CREATE TABLE `domains` (
  `did` int(11) NOT NULL AUTO_INCREMENT,
  `uid` int(11) NOT NULL,
  `domain` varchar(255) NOT NULL,
  `typ` varchar(10) NOT NULL,
  `alias` int(11) NOT NULL,
  `group` int(11) NOT NULL,
  `update` int(11) NOT NULL DEFAULT '1',
  `webalizer` tinyint(4) NOT NULL DEFAULT '0',
  `logs` tinyint(4) NOT NULL DEFAULT '0',
  `kb` int(11) NOT NULL,
  `traffic` int(11) NOT NULL,
  PRIMARY KEY  (`did`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
 
 
CREATE TABLE `forwardings` (
  `source` varchar(80) NOT NULL,
  `destination` text NOT NULL,
  PRIMARY KEY  (`source`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 
 
CREATE TABLE `mail` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `uid` int(11) NOT NULL,
  `group` int(11) NOT NULL,
  `email` varchar(80) character SET latin1 NOT NULL,
  `alias` varchar(80) character SET latin1 NOT NULL,
  `password` varchar(64) character SET latin1 NOT NULL,
  `crypt` varchar(64) NOT NULL,
  `bypass_spam_checks` varchar(1) NOT NULL DEFAULT 'N',
  `bypass_virus_checks` varchar(1) NOT NULL DEFAULT 'N',
  `spam_tag2_level` float NOT NULL DEFAULT '4',
  `spam_kill_level` float NOT NULL DEFAULT '8',
  `spam_modifies_subj` char(1) NOT NULL DEFAULT 'Y',
  `spam_subject_tag2` varchar(64) NOT NULL DEFAULT '***SPAM***',
  `warnvirusrecip` char(1) NOT NULL DEFAULT 'N',
  `warnbannedrecip` char(1) NOT NULL DEFAULT 'N',
  `warnbadhrecip` char(1) NOT NULL DEFAULT 'N',
  `quota` int(10) DEFAULT '10485760',
  `kb` int(11) NOT NULL,
  `traffic` int(11) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
 
 
CREATE TABLE `mailaddr` (
  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
  `priority` int(11) NOT NULL DEFAULT '7',
  `email` varchar(255) NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `email` (`email`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
 
CREATE TABLE `wblist` (
  `rid` int(10) UNSIGNED NOT NULL,
  `mail` varchar(50) NOT NULL,
  `wb` varchar(10) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
inet_interfaces = all
myhostname = mailgw1.domain.de
mydestination = mailgw1.domain.de localhost.domain.de, localhost
mynetworks = 127.0.0.0/8
virtual_alias_maps = mysql:/etc/postfix/forwardings.cf  mysql:/etc/postfix/presents.cf
virtual_mailbox_domains = mysql:/etc/postfix/domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mailboxes.cf
virtual_mailbox_base = /data/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,  permit_sasl_authenticated, reject_unauth_destination,  check_policy_service unix:private/policy, check_policy_service  inet:127.0.0.1:12525
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
relayhost =
mailbox_size_limit = 0
message_size_limit = 20971520
recipient_delimiter = +
content_filter = amavis:[127.0.0.1]:10024

# pages of the non-Postfix software to find out what options it  wants.
#
# Many of the following services use the Postfix pipe(<img src="typo3conf/ext/mm_forum//res/smilies/icon_cool.gif" alt="icon_cool.gif" /> delivery
# agent.  See the pipe(<img src="typo3conf/ext/mm_forum//res/smilies/icon_cool.gif" alt="icon_cool.gif" /> man page for information about ${recipient}
# and other message envelope options.
#  ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail  ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop  ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender  $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store  ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
 
amavis unix - - - - 2 smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
 
127.0.0.1:10025 inet n - - - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o  receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o receive_override_options=no_address_mappings
 
policy  unix  -       n       n       -       -       spawn
        user=nobody argv=/usr/bin/perl  /usr/lib/postfix/policyd-spf-perl

user = vmail
password = geheim
dbname = vmail
table = domains
select_field = 'virtual'
where_field = domain
hosts = 127.0.0.1

user = vmail
password = geheim
dbname = vmail
table = forwardings
select_field = destination
where_field = source
hosts = 127.0.0.1

user = vmail
password = geheim
dbname = vmail
table = mail
select_field = email
where_field = email
hosts = 127.0.0.1

user = vmail
password = geheim
dbname = vmail
table = mail
select_field =  CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
 
[ req_dn ]
C=DE
ST=BW
L=Breisach
O=Web-Enterprise
OU=IT
CN=mailserver.domain.de
emailAddress=info@domain.de
 
 
[ cert_type ]
nsCertType = server

authmodulelist="authmysql"
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql  authcustom authpipe"
daemons=5
authdaemonvar=/var/run/courier/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""

MYSQL_SERVER localhost
MYSQL_USERNAME vmail
MYSQL_PASSWORD geheim
MYSQL_PORT 0
MYSQL_DATABASE vmail
MYSQL_USER_TABLE mail
MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD alias
MYSQL_HOME_FIELD "/data/vmail"
MYSQL_MAILDIR_FIELD  CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')

RANDFILE = /usr/lib/courier/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
 
[ req_dn ]
C=DE
ST=BW
L=Breisach
O=Web-Enterprise
OU=IT
CN=mailserver.domain.de
emailAddress=info@domain.de
 
 
[ cert_type ]
nsCertType = server

RANDFILE = /usr/lib/courier/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
 
[ req_dn ]
C=DE
ST=BW
L=Breisach
O=Web-Enterprise
OU=IT
CN=mailserver.domain.de
emailAddress=info@domain.de
 
 
[ cert_type ]
nsCertType = server

use strict;
 
