toaster-watcher.conf documentation

[davidcl]

n.b. THESE DOCS ARE NOT UP-TO-DATE.  The information posted here describes toaster-watcher.conf as of Mail::Toaster 3.34.  Since then, some options have been added, some have been removed, and some of the explanations have been clarified.

For the most recent version of this document, see http://www.tnpi.biz/internet/mail/toaster/docs/watcher.shtml" target="_blank">http://www.tnpi.biz/internet/mail/toaster/docs/watcher.shtml

This document is also included with the toaster download, in pod, html, and text format.

#######################################            TOASTER######################################cvsup_server_preferred         = fastest         # fastest or a hostnamecvsup_server_country           = UStoaster_pkg_site               = ftp://ftp.freebsd.orgtoaster_os_release             = 4-stabletoaster_dl_site                = http://www.tnpi.biz    # select a mirrortoaster_dl_url                 = /internet/mail/toaster

This section contains settings about where the various componenents in the toaster should be downloaded from.  In most cases, the only things you're likely to change are your country, and the version of FreeBSD you are using.

The version of FreeBSD should be expressed in the form of a tag name.  Possible options are:

[*]4-stable
[*]5-stable
[*]5-current
[*]RELENG_4_9
[/list:u]

toaster_http_base              = /usr/local/www

This should be the same value specified in toaster.conf

toaster_http_docs              = /usr/local/www/data

This is your document root, normally the "data" directory inside your web root.

toaster_tmp_dir                = /tmptoaster_src_dir                = /usr/local/src

Where will the toaster place temporary files and source files?  The default is usually fine.

toaster_debug                  = 1

Many of the perl subroutines used by toaster_setup.pl and toaster_watcher.pl have extensive debugging available, but disabled.  This enables all that debugging. If you are having a problem with something, such as toaster-watcher.pl not generating your /service/smtp/run file, then you could enable debugging and run it again.  The debugging messages might show you that it timed out when doing DNS queries-- maybe your DNS server could use a little attention.

toaster_hostname               = mail.example.comsystem_config_dir              = /usr/local/etctoaster_admin_email            = postmaster@example.com

A few basic settings-- the hostname of your machine, the location of your config files, and the email address where system-wide admin mail should be sent.

mail_syslog                    = /var/log/maillog

The file that should be used by syslog/splogger for mail logging.  Note that settings elsewhere in this file may send portions of your mail logging to other locations.

package_install_method         = packages  # packages | ports                                 # if both options are supported, the setup                                 # script will prefer the one you choose.

This affects toaster_setup.pl.  If a program can be installed from either packages or ports, which method is preferred?

[davidcl]

#######################################           Programs####################################### You can pass the major number of some programs# if you with to install a particular version# 0 = do not install# 1 = install# other = install particular version# port  = install from FreeBSD ports# Extra options are noted after the # where available

This section is fairly self-explanatory.  Which programs should toaster_setup.pl install, and what versions of those programs should it install?

install_squirrelmail           = 1install_apache                 = 2   # 0, 1, 2install_apache_user            = www

Set install_apache to zero if you already have apache installed on your system and you don't want toaster_setup to build it.

If you do want apache installed, choose 1 or 2 for apache version 1.3 or 2.0.  Unless you have a specific reason to run apache 1.3, 2.0 is recommended.

Set install_apache_user to the username that apache will run under.

install_mysql                  = 4   # 0, 1, 4install_mysql_ssl              = 1install_mysql_linuxthreads     = 0install_mysql_optimized        = 1install_mysql_dir              = /var/db/mysql

Set install_mysql to zero if you don't want the MySQL server installed, or if you already have it.  Set it to 1 if you want MySQL 3.x, or 4 if you want MySQL 4.x.

mysql_linuxthreads is not recommended on FreeBSD.

/var/db/mysql is the default location of MySQL on FreeBSD.  If you're expecting to have anything other than the toaster use this MySQL database server, there might be arguments for putting MySQL somewhere other than /var.

install_courier_imap           = 1.7.0  # 0, ver, portinstall_sqwebmail              = 3.5.0  # 0, verinstall_qmail                  = 1.03   # verinstall_qmailadmin             = 1.2.0  # 0, ver, portinstall_vpopmail               = 5.4.0  # ver, port

Feel free to switch any of these to zero to disable installing that component.  However, it is strongly recommended that you leave all of these version numbers unchanged from the toaster-watcher.conf distributed with the toaster-- the versions indicated have been tested together and with the toaster, are considered stable, and generally can be installed cleanly on FreeBSD.

install_vqadmin                = 0install_isoqlog                = 1install_portupgrade            = 1install_openldap_client        = 1

vqadmin is a handy web-based tool that administers vpopmail domains.  It is not a "recommended" part of the toaster install, because it has significant security implications and requires setup.  However, many administrators use it.

