Es gibt im Programm Dr.Web einen Filter für Postfix und hier wiederrum eine Datei mit dem Namen user.conf . Hier kann man einstellen welche Mails gesacannt werden sollen und welche nicht. Aber da mein englisch sehr schlecht ist bekomme ich das irgendwie nicht richtig hin es werden immer alle mails gescannt egal was ich in der user.conf eintrage :(
Code: Select all
#
# Users list for DrWeb Mail Filters
#
# The file with the "blocked" masks allows to specify the addresses not
# subject to antivirus check. The first variant of the file format is already
# out-of-date but is supported by all the filters. The new file format allows
# to widen possibilities through specifying file format version (do not mix up
# with product version).
#
#
# Format of file:
# ---------------
# Line beginning with # - it's a comments
# Empty lines are acceptable
#
# IMPORTANT: First non-empty (include comment-lines) should contain version
# number, excluding version 1 (if first line do not contain version).
#
# IMPORTANT: Version tag can be specified only in first non-empty line.
#
# Version 2:
# [version=2]
# <check_flag> <who> <search> <string>
# where
# <check_flag> and <string> see before
# <who> - shows where string searched:
# from - search only in envelope-From
# to - search only in envelope-To
# any - search in both (from and to)
# <search> - defines comparision method for string
# exact - address is decided altered if <string> equal to address
# (case sensitive)
# subst - address is decided altered if <string> is substring of address
# (case sensitive)
# regex - address is decided altered if <string> accords to regular expression
# (case insensitive)
# cregex - address is decided altered if <string> accords to regular expression
# (case sensitive)
#
# NOTE: each line of version 1 images to next line version 2:
# <check_flag> any subst <string>
#
#
[version=2]
#
# deny check incoming mail for all users exclude asv@ .. .ru
#
#deny to regex ^asv@(.*).ru$
#
#
# deny check outgoing mail for all users of domain drweb.ru
#
#deny from regex @(.*).drweb.ru$
#
#
# other rules
#
#deny any exact asv@drweb.ru
#allow from subst internal.drweb.ru
#deny any subst drweb.ruCode: Select all
/*
* --------------------------------------------------------------
*
* The description of the file with the "blocked" masks
*
* $Revision: 1.12 $
*
* --------------------------------------------------------------
*/
1. Purpose
The file with the "blocked" masks allows to specify the addresses not
subject to antivirus check. The first variant of the file is already
out-of-date but is supported by all the filters. The new file allows
to widen possibilities through specifying file version (do not mix up
with product version).
The lines starting with # character are considered commentaries and
therefore get skipped, blank lines are also admissible. If the first
meaningful line contains the alike record:
[version=NN]
it means that the records are kept in the NN-version of the file. If
there is no such a line the file is reputed as written in the of the
1st version. Version record can be specify only once and only in first
non-empty line.
When checking the letter, its addresses (that of the sender and
addressee) get compared to every line of the file (the way they are ordered
in the file). If the correspondence to the address in some line is found
the search stops. If the correspondence to the address is not found in any
line than the letter check is permitted for the given address in any cases.
2. Version 2
OPERATION WHO METHOD MASK
...
OPERATION - { allow | deny } (i.e. either allow or deny value).
allow means that the addresses corresponding with the record are permitted
for checking, deny will prohibit checking for a given address.
WHO - { from | to | any }. from value means that the record is
considered only if the address is the sender's one, if to is specified it
will be the recipients's address, if WHO is any the line is considered in
both cases.
METHOD - { exact | subst | regex | cregex } specifies the address-mask
comparision method. exact value means that the address should be precisely equal
to correspond with the MASK. subst value means that it is sufficient that the
MASK is a substring in the address for the address to correspond with it.
regex or cregex values means that the addrss should according to regular
expression (RE) in MASK (POSIX regexp used). Methods exact, subst and cregex is
case sensitive, method regex case insensitive.
ATTENTION: in substring comparison and search the register is considered.
MASK - the line not containing blanks. To contain blanks it should be
quoted.
3. Version 1 (out-of-date)
OPERATION MASK
The descriptions of the fields agree with the described above. Any 1st
version record may be written as the record of the 2nd version this way:
OPERATION any subst MASK
4. Description in pseudocode
IF DenyMode EQUAL "byAll" THEN
{
IF sender_is_uncheckable AND all_rcpts_are_uncheckable
THEN pass_message_without_check
ELSE check_message
}
ELSE IF DenyMode EQUAL "byOne" THEN
{
IF sender_is_uncheckable OR one_of_rcpts_is_uncheckable
THEN pass_message_without_check
ELSE check_message
}
ELSE IF DenyMode EQUAL "bySender" THEN
{
IF sender_is_uncheckable
THEN pass_message_without_check
ELSE check_message
}
ELSE IF DenyMode EQUAL "bySenderAndOneRecipient" THEN
{
IF sender_is_uncheckable AND one_of_rcpts_is_uncheckable
THEN pass_message_without_check
ELSE check_message
}
ELSE IF DenyMode EQUAL "byOneRecipient" THEN
{
IF one_of_rcpts_is_uncheckable
THEN pass_message_without_check
ELSE check_message
}
ELSE IF DenyMode EQUAL "byAllRecipients" THEN
{
IF all_rcpts_are_uncheckable
THEN pass_message_without_check
ELSE check_message
}
* DenyMode is option from section [Scanning] your drweb_{mta}.conf,
where {mta} one of: smf, cgp, postfix, exim, qmail, zmailer or courier.
* sender_is_uncheckable true, if sender address accords to one of "any"- or
"from"- record with "deny" action
* rcpt_is_uncheckable true, if recipient address accords to one of "any"- or
"to"- record with "deny" action
5. Examples
1) Deny check incoming mail for all users exclude asv@ .. .ru:
deny to regex ^asv@(.*).ru$
2) Deny check outgoing mail for all users of domain drweb.ru:
deny from regex @(.*).drweb.ru$
6. FAQ
Q: What is "allow" needed for if all the addresses are permitted by default?
A: To create exceptions from general rules. For example:
allow any exact someuser@any.domain.com
deny any subst @any.domain.com
In the adduced example mail for someuser in any.domain.com domain will get
checked, all the other users will not check their mail.Danke Holger