |34badrcptto |
− | | | + | |badrcptto |
| | | | | |
| |X | | |X |
Line 762: |
Line 792: |
| |- | | |- |
| |34badrcptto_ext | | |34badrcptto_ext |
− | | | + | |badrcptto more_badrcptto badrcptto_ext |
| |X | | |X |
| | | | | |
Line 770: |
Line 800: |
| |- | | |- |
| |37check_smtp_forward | | |37check_smtp_forward |
| + | |check_smtp_forward |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |needed for submission ? |
− | |
| |
| |- | | |- |
| |38check_goodrcptto | | |38check_goodrcptto |
− | | | + | |check_goodrcptto extn - |
| | | | | |
| | | | | |
Line 786: |
Line 816: |
| |- | | |- |
| |39rcpt_ok | | |39rcpt_ok |
− | | | + | |rcpt_ok |
| | | | | |
| | | | | |
Line 794: |
Line 824: |
| |- | | |- |
| |62pattern_filter | | |62pattern_filter |
− | | | + | |virus/pattern_filter check=patterns action=deny |
| | | | | |
| | | | | |
Line 802: |
Line 832: |
| |- | | |- |
| |62tnef2mime | | |62tnef2mime |
− | | | + | |tnef2mime |
| | | | | |
| | | | | |
Line 810: |
Line 840: |
| |- | | |- |
| |65disclaimer | | |65disclaimer |
− | | | + | |disclaimer |
| | | | | |
| |X | | |X |
| | | | | |
| |X | | |X |
− | | | + | |missing disclaimer_file definition? |
| |- | | |- |
| |70spamassassin | | |70spamassassin |
− | | | + | |spamassassin reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize} |
| |X | | |X |
| | | | | |
Line 826: |
Line 856: |
| |- | | |- |
| |71forcespamcheck | | |71forcespamcheck |
− | | | + | |forcespamcheck reject $spamassassin{RejectLevel} munge_subject_threshold $spamassassin{TagLevel} size_limit $spamassassin{MaxMessageSize} |
| | | | | |
| |X | | |X |
Line 834: |
Line 864: |
| |- | | |- |
| |80clamav | | |80clamav |
− | | | + | |virus/clamdscan scan_all yes clamd_socket /run/clamd/clamd.socket defer_on_error yes max_size $max_size |
| | | | | |
| | | | | |
Line 842: |
Line 872: |
| |- | | |- |
| |90queue-qmail-queue | | |90queue-qmail-queue |
| + | |queue/qmail-queue |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
− | | | + | |also content commented to remove ? |
− | |
| |
| |- | | |- |
| |90queue-smtp-forward | | |90queue-smtp-forward |
− | | | + | |# commented out |
| | | | | |
| | | | | |
Line 859: |
Line 889: |
| | | |
| ==Upgrade Considerations== | | ==Upgrade Considerations== |
| + | we used check_badcountries for a while, but could we switch back to ident/geoip ? |
| + | |
| ===A-Record DNSBL Services=== | | ===A-Record DNSBL Services=== |
| :Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma. | | :Some DNSBL services - notably b.barracudacentral.org - provide their results using a DNS "A" record instead of a DNS TXT record. The dnsbl plugin requires these services to include a colon (":") in dnsbl_zones - however, SME used to use a colon the server separator in the configuration database. In order to support these A-Record DNSBL services, the separator for RBLList, SBLList, and the new UBLList is now a comma. |