Milter spamfilterN_config_file

From Messaging Server Technical Reference Wiki
Jump to: navigation, search



When using Milter, a spamfilterN_config_file MTA option might be set as


msconfig> set mta.spamfilter4_config_file IMTA_TABLE:milter.dat

With milter (supported as of MS 6.3), the file that a spamfilterN_config_file MTA option names may contain the following options:

  • CONNECT_TIMEOUT (integer). (New in 8.0) This option provides a separate timeout for the initial milter connection separate from the timeout waiting for milter responses. If this option is not set, it defaults to the value set for the TIMEOUT option. A non-positive setting for CONNECT_TIMEOUT, whether explicitly set or inherited from TIMEOUT, will result in using a CONNECT_TIMEOUT value of 60.
  • CONTEXT_EDITS (integer; default is 1). (New in 8.0.1) The milter interface expresses header modification actions in terms of offsets, e.g., "delete the third occurrence of the Authentication-results: header field" or "replace the value of the first occurrence of the DKIM-Signature: field with ...". For the most part these actions have obvious analogues in Sieve using the index extension. However, when multiple milters acting in parallel modify the same header field it's possible for the changes to overlap and produce anomalous results. This can be ameliorated by converting offsets into references to the header field's value, something the Sieve editheader extension also supports. The CONTEXT_EDITS option controls whether or not milter header modification actions are translated from offsets into value references. A non-zero value (the default) enables this translation; a zero value disables it.
  • DEBUG (integer; default is 0). Non-zero values enable increasingly higher levels of debug output: a value of 1 enables basic debugging; a value of 2 enables, for instance, hex dumps of the milter responses; a value of 3 is also meaningful, enabling output of the octets of the milter responseand as of the 8.0 release, additional other debug output such as debugging of use of the MILTER_MACROS mapping table.
  • DEFER_MESSAGE_TRANSFER (integer; default is 0). (New in MS 8.0.1) Normally messages are transferred to the milter server as they are presented to the MTA. Setting DEFER_MESSAGE_TRANSFER to a non-zero value defers the transfer until after the preceding spamfilter plugin has completed its actions, at which point the message header and body are transferred to the milter server from the MTA's internal storage areas. Normally this option is used in conjunction with setting the IMMEDIATE_HEADER_MODIFICATIONS option on a previous milter spamfilter plugin, which results in the modifications made by the previous milter being visible to the current milter.
  • HOST (hostname or IP address). Specify a host running a Milter server. A value must be specified for this option; (its presence is required).
  • DATA_IN_BODYEOB (0 or 1; default is 0). (New in 8.0.2, and for libmilters.so new in a patch to MS 7.0.5) When set to 0 (the default), message body material is not sent as part of the milter BODYEOB (body end of body) command. Setting this option to 1 allows message body material to be sent with the BODYEOB command, which while legal per the milter specifications and more efficient, may cause trouble with milters such as Proofpoint's milter.
  • IGNORE_BAD_CERT (0 or 1; default is 0). (New in 8.0.1.3.) Setting this option to 1 disables SSL/TLS certificate checking. This option is only meaningful if the USE_SSL option is set to 1.
  • IMMEDIATE_HEADER_MODIFICATIONS (integer, default 0). (New in MS 8.0.1) By default the milter interface converts milter header modification actions to Sieve actions. Setting this option to a non-zero value will cause the plugin to modify the MTA's internal copy of the message header directly; no Sieve actions will be generated. IMPORTANT NOTE: This option should ONLY be used with plugins enabled on the basis of the source channel; use with plugins enabled via destination channels will cause inconsistent results. Additionally, the 8.0.1 release of this capability implements different semantics for multiple deletes with different indices than would be obtained otherwise. These semantics have been brought in line with normal milter operation as of MS 8.0.2.2.
  • MAX_PREPEND_INDEX (integer; default is 1) (New in 8.0) Specifies the smallest index value that can be passed to SMFI_INSHEADER by the milter server and cause the resulting header field to be inserted at the top of the header block rather than the bottom.
  • PER_RECIPIENT_ACTIONS (0 or 1; default is 0). (New in 7.0.5.33) Setting this option to 1 enables availability of Oracle's milter extension SMFIF_SPECRCPT for per-recipient modification actions.
  • PRESERVE_BREAKS (0 or 1; default is 1) (New in Messaging Server 7.0.5) Preserve line breaks (line folding) in header lines during processing.
