LogLevel
{logging level}
|
Logging level of the component.
If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.
Default value:Notice
|
Log
{log type}
|
Logging method of the component.
Default value: Auto
|
ExePath
{path to file}
|
Executable path to the component.
Default value: <opt_dir>/bin/drweb-maild.
•For GNU/Linux: /opt/drweb.com/bin/drweb-maild.
•For FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-maild. |
RunAsUser
{UID | user name}
|
The name of the user on whose behalf the component is run. The user name can be specified either as the user’s number UID or as the user’s login. If the user name consists of numbers (i.e. similar to number UID), it is specified with the “name:” prefix, for example: RunAsUser = name:123456.
When a user name is not specified, the component operation terminates with an error after the startup.
Default value: drweb
|
FixedSocketPath
{path to file}
|
Path to the UNIX socket of the fixed component copy.
If this parameter is specified, the Dr.Web ConfigD configuration daemon checks that there is always a running component copy that is available to the clients via this socket.
Default value: (not set)
|
IdleTimeLimit
{time interval}
|
Maximum idle time for the component. When the specified period of time expires, the component shuts down.
The IdleTimeLimit value is ignored (the component does not finish its operation after the time interval expires), if the value of any of the following parameters is set: FixedSocketPath, MilterSocket, SpamdSocket, RspamdHttpSocket, RspamdSocket, SmtpSocket, BccSocket.
Acceptable values: from 10 seconds (10s) to 30 days (30d) inclusive.
If the None value is set, the component will functionate eternally; the SIGTERM signal will not be sent if the components goes idle.
Default value: 30s
|
DnsResolverConfPath
{path to file}
|
Path to the subsystem configuration file of domain name permissions (DNS resolver).
Default value: /etc/resolv.conf
|
TemplatesDir
{path to directory}
|
Path to the directory that contains the templates for emails returned to the user in case of email blocking.
Default value: <var_dir>/templates/maild.
•For GNU/Linux: /var/opt/drweb.com/templates/maild.
•For FreeBSD: /var/drweb.com/templates/maild |
TemplateContacts
{string}
|
Administrator contacts of Dr.Web for UNIX Mail Servers for the insertion in the messages about threats (used in message templates).
The contact information will be added to the repacked messages only if it gets an attachment with a password protected archive with threats and other unwanted objects removed from the initial message. If, according to the current value of the RepackPassword parameter (see below), attached archives are not protected with a password, then contact information is not added to the modified message.
Default value: (not set)
|
ReportLanguages
{string}
|
Languages used for generation of service mail messages (for example, mail messages returned to the sender in case of email blocking). Each language is identified by two-letter designation (en, ru, and so on).
You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Example: Add to the list the following languages: ru and de.
1.Adding of values to the configuration file.
•Two values in a line:
[MailD]
ReportLanguages = "ru", "de"
|
•Two lines (a value per line):
[MailD]
ReportLanguages = ru
ReportLanguages = de
|
2.Adding values via the command drweb-ctl cfset:
# drweb-ctl cfset MailD.ReportLanguages -a ru
# drweb-ctl cfset MailD.ReportLanguages -a de
|
Default value: en
|
RepackPassword
{None | Plain(<password>) | HMAC(<secret>)}
|
The method for generation of a password for archives with malicious objects placed in messages and sent to recipients. The following methods are allowed:
•None—archives will not be protected with password (not recommended);
•Plain(<password>)—all archives will be protected with the same password <password>;
•HMAC(<secret>)—the unique password will be generated for each archive based on the pair(<secret>, <message identifier>).
To restore the password that protects an archive using message identifier and known secret, it is possible to use the following command:drweb-ctl idpass.

|
By default, for this parameter, value None is set which is recommended for changing in the course of Dr.Web for UNIX Mail Servers configuration.
|
Default value: None
|
ScanTimeout
{time interval}
|
Time-out for scanning one email message initiated by Dr.Web MailD.
Acceptable values: from 1 second (1s) to 1 hour (1h).
Default value: 3m
|
HeuristicAnalysis
{On | Off}
|
Enable/disable heuristic analysis for detecting unkown threats.
Heuristic analysis provides higher detection reliability but, at the same time, it increases the duration of virus scanning.
Allowed values:
•On—use heuristic analysis when scanning;
•Off—do not to use heuristic analysis.
Default value: On
|
PackerMaxLevel
{integer}
|
Maximum nesting level for packed objects. A packed object is executable code compressed with special software (UPX, PELock, PECompact, Petite, ASPack, Morprine and so on). Such objects may include other packed objects which may also include packed objects. etc. The value of this parameter specifies the nesting limit beyond which packed objects inside other packed objects will not be scanned.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
ArchiveMaxLevel
{integer}
|
Maximum nesting level for archives (zip, rar, and so on) in which other archives may be enclosed (and these archives may also include other archives, and so on). The value of this parameter specifies the nesting limit beyond which archives enclosed in other archives will not be scanned.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
MailMaxLevel
{integer}
|
Maximum nesting level for files of mailers (pst, tbb and so on) in which other files may be enclosed (and these files may also include other files and so on). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
ContainerMaxLevel
{integer}
|
Maximum nesting level for other types of objects inside which other objects are enclosed (HTML pages, jar-files, etc.). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned.
