# 
# Configuration file for Courier::Filter, the purely Perl-based filter
# framework for the Courier MTA.
#
# (This is a sample configuration file.)
#
# $Id: courier-filter-perl.conf.full 211 2008-03-23 01:25:20Z julian $
#
##############################################################################

use Courier::Filter::Logger::Syslog;
use Courier::Filter::Logger::File;

use Courier::Filter::Module::BlankBody;
use Courier::Filter::Module::DNSBL;
use Courier::Filter::Module::SPF;
use Courier::Filter::Module::SPFout;
use Courier::Filter::Module::Envelope;
use Courier::Filter::Module::Header;
use Courier::Filter::Module::FakeDate;
use Courier::Filter::Module::BlankBody;
use Courier::Filter::Module::ClamAVd;
use Courier::Filter::Module::Parts;
use Courier::Filter::Module::SendCopy;

$options = {
    
    # Logger Declaration:
    ##############################################################################
    
    logger      => Courier::Filter::Logger::File->new(
        file_name   => '/var/log/courier-filter.log',
        timestamp   => TRUE
    ),

    # Module Declarations:
    ##############################################################################

    modules     => [
        
        # Reject weird subjects:
        Courier::Filter::Module::Header->new(
            fields      => {
                subject         => qr/fuzzybuzzy/
            },
            response    => 'No fuzzybuzzy, please!',
            testing     => TRUE,
            logger      => Courier::Filter::Logger::Syslog->new()
        ),
        
        # Exempt mails from a forwarding account from the remaining filters:
        Courier::Filter::Module::Header->new(
            inverse     => TRUE,
            fields      => {
                'x-resent-for'  => 'me@forwarding-target.net'
            }
        ),
        
        # Reject black-listed sending IP addresses:
        Courier::Filter::Module::DNSBL->new(
            zones       => [qw(
                bl.spamcop.net
                relays.ordb.org
                dnsbl.njabl.org
                dynablock.njabl.org
                dul.dnsbl.sorbs.net
                zombie.dnsbl.sorbs.net
            )]
        ),
        
        # Inbound SPF HELO filter:
        Courier::Filter::Module::SPF->new(
            scope               => 'helo',
            match_on            => ['fail', 'softfail', 'permerror', 'temperror']
        ),
        
        # Inbound SPF MAIL FROM filter:
        Courier::Filter::Module::SPF->new(
            scope               => 'mfrom',
            match_on            => ['fail', 'permerror', 'temperror'],
            trusting            => TRUE
        ),
        
        # Outbound SPF filter:
        Courier::Filter::Module::SPFout->new(
            match_on            => ['fail', 'softfail', 'permerror', 'temperror'],
            force_response      => 'You are not authorized to use the domain "%{o}" in your sender adress when sending mail through this host (%{xr}).'
        ),
        
        # Filter certain virm:
        Courier::Filter::Module::Envelope->new(
            fields      => {
                'sender'        => 'paul.greenfield@unisys.com'
            }
        ),
        
        # Filter messages with fake dates:
        Courier::Filter::Module::FakeDate->new(
            forward_tolerance   => { hours => 4 },
            backward_tolerance  => { days  => 7 }
        ),
        
        # Filter messages with blank bodies:
        Courier::Filter::Module::BlankBody->new(
            trusting    => TRUE
        ),
        
        # ClamAV daemon filter:
        Courier::Filter::Module::ClamAVd->new(),
        
        # SpamAssassin filter:
        Courier::Filter::Module::SpamAssassin->new(
            prefs_file  => '/etc/courier/filters/courier-filter-spamassassin.cf'
        ),
        
        # Reject various virm:
        Courier::Filter::Module::Parts->new(
            max_message_size    => 1024*1024,
            max_part_size       =>  200*1024,
            views       => ['raw', 'zip'],
            signatures  => [
                {
                    file_name   => qr/\.(com|exe|lnk|pif|scr|vbs)$/i,
                    views       => ['raw'],
                    response    => 'Win32 executable attachment detected'
                },
                {
                    encrypted   => TRUE,
                    views       => ['zip'],
                    response    => 'Worm suspected (only worms and fools use ZIP encryption)'
                },
                {
                    # Detect one of the images sent by W32.Swen, as a
                    # reliable fallback.
                    size        => 3639,
                    digest_md5  => '476225849b39aff9bb18d7fac79ad7da',
                    response    => 'Crippled worm suspected: W32.Swen'
                }
            ]
        ),
        
        # Copy sent messages:
        Courier::Filter::Module::SendCopy->new(
            match_authenticated_user => 'username',
            copy_to_sender           => TRUE
        )
        
    ]
    
};

# vim:tw=79