# You can modify this file to re-enable SPAM checking through  spamassassin
# and to re-enable antivirus checking.
 
#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#
 
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl,  $bypass_virus_checks_re);
 
 
#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#
 
@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl,  $bypass_spam_checks_re);
 
1;  # insure a defined return

use strict;
 
$QUARANTINEDIR = "/data/vmail/badmails/";
 
$log_recip_templ = undef;    # disable by-recipient level-0 log  entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all  messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output,  etc
 
$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP  and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if  $enable_db=1
 
$inet_socket_port = 10024;   # default listenting socket
 
@lookup_sql_dsn = 
( ['DBI:mysql:database=knopix;host=127.0.0.1;port=3306', 'knopix',  '###KNOPIXPW###'] );
 
$sql_select_policy = 'SELECT * FROM mail WHERE email IN(%k)';
#$sql_select_policy = 'SELECT * FROM mail WHERE CONCAT("@",domain) IN  (%k)';
 
$sql_select_white_black_list = 'SELECT wb FROM wblist'.
' WHERE (rid=? OR rid=0)'.
' AND mail IN (%k)';
 
# $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
# ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
# ' AND (mailaddr.email IN (%k))'.
# ' ORDER BY mailaddr.priority DESC';
 
#$sa_spam_subject_tag = '***SPAM*** ';
#$sa_tag_level_deflt  = -100;  # add spam info headers if at, or  above that level
#$sa_tag2_level_deflt = 4.00; # add 'spam detected' headers at that  level
#$sa_kill_level_deflt = 8.00; # triggers spam evasive actions
#$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not  sent
 
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail  is larger
$sa_local_tests_only = 0;    # only tests which do not require  internet access?
 
# Quota limits to avoid bombs (like 42.zip)
 
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes
 
# You should:
#   Use D_DISCARD to discard data (viruses)
#   Use D_BOUNCE to generate local bounces by amavisd-new
#   Use D_REJECT to generate local or remote bounces by the calling  MTA
#   Use D_PASS to deliver the message
#
# Whatever you do, *NEVER* use D_REJECT if you have other MTAs  *forwarding*
# mail to your account.  Use D_BOUNCE instead, otherwise you are  delegating
# the bounce work to your friendly forwarders, which might not like  it at all.
#
# On dual-MTA setups, one can often D_REJECT, as this just makes your  own
# MTA generate the bounce message.  Test it first.
#
# Bouncing viruses is stupid, always discard them after you are sure  the AV
# is working correctly.  Bouncing real SPAM is also useless, if you  cannot
# D_REJECT it (and don't D_REJECT mail coming from your forwarders!).
 
$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus  quarantine)
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for  spam)
 
$virus_admin = undef; # due to D_DISCARD default
# Leave empty (undef) to add no header
$X_HEADER_LINE = "Debian ClamAV AntiVirus auf $mydomain";
 
$spam_quarantine_method = 'local:spam/spam-%i-%n.gz';
$virus_quarantine_method = 'local:virus/virus-%i-%n.gz';
$bad_header_quarantine_method = 'local:badh/badh-%i-%n.gz';
$banned_files_quarantine_method = 'local:banned/banned-%i-%n.gz';
 
$virus_quarantine_to = 'virus-quarantine';
$spam_quarantine_to = 'spam-quarantine';
$banned_quarantine_to = 'banned-quarantine';
$bad_header_quarantine_to = 'bad-header-quarantine';
 
 
# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER  ASSIGNMENTS
 
#
# DO NOT SEND VIRUS NOTIFICATIONS TO OUTSIDE OF YOUR DOMAIN. EVER.
#
# These days, almost all viruses fake the envelope sender and mail  headers.
# Therefore, "virus notifications" became nothing but undesired,  aggravating
# SPAM.  This holds true even inside one's domain.  We disable them  all by
# default, except for the EICAR test pattern.
#
 
@viruses_that_fake_sender_maps = (new_RE(
  [qr'\bEICAR\b'i => 0],            # av test pattern name
  [qr/.*/ => 1],  # true for everything else
));
 
@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking  (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains  undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));
 
 
# for $banned_namepath_re, a new-style of banned table, see  amavisd.conf-sample
 
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable  components
 
  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
 
  qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows  Class ID CLSID, strict
 
  qr'^application/x-msdownload$'i,                  # block these  MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
 
# qr'^application/x-msmetafile$'i,	# Windows Metafile MIME type
# qr'^\.wmf$',				# Windows Metafile file(1) type
 
# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046  MIME types
 
# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in  Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type  archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such  archives
 
  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension -  basic
#  qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#         inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long
 
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip  vulnerab.
 
  qr'^\.(exe-ms)$',                       # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
 
 
# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
 
@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables  are summed
 
# ## per-recipient personal tables  (NOTE: positive: black, negative:  white)
# 'user1@example.com'  => [{'bla-mobile.press@example.com' =>  10.0}],
# 'user3@example.com'  => [{'.ebay.com'                 =>  -3.0}],
# 'user4@example.com'  => [{'cleargreen@cleargreen.com' =>  -7.0,
#                           '.cleargreen.com'           => -5.0}],
 
  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score  boost
 
   new_RE(  # regexp-type lookup table, just happens to be all  soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i          => 5.0],
     [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>  5.0],
     [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>  5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i    => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i   => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                 => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                     => 5.0],
   ),
 
#  read_hash("/var/amavis/sender_scores_sitewide"),
 
   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
 
     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,
 
   },
  ],  # end of site-wide tables
});
 
1;  # insure a defined return

use strict;
 
#
# Place your configuration directives here.  They will override those  in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
 
$pax='pax';
 
#------------ Do not modify anything below this line -------------
1;  # insure a defined return