  • PORT (integer). Specify the port on which the Milter server is listening. A value must be specified for this option; (its presence is required).
  • QUARANTINE_ACTION (string; default is "hold;"). (New in 8.0.1.) This option specifies the Sieve action to use when a milter quarantine message modifier (SMFIF_QUARANTINE) is engaged. For example: QUARANTINE_ACTION=require "fileinto"; fileinto "spam"; Milter quarantine actions always have an associated "reason" string. A $R can be used to substitute this string into the Sieve action. For example: QUARANTINE_ACTION=require "reject"; reject "Message rejected, reason: $R"; A literal dollar sign in the Sieve action string must be doubled, e.g., $$. The default action that is performed if QUARANTINE_ACTION is not set is "hold;".
  • REPROCESS_CONNECT_TIMEOUT (integer). (New in 8.0.2.3) This option's value is used instead of the CONNECT_TIMEOUT value when a message is undergoing reprocessing. This allows a longer timeout to be used in the case where there's no protocol session and thus no need for quick completion. If this option is not set, it defaults to the value set for the REPROCESS_TIMEOUT option. A non-positive setting for REPROCESS_CONNECT_TIMEOUT, whether explicitly set or inherited from TIMEOUT, will result in using a REPROCES_CONNECT_TIMEOUT value of 60.
  • REPROCESS_TIMEOUT (integer). (New in 8.0.2.3) This option's value is used instead of the TIMEOUT value when a message is undergoing reprocessing. This allows a longer timeout to be used in the case where there's no protocol session and thus no need for quick completion. If this option is not set, it defaults to the value set for the TIMEOUT option. A non-positive setting for REPROCESS_TIMEOUT, whether explicitly set or inherited from TIMEOUT, will result in using a REPROCES_TIMEOUT value of 240.
  • RESETDEBUG (integer; default is 0). Setting RESETDEBUG enables milter debugging conditionally: only if channel debugging enabled. (Such channel debugging might be enabled via slave_debug on the channel, or via the $U flag in a FROM_ACCESS and recipient *_ACCESS mapping table.)
  • TIMEOUT (integer; default is 3600). Attempting to set a non-positive value will result in a value of 120 being used.
  • SESSION_INACTIVITY_TIMEOUT (integer; default is 180). (New in 8.0) Time in session that a session is allowed to remain idle and still be a candidate for reuse.
  • SESSION_TIME (integer; default is 3600). (New in 8.0) Maximum time, in seconds, that a single session can be used.
  • TRANSACTIONS_PER_SESSION (integer; default is 100). (New in 8.0) Number of transactions allowed in a single session.
  • TCP_NODELAY (0 or 1; default 0). (New in 8.0.1.3.) Setting this option to 1 causes the NODELAY flag to be set at the TCP level on all milter connections. Note that the behavior of the milter protocol is highly dependent on what options are negotiated: One milter may require many round trips per message while another may only need one. As such, it isn't clear that there's an optimal setting for the NODELAY flag.
  • USE_JETTISON (0 or 1; default is 0). (New in Messaging Server 7.0 update 2.) If this option is set to 1, then the Sieve "jettison" action will be used instead of "discard" if the milter calls for the message to be discarded. The default value of 0 causes "discard" to be used.
  • USE_QUIT_NC (0 or 1; default is 0). (New in 8.0) Setting this option to 1 enables use of the QUIT_NC milter command so that sessions can be reused. This should only be set when the version of libmilter is recent enough to support the feature (Sendmail 8.14 or later).
  • USE_SSL (0 or 1; default is 0). (New in 8.0.1.3.) Setting this option to 1 enables use of SSL/TLS on the milter connection. Note that libmilter.so does not provide support for SSL/TLS so a proxy/tunnel server such as stunnel must be placed in front of most milters before this option can be used.

As of 8.0, support for milter connections via Socks has been removed, so the SOCKS_HOST, SOCKS_PORT, SOCKS_USERNAME, and SOCKS_PASSWORD milter options are no longer supported.

Some complex modifications of the milter spam filter plugin's behavior may be achieved using the MILTER_MACROS mapping table.

Note that when using a Milter, the only relevant spamfilterN_*_action options are spamfilterN_null_action (which has a proper default value) and spamfilterN_string_action; the spamfilterN_action_M and spamfilterN_verdict_M MTA options used with other sorts of spam/virus filter packages are not relevant with a Milter. And it is essential with Milter to also explicitly set the spamfilterN_string_action MTA option (to its special-for-Milters value of data:,$M) as the default value for spamfilterN_string_action is not appropriate for Milter use.


See also: