How to & FAQ

How do I define the "warning message"?

You can compose it and declare it using the /etc/ze-filter/ze-error-msg file. The message content is delimited by tags <XFILE>, <VIRUS> or <POLICY>. Inside the message, you can use one of this variables, witch value will replace thne ligne matching variable.

  • MSGID - L'ID of message - that's the ficname put in quarantine.
  • FROM - Sender Address.
  • SUBJECT - Message Subject.
  • WHY - The reason why that mail raise an exception.
  • VIRUS - The virus name, in case of detection.
  • ATTACHMENTS - The list of attached files.

What happens with quarantined messages? How do I configure this feature?

Quarantined messages are stored at /var/spool/ze-filter directory.

This behavior is controlled by the following configuration options:

ze-filter.cf

CLEANUP_INTERVAL                   21600
QUARANTINE_LIFETIME                86400

The first two configuration options say: the filter cleans up message spool directory each 21600 s (6 h) and removes all messages older than 86400 s (24 h).

The other three options are used to enable or disable quarantining.

How to get a new fresh configuration file

  • ze-filter -n - to create one ze-filter.cf file with options set with default values
  • ze-filter -m - to create one ze-filter.cf file with current options

Why ze-printstat doesn't show enough information over a long period of time

I ask ze-printstat to give info about one week, but it only covers a few days ze-printstat -q -l7d ze-filter keeps some information about connections in /var/ze-filter/files

# HISTORY_ENTRIES
#     Number of entries of history (times 1024)
#  Syntax : -----
HISTORY_ENTRIES                    256

We will get stats about the last 256*1024 connexions. You can increase that value, but keep in mind that this will increase the database (currently 40Mo)

I observed longer greylisting delays when email comes from a mail system consisting of an outgoing farm of IPs (in same subnet).

ze-filter greylisting logic assign longer delays if the domain of the sender has not in common with the domain of the SMTP gateway. It's a fixed value of 30 minutes in the code (v1.13) instead of the 10 minutes default. If you want to correct that behaviour for such domains, then, you need to tell ze-filter that gmail.com is equivalent to google.com

Check if you have these entries at your ze-policy database :

GreyEquivDomain:gmail.com                         google.com
GreyEquivDomain:googlegroups.com                  google.com
GreyEquivDomain:googlemail.com                    google.com
They're included in the default configuration files.

doc/howto/start.txt · Last modified: 2018/02/09 16:53 (external edit)
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0