Table of Contents
How to & FAQ
How do I define the "warning message"?
You can compose it and declare it using the /etc/ze-filter/ze-error-msg file. The message content is delimited by tags <XFILE>, <VIRUS> or <POLICY>. Inside the message, you can use one of this variables, witch value will replace thne ligne matching variable.
- MSGID - L'ID of message - that's the ficname put in quarantine.
- FROM - Sender Address.
- SUBJECT - Message Subject.
- WHY - The reason why that mail raise an exception.
- VIRUS - The virus name, in case of detection.
- ATTACHMENTS - The list of attached files.
What happens with quarantined messages? How do I configure this feature?
Quarantined messages are stored at /var/spool/ze-filter directory.
This behavior is controlled by the following configuration options:
CLEANUP_INTERVAL 21600 QUARANTINE_LIFETIME 86400
The first two configuration options say: the filter cleans up message spool directory each 21600 s (6 h) and removes all messages older than 86400 s (24 h).
The other three options are used to enable or disable quarantining.
How to get a new fresh configuration file
ze-filter -n- to create one
ze-filter.cffile with options set with default values
ze-filter -m- to create one
ze-filter.cffile with current options
Why ze-printstat doesn't show enough information over a long period of time
I ask ze-printstat to give info about one week, but it only covers a few days ze-printstat -q -l7d ze-filter keeps some information about connections in /var/ze-filter/files
# HISTORY_ENTRIES # Number of entries of history (times 1024) # Syntax : ----- HISTORY_ENTRIES 256
We will get stats about the last 256*1024 connexions. You can increase that value, but keep in mind that this will increase the database (currently 40Mo)
I observed longer greylisting delays when email comes from a mail system consisting of an outgoing farm of IPs (in same subnet).
ze-filter greylisting logic assign longer delays if the domain of the sender has not in common with the domain of the SMTP gateway. It's a fixed value of 30 minutes in the code (v1.13) instead of the 10 minutes default. If you want to correct that behaviour for such domains, then, you need to tell ze-filter that gmail.com is equivalent to google.com
Check if you have these entries at your ze-policy database :
GreyEquivDomain:gmail.com google.com GreyEquivDomain:googlegroups.com google.com GreyEquivDomain:googlemail.com google.com
They're included in the default configuration files.