The value of this parameter can be any integer number greater than 0. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
MaxSizeToExtract
{size}
|
Maximum size for files enclosed in archives. Files whose size is greater than the value of this parameter will be skipped when scanning. There is no size limit for files in archives by default.
The value of this parameter is specified as a number with a suffix (b, kb, mb, gb). If no suffix is specified, the value is treated as size in bytes.
If the value is set to 0, files in archives will not be checked at all.
Default value: None
|
MaxCompressionRatio
{integer}
|
Maximum compression ratio of compressed/packed objects (ratio between the uncompressed size and the compressed size). If the ratio exceeds the limit, this object will be skipped during the scanning, initiated by Dr.Web MailD.
The compression ratio must not be smaller than 2.
Default value: 500
|
MilterSocket
{path to file | IP address:port}
|
The socket for connection to MTA as Milter filter of mail (MTA will connect to this socket when using Dr.Web MailD as the corresponding filter). Usage of the UNIX socket or network socket is allowed.
The rules of processing of messages coming via Milter, are specified in MilterHook parameter (see below).
Default value: (not set)
|
MilterDebugIpc
{Boolean}
|
Indicates whether Milter protocol messages should be saved to debug log (LogLevel = Debug).
Default value: No
|
MilterTraceContent
{Boolean}
|
Output bodies of email messages, received for scanning via Milter protocol interface in debug log (LogLevel = Debug).
Default value: No
|
MilterHook
{path to file | Lua function}
|
Lua script for processing email messages received via Milter interface, or path to the file containing the script (see Email Processing in Lua section).
If the path no the file is wrong, an error will be returned when launching the component.
Default value:
local dw = require "drweb"
local dwcfg = require "drweb.config"
function milter_hook(ctx)
-- Reject the message if it is likely spam
if ctx.message.spam.score >= 100 then
dw.notice("Spam score: " .. ctx.message.spam.score)
return {action = "reject"}
else
-- Assign X-Drweb-Spam headers in accordance with spam report
ctx.modifier.add_header_field("X-DrWeb-SpamScore", ctx.message.spam.score)
ctx.modifier.add_header_field("X-DrWeb-SpamState", ctx.message.spam.type)
ctx.modifier.add_header_field("X-DrWeb-SpamDetail", ctx.message.spam.reason)
ctx.modifier.add_header_field("X-DrWeb-SpamVersion", ctx.message.spam.version)
end
-- Check if the message contains viruses, repack if so
for threat, path in ctx.message.threats{category = {"known_virus", "virus_modification", "unknown_virus", "adware", "dialer"}} do
ctx.modifier.repack()
dw.notice(threat.name .. " found in " .. (ctx.message.part_at(path).name or path))
end
-- Repack if unwanted URL has been found
for url in ctx.message.urls{category = {"infection_source", "not_recommended", "owners_notice"}} do
ctx.modifier.repack()
dw.notice("URL found: " .. url .. "(" .. url.categories[1] .. ")")
end
-- Assign X-AntiVirus header
ctx.modifier.add_header_field("X-AntiVirus", "Checked by Dr.Web [MailD version: " .. dwcfg.maild.version .. "]")
-- Accept the message with all scheduled transformations applied
return {action = 'accept'}
end
|
SpamdSocket
{path to file | IP address:port}
|
The socket for connection to MTA as Spamd filter of email messages (MTA will connect to this socket when using Dr.Web MailD as the corresponding filter). Usage of the UNIX socket or network socket is allowed.
The rules of processing of messages coming via Spamd, are specified in SpamdReportHook parameter (see below).
Default value: (not set)
|
SpamdDebugIpc
{Boolean}
|
Output Spamd protocol messages in debug log (LogLevel = Debug).
Default value: No
|
SpamdReportHook
{path to file | Lua function}
|
Lua script that processes email message, received via Spamd interface, or path to the file containing the script (see Email Processing in Lua section).
If unavailable file is specified, an error appears when loading the component.