[davidcl]

#######################################           Mail Filtering######################################install_mail_filtering         = 1install_procmail               = 0install_maildrop               = 1install_spamassassin           = 1install_spamassassin_flags     = -a -d -v -x -r /var/run/spamd.pid  # Add -q for per use SQL prefsinstall_qmailscanner           = 1install_qmailscanner_version   = 1.20install_clamav                 = 1install_pyzor                  = 1install_razor                  = 1install_bogofilter             = 1install_dcc                    = 1

These settings relate to mail filtering using qmail-scanner, ClamAV, SpamAssassin, and Maildrop.  There's little reason to change the defaults here on anything other than the SpamAssassin flags.

There are MANY things you can change about SpamAssassin's behavior by modifying these flags, but they are beyond the scope of this document. See http://www.spamassassin.org/" target="_blank">http://www.spamassassin.org/ for details.

[davidcl]

#######################################           Qmail Settings######################################qmail_dir                      = /var/qmail

The location of qmail.  Think twice about changing this, as you'll be creating a very non-standard qmail installation.  (This should match admin_qmaildir in toaster.conf).

qmail_supervise                = /var/qmail/superviseqmail_service                  = /var/serviceqmail_service_smtp             = /var/service/smtpqmail_service_send             = /var/service/sendqmail_service_pop3             = /var/service/pop3qmail_service_submit           = /var/service/submit

These are your supervise and service directories.  Only change if you have already created these directories elsewhere.  For example Dan Bernstein has convinced some people to create /service instead of /var/service.  Life-with-Qmail based servers will have /var/service/qmail-smtpd and /var/service/qmail-send.  (qmail_supervise should match the logs_supervise in toaster.conf).

The supervise directory is where all the control files are created and where they'll live forever and ever, even if they aren't used. The supervise directory can be the same as the service directory, but it shouldn't be. Per Dan & LWQ docs, the service directory should exist elsewhere. On FreeBSD /var/service is the most appropriate location (man hier for details).

In the service directory you create symlinks to the supervised directories you want running.

A good example of this is that many toaster run courier-imap's pop3 daemon instead of qmails. Yet, the qmail pop3 daemons supervise directory is still build in /var/qmail/supervise but not symlinked in /var/service and thus not running.  Switching from courier to qmail's is typically as easy as:

   pop3 stop
   rm /usr/local/etc/rc.d/pop3.sh

   ln -s /var/qmail/supervise/pop3 /var/service

qmail_chk_usr_patch            = 1

This decides whether to install the chkusr patch as described at http://www.interazioni.it/qmail/" target="_blank">http://www.interazioni.it/qmail/ .  Please note that this patch has various implications for how mail is handled on your system-- make sure you really want the functionality it offers.

qmail_log_base                 = /var/log/mailqmail_log_user                 = qmaillqmail_log_group                = qnofilesqmail_mysql_include            = /usr/local/lib/mysql/libmysqlclient.a

[davidcl]

#######################################           Vpopmail####################################### If you don't understand what these options are, read the vpopmail# documentation where they are explained in more detail.

If you change any of the vpopmail settings after installing vpopmail, you will need to rebuild vpopmail from source to make them take effect.

vpopmail_user                  = vpopmailvpopmail_group                 = vchkpwvpopmail_home_dir              = /usr/local/vpopmailvpopmail_learn_passwords       = 1

The learn password feature allows you to set a user's password to be blank.  The password will be set to whatever is used the first time the user logs in.  Very helpful for migrating domains from other servers, but please consider the security implications.

vpopmail_default_domain        = 0

If you have just one domain set it with this option. The default domain name users can authenticate with just their user name, and don't need to use <user>%<virtualdomain>.

vpopmail_roaming_users         = 1vpopmail_relay_clear_minutes   = 180

The "roaming users" setting enables POP-before-SMTP and IMAP-before-SMTP authentication.  If this is enabled, then relay clear minutes determines how long users can send mail after they've checked mail.

vpopmail_mysql                 = 1

Should Vpopmail use MySQL for authentication?  This is recommended.

vpopmail_mysql_limits          = 0

Should Vpopmail user MySQL for limits?  This is handy, but it is a relatively new feature of vpopmail.  If you are upgrading an existing toaster, you'll need to copy all of your existing domains into the MySQL limits table before enabling this feature.

vpopmail_mysql_replication     = 0vpopmail_mysql_logging         = 0vpopmail_mysql_repl_master     = db.example.comvpopmail_mysql_repl_slave      = localhost

