cluegetter.conf.dist

[cluegetter]

# Socket to use for internal communication with the cluegetter daemon.
ipc-socket = "/var/run/cluegetter/ipc.sock"

# Cluegetter allows to use multiple configurations of ClueGetter
# alongside each other sharing the same database. This allows for
# easy correlation (e.g. track a message by message id). The quota
# configuration is instance specific.
#
# A typical use case would be to have several MTAs each with a
# dedicated role (submission, mx, outbound). One would then define
# an instance type of 'submission', 'mx' and 'outbound'. All MTAs
# with the same role would generally use the same instance identifier.
#
# An instance identifier must be present in the 'instance' table
# prior to starting ClueGetter. ClueGetter will not start if the
# configured instance is not present in the database.
instance = default

# Enable NoOp mode, ensuring the MTA will never receive a 'Tempfail'
# or 'Reject' response from ClueGetter. Still, the would-be response
# is logged.
#
# By setting configuring Postfix with milter_default_action=accept and
# setting the 'noop' directive to true, all mail would be processed as
# if ClueGetter was not enabled by Postfix.
noop = false

# By default Cluegetter will try to recover as much as possible from
# any kind of error it encounters. However, sometimes it may be
# desirable to stop execution when a panic() occurs. Setting this to
# true will ensure the application does not recover but halts execution
# instead.
exit-on-panic = false

# RDBMS settings. Cluegetter has only been tested with Mysql, and as
# such that is the preferred RDBMS to use. Not enabling stictmode
# may lead to weird, vague, and undebuggable errors. Set at your own
# peril.
rdbms-driver           = mysql
rdbms-user             = root
rdbms-password         =
rdbms-protocol         = tcp
rdbms-address          = localhost:3306
rdbms-database         = cluegetter

# Various modules determine whether an email should be rejected. E.g.
# when an email is determined to be spam. Rejecting an email will
# generally result in the delivering MTA sending a bounce to the
# original sender without trying to send this email again. If the MTA
# using this instance of ClueGetter is used for submission purposes,
# clients will get to see an error when sending their mail as well as
# the reason as to why their email was blocked.
#
# Each module returns a suggested action (permit, tempfail or reject)
# together with a score. If the combined scores for all modules that
# suggest to reject the message are equal to or exceed this threshold,
# the message will be rejected.
message-reject-score   = 5

# Determines above what threshold a message should have the 'tempfail'
# result. Generally, an MTA receiving a 'tempfail' response will try
# to deliver a message again after a while.
#
# The tempfail score includes that of the reject score, so it should
# always be higher than the message-reject-score directive.
message-tempfail-score = 8

# All messages equal or above to this value can be marked as spam
# through the x-spam-flag header.
message-spamflag-score = 4.5

# Abort all checking modules when the score for a given result (permit,
# reject, tempfail) exceeds this score. Useful e.g. to stop scanning
# for SPAM when the quota limit is hit.
breaker-score = 25

# Determine what the milter module should listen at so Postfix can
# communicate with ClueGetter. Beware that Postfix uses a different
# syntax: http://www.postfix.org/MILTER_README.html#smtp-only-milters
#
# To use a TCP socket, use the format:  inet:port@host
# To use a unix socket, use the format: unix:pathname
milter-socket =  "inet:10033@127.0.0.1"

# IP's to always allow, no matter what.
whitelist = "127.0.0.0/8"
whitelist = "::1"

# Insert headers into each message. Can be repeated multiple times.
# Key and value are separated by a ':'.
# The following symbols can be used:
# %{clientIp}       The IP the client uses to connect from
# %{hostname}       MTA Hostname
# %{rejectScore}    The reject score
# %{spamFlag}       YES/NO - Is higher than spam flag score, or not.
# %{recipient}      The recipient(s), e.g. useful for X-Original-To
#
# It's possible to specify flags per header. Right now only [U]
# (unique) is supported. It ensures that all other headers with that
# key are removed.
#
# It's possible to delete headers with a certain key by supplying a
# unique flag with an empty value:
# add-header = [U] Foo:

add-header = X-Scanned: ClueGetter at %{hostname}
add-header = [U] X-Report-Abuse-To: abuse@example.com
add-header = [U] X-Spam-Score: %{rejectScore}
add-header = [U] X-Spam-Flag: %{spamFlag}
add-header = [U] X-Original-To: %{recipient}