Default value:
local dw = require "drweb"
function spamd_report_hook(ctx)
local score = 0
local report = ""
-- Add 1000 to the score for each threat found in the message
for threat, path in ctx.message.threats{category = {"known_virus", "virus_modification", "unknown_virus", "adware", "dialer"}} do
score = score + 1000
report = report .. "Threat found: " .. threat.name .. "\n"
dw.notice(threat.name .. " found in " .. (ctx.message.part_at(path).name or path))
end
-- Add 100 to the score for each unwanted URL found in the message
for url in ctx.message.urls{category = {"infection_source", "not_recommended", "owners_notice"}} do
score = score + 100
report = report .. "Url found: " .. url .. "\n"
dw.notice("URL found: " .. url .. "(" .. url.categories[1] .. ")")
end
-- Add the spam score
score = score + ctx.message.spam.score
report = report .. "Spam score: " .. ctx.message.spam.score .. "\n"
if ctx.message.spam.score >= 100 then
dw.notice("Spam score: " .. ctx.message.spam.score)
end
-- Return the check result
return {
score = score,
threshold = 100,
report = report
}
end
|
SpoolDir
{path to directory}
|
Temporary storage directory for scanned email messages.
Default value: /tmp/com.drweb.maild
|
RspamdHttpSocket
{path to file | IP address:port}
|
The socket for connection to MTA as mail Rspamd filter (this socket will be used by MTA while using Dr.Web MailD as the corresponding filter with HTTP option of Rspamd protocol). Usage of the UNIX socket or network socket is allowed.
The rules of processing of messages coming via Rspamd, are specified in RspamdHook parameter (see below).
Default value: (not set)
|
RspamdSocket
{path to file | IP address:port}
|
The socket for connection to MTA as mail Rspamd filter (this socket will be used by MTA while using Dr.Web MailD as the corresponding filter with legacy option of Rspamd protocol). Usage of the UNIX socket or network socket is allowed.
Default value: (not set)
|
RspamdDebugIpc
{Boolean}
|
Output Rspamd protocol messages in the debug log (LogLevel = Debug).
Default value: No
|
RspamdHook
{path to file | Lua function}
|
Lua script that processes email message, received via Rspamd interface, or path to the file containing the script (see Email Processing in Lua section).
If unavailable file is specified, an error appears when loading the component.
Default value:
local dw = require "drweb"
function rspamd_hook(ctx)
local score = 0
local symbols = {}
-- Add 1000 to the score for each threat found in the message
for threat, path in ctx.message.threats{category = {"known_virus", "virus_modification", "unknown_virus", "adware", "dialer"}} do
score = score + 1000
table.insert(symbols, {name = threat.name, score = 1000})
dw.notice(threat.name .. " found in " .. (ctx.message.part_at(path).name or path))
end
-- Add 100 to the score for each unwanted URL found in the message
for url in ctx.message.urls{category = {"infection_source", "not_recommended", "owners_notice"}} do
score = score + 100
table.insert(symbols, {name = "URL " .. url, score = 100})
dw.notice("URL found: " .. url .. "(" .. url.categories[1] .. ")")
end
-- Add the spam score
score = score + ctx.message.spam.score
table.insert(symbols, {name = "Spam score", score = ctx.message.spam.score})
if ctx.message.spam.score >= 100 then
dw.notice("Spam score: " .. ctx.message.spam.score)
end
-- Return the check result
return {
score = score,
threshold = 100,
symbols = symbols
}
end
|
SpfCheckTimeout
{time interval}
|
Maximum total time for SPF check.
Default value: 20s
|
SpfVoidLimit
{integer}
|
Maximum number of empty answers allowed during SPF check.
Default value: 2
|
SmtpSocket
{path to file | IP address:port}
|
The socket for connection to MTA as mail filter for messages in SMTP mode (MTA will connect to this socket when using Dr.Web MailD as the external filter). Usage of the UNIX socket or network socket is allowed.
Default value: (not set)
|
SmtpSenderRelay
{path to file | IP address:port}
|
The socket for connection to MTA as mail filter for scanned messages in SMTP mode (MTA will connect to this socket when using Dr.Web MailD as the external filter). Usage of the UNIX socket or network socket is allowed.
Default value: (not set)
|
BccSocket
{path to file | IP address:port}
|
The socket for connection to MTA as mail filter for messages in BCC mode (MTA will connect to this socket when using Dr.Web MailD as the external filter). Usage of the UNIX socket or network socket is allowed.
Default value: (not set)
|
BccReporterAddress
{string}
|
The email address from which Dr.Web MailD reports will be sent after scanning of email attachments in BCC mode.
Default value: (not set)
|
BccReporterPassword
{None | Plain(<password>)}
|
The password for the email address from which Dr.Web MailD reports will be sent after scanning of email attachments in BCC mode.
Allowed values:
•None—email is not protected by a password;
•Plain(<password>)—email is protected with the specified password.
Default value: None
|
BccReportRecipientAddress
{string}
|
The email address to which Dr.Web MailD reports will be sent after scanning of email attachments in BCC mode.
Default value: (not set)
|
BccSmtpServer
{string}
|
The MTA address for sending email messages in SMTP and BCC modes. Usage of the domain, the IP-address or the UNIX socket is allowed.
