Provided by:
messagewall_1.0.8-3_i386 
NAME
messagewall_profiles - messagewall user profile configuration
DESCRIPTION
Any regular files in the directory defined as profile_dir in
messagewall.conf (5) are read as profiles that can be referenced from
default_profile, relay_profile or the special_users file. Each profile
must contain at least one key/value pair.
Regular variables are in the format::
variable_name="value"
variable_name2="value2"
Scored variables are in the format:
variable_name="score,value"
If the score is omitted, it defaults to 1. If the value contains a
comma, score is required.
Regular Variables:
reject
Default: 0
Setting this variable to ’1’ indicates that any messages using
this profile should be denied. This is used for testing and for
preventing addresses under attack from clogging the backend MTA.
reject_score
Default: 1
This is the score at which MessageWall will reject the message.
Any message acheiving a score below this will simply have
warnings added to its headers indicating which tests it failed.
mime_strip
Example:
mime_strip=text/html
The value of a mime_strip line is case-insensitively matched
against MIME types of each part of the message. If a match is
found, that MIME section is stripped from the message, and will
not reach the recipient. There can be multiple mime_strip
lines. If, after processing all mime_strip lines, there are no
useful (non-multipart) sections of the message left, the message
is refused. Stripping text/html sections from messages can be
extremely effective against viruses that self-run attachments
using bugs in Microsoft Outlook’s & Outlook Express’s HTML-
handling code, as well as against HTML-only spam.
mime_allow
Example:
mime_allow=text/plain
mime_allow is a stricter version of mime_strip. It acts the
same way except that only parts with MIME types specificially
listed are allowed through. There can be multiple mime_allow
lines. Presence of a mime_allow line nullifies any mime_strip
lines in the profile.
Scored Variables:
to_cc_check
Default: 0
Setting this variable to ’1’ causes MessageWall to check that
the envelope destination address is in either the To: or CC:
fields in the message header. This check stops a significant
amount of UBE. However, it also breaks most legitimate mailing
lists. Do not use this check in the relay_profile, as there may
be multiple destination addresses and it will provide
inconsistent results.
from_check
Default: 0
Setting this variable to ’1’ causes MessageWall to check that
the envelope source address is in the From: field of the message
header. The realistic impact of using this check is unknown.
realname_check
Default: 0
Setting this variable to ’1’ causes MessageWall to check for the
presence of a real name before the <> address section of the
From: field of the message header. The realistic impact of
using this check is unknown.
rdns_required
Default: 0
Setting this variable to ’1’ causes MessageWall to reject
messages from IP address that lack reverse DNS. The realistic
impact of using this check is unknown.
rmx_required
Default: 0
Setting this variable to ’1’ causes MessageWall to reject
messages with return path domains without an MX or A record.
This means that domains in the reverse path that would be
undeliverable for return mail cause the message to be rejected.
This should be safe to use in almost all cases.
header_reject
Example:
header_reject=1,Precedence:bulk
The value of a header_reject line should contain a colon
seperated string of Header:Key. The "Key" will be case-
sensitively searched for in the value of the header. If a match
is found, the message is refused. There can be multiple
header_reject lines.
header_rejecti
Example:
header_rejecti=1,X-Mailer:gold
The value of a header_rejecti line should contain a colon
seperated string of Header:Key. The "Key" will be case-
insensitively searched for in the value of the header. If a
match is found, the message is refused. There can be multiple
header_reject lines.
body_reject
Example:
body_reject=1,FREE
The value of a body_reject line is case-sensitively searched for
in the decoded body of each MIME part. If a match is found, the
message is refused. There can be multiple body_reject lines.
body_rejecti
Example:
body_rejecti=1,viagra
The value of a body_rejecti line is case-insensitively searched
for in the decoded body of each MIME part. If a match is found,
the message is refused. There can be multiple body_rejecti
lines.
filename_reject
Example:
filename_reject=1,.pif
The value of a filename_reject line is case-insensitively
searched for in any filenames of attachments to the message. If
a match is found, the message is refused. There can be multiple
filename_reject lines. filename_reject is the most powerful
MessageWall tool to stop virus propagation.
mime_reject
mime_reject=1,application/x-wav
The value of a mime_reject line is case-insensitively matched
against content-types in all parts of the message. If a match
is found, the message is refused. There can be multiple
mime_reject lines. mime_reject is provided as a counterpart to
filename_reject for platforms that determine execution based on
MIME type instead of filename extension.
dnsbl
Examples:
dnsbl=2,list.dsbl.org/127.0.0.2
dnsbl=1,multihop.dsbl.org
dnsbl=1,bl.spamcop.net
Each dnsbl line causes queries for connecting IP addresses to be
sent to the list in question. If a connecting IP address is
present on one of the lists (and the result IP matches the one
provided, if any), the message is refused with a message
pointing to http://openrbl.org/. To speed up transactions,
requests for all lists from all profiles are sent on initial
connection; later, when we determine what profile applies to the
message, responses from the lists are checked, and waited for
(up to dnsbl_timeout) if necessary. The effectiveness of this
feature is based strictly on which lists are used.
dnsbl_domain
Examples:
dnsbl_domain=1,dsn.rfc-ignorant.org/127.0.0.2
dnsbl_domain=2,postmaster.rfc-ignorant.org
dnsbl_domain=1,abuse.rfc-ignorant.org
Each dnsbl_domain line causes queries for reverse path domains
to be sent to the list in question. If a connecting IP address
is present on one of the lists (and the result IP matches the
one provided, if any), the message is refused. To speed up
transactions, requests for all lists from all profiles are sent
on MAIL FROM; later, when we determine what profile applies to
the message, responses from the lists are checked, and waited
for (up to dnsbl_domain_timeout) if necessary. The
effectiveness of this feature is based on the lists being used,
but is slightly less than IP-based blacklists, as it is more
easily spoofable.
dnsdcc
Examples:
dnsdcc=1,aa.dcc.dsbl.org
dnsdcc=1,ba.dcc.dsbl.org
Each dnsdcc line causes queries for each MIME part of a message
to be sent to the specified checksum servers. The first two
letters of the value specifies the checksum to be calculated.
If a match is found, the message is refused. This system is
very effective against common viruses and UBE, but also breaks
legitimate mailing list messages.
virus_scan
Examples:
virus_scan=1,virus.profiles
Each virus_scan line causes MessageWall to scan decoded
attachments against the Open AntiVirus format pattern file
specified. If a match is found, the message is refused. Virus
pattern files are reloaded on messagewallctl reload-virus.
EXAMPLES
See the profiles directory in the distribution for sample profiles.
AUTHOR
Ian Gulliver <ian@penguinhosting.net>
SEE ALSO
messagewall(1),
messagewall.conf(5)
2002-06-08 messagewall_profiles(5)