# Sometimes an email does not have a message-id header. Because it's a
# convenient way to track messages across MTAs.
insert-missing-message-id = true

# Internal message cache size in MB
message-cache-size = 256

# Sessions from these IP's will not be persisted if they do not
# carry at least one message. Typically - hence the name - used
# with monitoring systems.
# monitor-host = "127.0.0.1"
# monitor-host = "::1"

[moduleGroup "spam"]
module = 0.9 spamassassin
module = 0.1 rspamd

[elasticsearch]
# To improve searching and do trend analysis you can opt to index
# everything in ElasticSearch.
enabled = false

# It's possible to specify multiple URL's by simply repeating them
url = "http://127.0.0.1:9200"

# Automatically detect what other elasticsearch nodes are available
# and use those as well.
sniff = true

[http]
# Cluegetter can provide an HTTP interface that displays some runtime
# statistics and errors, and allows to search for processed messages.
# If you change the listen-host directive be sure to do configure
# your firewall appropriately. There is no authentication mechanism
# whatsoever.

enabled = true

# Your Google Analytics ID
google-analytics = ""

[httpFrontend "default"]
enabled               = true
listen-port           = 1937
listen-host           = "0.0.0.0"
enable-proxy-protocol = false

[redis]
# Redis can be used as a cache so that ClueGetter will continue functioning
# even when the RDBMS becomes unavailable. The '''host''' directive can be
# repeated multiple times if you're running a redis cluster.
enabled = false
host = "localhost:6379"

# For debugging purposes a directory can be specified to persist a copy
# of in- and outgoing PUBSUB communication.
# dump-dir = "/var/cache/cluegetter/redis"

# It's unlikely you want to dump /all/ PUBSUB traffic from and to Redis. As such,
# you can specify one or more PCRE regexes that keys should be matched against,
# and then only communication matching these keys is dumped.
# dump-key = "^cluegetter!"

[bounceHandler]
# Enable the Bounce Handler functionality in order to get insights in
# What emails could not be (immediately) delivered. Please refer to the
# README file for instructions on how to use this.
enabled     = false
listen-port = 10034
listen-host = "127.0.0.1"

# For debugging purposes a directory can be specified to persist a copy
# of all incoming delivery reports.
# dump-dir = "/var/cache/cluegetter/deliveryreports"

[bayes]
# Attempt to learn from feedback from various sources by feeding our
# bayesian and other fuzzy learning algorithms.
enabled = true

# Currently supported:
#  - SpamAssassin: make sure it's enabled, and that you
#    run spamd with the --allow-tell option.

[mailQueue]
# Show and manipulate items currently in the (Postfix) queue.

enabled = false

# Postfix spool dir. Make sure to leave out any trailing slashes.
spool-dir = /var/spool/postfix

# The interval (in seconds) with which to fetch the mail queue.
# update-interval = 5

# postcat-executable = /usr/sbin/postcat
# postsuper-executable = /usr/sbin/postsuper

[srs]
# Enable SRS. Currently only works in a situation where
# MX and outbound services are situated on different
# servers or postfix and cluegetter instances. The
# inbound MX servers should add '[U] X-Original-To'
# headers that can be used by the outbound machines
# to determine which addresses were forwarded.

enabled = false

# Header name to use to derive original recipients
recipient-header = X-Original-To

[clamav]
# Scan for viruses, malware, etc through ClamAV

enabled = false
address = "/var/run/clamav/clamd.ctl"

# Score that should be given when a message gives a hit with ClamAV
# default-score = 10

# The max message size (in bytes) to send to ClamAv. If it's any larger
# the message will be truncated.
max-size = 10485760

[contacts]
# Sometimes global settings and access lists just don't cut it.
# As such, you can import address books into Redis. And depending
# if it's in a white- or blacklist ease up or tighten down
# acceptance of a message.
enabled = false

whitelist-address-score = -2.5
whitelist-domain-score = -0.85
blacklist-address-score = 6
blacklist-domain-score = 1

[dkim]
# Sign messages with DKIM, or verify if a message was correctly signed.
enabled = false

# Must be one of:
# required - Report an error if no DNS record matching any of the specified selectors can be found
# optional - Sign if such a record (with known key) can be found, otherwise don't.
# none     - Don't sign any mail using DKIM
sign = optional