Default value: (not set)
|
VxcubePlatforms
{platform, … | All}
|
The list of OS platforms for executing email attachment files when using Dr.Web vxCube as the email message scanning tool in the external filter mode (SMTP or BCC).
The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Allowed values:
•<platform>—the value of the os_code field (OS name with bitness specified) from the platforms API call in Dr.Web vxCube (for details see User manual for Dr.Web vxCube, section Platform);
•All—all available platforms.
Default value: All
|
VxcubeFileFormats
{format, … | All}
|
The list of OS platforms for executing email attachment files, which will be sent for analysis when using Dr.Web vxCube as the email message scanning tool in the external filter mode (SMTP or BCC).
The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Allowed values:
•<format>—the value of the name field (file format name) from the formats API call in Dr.Web vxCube (for details see User manual for Dr.Web vxCube, section Format);
•All—all available formats.
Default value: All
|
VxcubeSampleRunTime
{time interval}
|
The time for executing an email attachment file, sent for analysis when using Dr.Web vxCube as the email message scanning tool in the external filter mode (SMTP or BCC).
Default value: (not set)
|
SmtpHook
{path to file | Lua function}
|
Lua script that processes email message, received in SMTP mode, or path to the file containing the script (see Email Processing in Lua section).
If the parameter UseVxcube=Yes value is specified in the [Root] section of the configuration file, the action of email attachment scanning with Dr.Web vxCube is added to Lua script by default.
Default value:
local dw = require "drweb"
function smtp_hook(ctx)
-- Reject the message if it is likely spam
if ctx.message.spam.score >= 100 then
dw.notice("Spam score: " .. ctx.message.spam.score)
return {action = "discard"}
else
-- Добавить заголовки X-Drweb-Spam с отчетом о спаме
ctx.modifier.add_header_field("X-DrWeb-SpamScore", ctx.message.spam.score)
ctx.modifier.add_header_field("X-DrWeb-SpamState", ctx.message.spam.type)
ctx.modifier.add_header_field("X-DrWeb-SpamDetail", ctx.message.spam.reason)
ctx.modifier.add_header_field("X-DrWeb-SpamVersion", ctx.message.spam.version)
end
-- Check if the message contains viruses, repack if so
threat_categories = {"known_virus", "virus_modification", "unknown_virus", "adware", "dialer"}
if ctx.message.has_threat({category = threat_categories}) then
for threat, path in ctx.message.threats({category = threat_categories}) do
dw.notice(threat.name .. " found in " .. (ctx.message.part_at(path).name or path))
end
ctx.modifier.repack()
return {action = "accept"}
end
-- Repack if unwanted URL has been found
url_categories = {"infection_source", "not_recommended", "owners_notice"}
if ctx.message.has_url({category = url_categories}) then
for url in ctx.message.urls({category = url_categories}) do
dw.notice("URL found: " .. url .. " (" .. url.categories[1] .. ")")
end
ctx.modifier.repack()
return {action = "accept"}
end
-- Accept the message with all scheduled transformations applied
return {action = 'accept'}
end
|
SmtpRetryInterval
{time interval}
|
Time-out for scanning or sending a message re-attempt in case of an error when operating in SMTP mode.
Default value: 5m
|
SmtpRequireTls
{Always | IfSupported | Never}
|
Defines the SMTP protocol policy when operating with STARTTLS extension in SMTP mode.
Allowed values:
•Always—always use protected connection. Interrupt connection if the server does not support its protection.
•IfSupported—prefer protected connection if the server supports it. Otherwise, send message via unprotected channels.
•Never—do not use unprotected connection.
Default value: Always
|
SmtpDebugIpc
{Boolean}
|
Indicates whether SMTP commands in SMTP mode should be saved to debug log (LogLevel = Debug).
Default value: No
|
SmtpTraceContent
{Boolean}
|
Indicates whether email content in SMTP mode should be saved to debug log (LogLevel = DEBUG).
Default value: No
|
CaPath
{path to file or directory}
|
Path to the directory or file with the list of trusted root certificates.
Default value: path to the list of trusted certificates. The path depends on the GNU/Linux distribution.
•For Astra Linux, Debian, Linux Mint, SUSE Linux and Ubuntu, usually it is the /etc/ssl/certs/ path.
•For CentOS and Fedora it is the /etc/pki/tls/certs/ca-bundle.crt path.
•For other distributions a path can be defined by executing the command openssl version -d.
•If a command is unavailable or an OS distribution could not be identified, the value /etc/ssl/certs/ is used. |
Hostname
{string}
|
Sender’s host name (FQDN). It will appear in the welcome string HELO/EHLO, received from SMTP client, as well as the default value for srvname in the title Authentication-Results.
Default value: current host name
|