# What headers should be signed. Also see RFC 6376 5.4.1 for some recommendations.
sign-headers = from
sign-headers = reply-to
sign-headers = subject
sign-headers = to
sign-headers = cc
sign-headers = references
sign-headers = in-reply-to
sign-headers = date
sign-headers = mime-version
sign-headers = content-type

# Limit the body hash to N characters. Set to 0 to not limit anything.
# This is recommended by RFC 6376 8.2
sign-bodylength = 0

# Selectors to use when signing. Allow to specify multiple if more than
# one selector could be used. Will be suffixed by _domainkey.<msg.From.Domain>
selector = default

# What backend should be used for signing messages. Currently, only
# 'file' is supported
backend = file

[dkim-filebackend]

# Where the private keys to use with signing can be found.
key-path = /etc/cluegetter/dkim/*.key

[greylisting]
# When the greylisting module is enabled, hosts that haven not been seen
# before and that seem a little spammy are temporarily rejected until
# the initial period has passed by. Most spambots will only try to deliver
# an email only once or twice within a few minutes. And as such, will be
# deferred from sending any spam at all.

enabled = false

# Score to give host not seen before.
initial-score = 5.5

# Period after which a host should try to deliver again.
initial-period = 5

# A list of host names to retrieve the SPF records for and whitelist
# the ip's contained in the SPF rcords.
whitelist-spf = transip.email
whitelist-spf = aol.com
whitelist-spf = gmail.com
whitelist-spf = hotmail.com
whitelist-spf = outlook.com
whitelist-spf = skynet.be
whitelist-spf = servers.mcsv.net  # MailChimp & Mandrill


[ipinfo]
# Look up and store the ISP, AS and location data for each connecting IP.
# You'll need to ensure that the MaxMind GeoLite2-city database is present.
enabled = false

geolite-db = "/usr/lib/cluegetter/GeoLite2-City.mmdb"

[quotas]
# For more info about the quota module, see also;
# https://github.com/Freeaqingme/ClueGetter/wiki/Quotas

# Enable the Quota module
enabled = false

# Factors to account for. For each factor that's enabled there should
# be at least one row in the 'quota' table in the database. Furthermore,
# at least one quota_profile and quota_profile_period should be configured.
#
# SLD = Second-Level Domain - foo.bar.example.org becomes example.org
#
account-client-address = true
account-sender = false
account-sender-domain = false
account-sender-sld = false
account-recipient-domain = false
account-recipient-sld = false
account-sasl-username = false

# Messages with this status should be included when determining if
# a quota was hit. Repeat to specify multiple statuses.
tally-status = permit
# tally-status = tempfail
# tally-status = reject
# tally-status = error
# tally-status = discard

[reports]
# Parses various types of reports (currently only DMARC. AFRF & ARF to
# follow soon) and indexes them. Can be used for reputation tracking purposes.
enabled = false

[reports-source "default"]
type     = pop3

host     = hostname:110
user     = user
password = pass

# Carbon Copy a copy of each report in this directory
dump-dir = "/var/cache/cluegetter/reports/"

[rspamd]
enabled    = false
host       = 127.0.0.1
port       = 11333
multiplier = 0.67

[spamassassin]
# Have message be vetted by SpamAssassin. SpamAssassin should be configured
# to listen at the specified host and port if the enabled direcive is set
# to true.
enabled = false
host    = 127.0.0.1
port    = 783

# Abort connecting to SpamAssassin if it takes longer than the configured
# timeout (in seconds) to set up a connection.
connect-timeout = 0.1

# Abort determining if a message is spam after this amount of seconds.
timeout = 10.0

# The max message size (in bytes) to send to SpamAssassin.
max-size = 500000

# Spamassassin can cause some load quite quickly while other modules
# may also trigger almost instantaneously a circuit breaker (like
# the quotas module). Therefore it is advised to use a small offset
# (time in seconds) before this module should initiate when a message
# comes in.
delay = 0.02

# Use a specific verdict message for a specific SpamAssassin rule.
# The same variables as with message-header can be used, except for
# %{recipient}
verdict-msg = GTUBE:        This messages contains the Generic Test for Unsolicited Bulk Email \
            (GTUBE). Therefore, this message has been blocked.
verdict-msg = RDNS_NONE:    No Reverse DNS could be found for your IP (%{clientIp}). If you're \
            using IPv6, make sure you also enable it for IPv6.

# You can script your own modules using Lua.
# [luaModule "something"]
# enabled = true
# script = ./lua/something.lua