Important:  If you are not using replication, put in the name of your master database server as BOTH the master and the slave.

vpopmail_mysql_database        = vpopmailvpopmail_mysql_repl_user       = vpopmailvpopmail_mysql_repl_pass       = supersecretword

Important: Replace "supersecretword" with the correct password for your database server.

vpopmail_auth_logging          = 1vpopmail_logging               = 1vpopmail_logging_verbose       = 1vpopmail_valias                = 1vpopmail_qmail_extensions      = 1vpopmail_rebuild_tcpserver_file = 0vpopmail_ip_alias_domains      = 0

If IP alias domains is turned on, and the user does not supply a domain as part of their login, then a reverse IP lookup is done on the server IP address that the client connected to. If the servers IP address resolves to a domain name, then vpopmail uses that name as the domain.

IP w.x.y.z resolves to test.com. User sets their pop server ip to w.x.y.z and connects. Vpopmail gets the connection, checks the IP of the SERVER side of the connection. Does a reverse IP lookup and obtains test.com. User sends joe as their pop user name. Vpopmail uses test.com as the domain.

You can mix and match name and ip based virtual domains.  You can also use the vipmap utility to skip the reverse DNS lookup (or if reverse DNS is not set up for the IP address).

vpopmail_etc_passwd            = 0

This enables local logins-- accounts which are listed in /etc/passwd-- to receive and check mail.

If you enable this feature, you'll need to add a few lines to /etc/pam.conf to allow courier-imap to work with /etc/passwd accounts.  See http://www.inter7.com/courierimap/INSTALL.html" target="_blank">http://www.inter7.com/courierimap/INSTALL.html for details.

filtering_spamassassin_method  = site   # site | user | domain (site only at this time)

Please see the Toaster FAQ for instructions on enabling per-user and per-domain SpamAssassin preferences.

filtering_qmailscanner_method  = smtp   # smtp | tcpserver

qmail-scanner is run by setting the QMAILQUEUE environment variable to "/var/qmail/bin/qmail-scanner-queue.pl".  This can be done either in the SMTP service run file, or in the tcp.smtp file.  "smtp" chooses the run file; "tcpserver" chooses the tcp.smtp file.

According to the qmail-scanner web site, tcpserver is the recommended method.

filtering_qmailscanner_debug   = 0filtering_qmailscanner_logging = 1filtering_qmailscanner_clamav  = 1filtering_qmailscanner_spamas  = 0

This debugging option logs a huge amount of detail about qmail-scanner's activities.  If you change these options here, you must rebuild qmail-scanner for the changes to take effect.

[davidcl]

########################################           qmail-send                ######################################### send_log_method - [ syslog | multilog | debug | stats | disabled ]# see smtpd_log_method for complete details#send_log_method                = multilogsend_log_postprocessor         = maillogs   # maillogs | nonesend_log_maxsize_bytes         = 1000000    # make this > 5 minutes of logging

You have several choices for logging:

syslog   - logs to syslog (normally /var/log/maillog on FreeBSD).  This is generally not recommended, but it may be handy for sendmail refugees.
multilog - logs via multilog to the location specified under "Qmail Settings." - This is required for maillogs & RRDutil, and is the recommended logging method for qmail and the toaster.
debug    - enables full debugging, records entire SMTP converation (and also logs via multilog).
stats    - only logs stats lines (via multilog).
disabled - silently discards all logs

maillogs is a post-processor for your qmail logs, included with the toaster.  It is required for RRDutil and isoqlog to generate their statistics.

send_log_isoqlog               = 1

This allows you to choose whether your qmail-send logs will be post-processed by isoqlog.

send_mailbox_string            = ./Maildir/

This allows you to change your default delivery location.  Most toasters will not change this.  For a good explanation of other qmail delivery options, see http://www.lifewithqmail.org/" target="_blank">http://www.lifewithqmail.org/

[davidcl]

########################################           qmail-smtpd               ########################################smtpd_listen_on_address         = all           # all, a hostname, or IPsmtpd_listen_on_port            = smtp          # smtp or a port number

On which address and port should the toaster listen for smtp connections?

For the port number, "smtp" means port 25.

smtpd_hostname                  = system

Where should the toaster get the hostname to be reported by the SMTP service?

 system - will set to the systems hostname (as set in /etc/rc.conf)
 qmail  - will set to contents of qmail/control/me
 Anything else is considered to be a hostname.

smtpd_max_memory_per_connection = 25            # in megabytessmtpd_max_connections           = 10smtpd_max_memory                = 250

smptd_max_memory_per_connection sets the maximum amount of RAM for any particular SMTP connection (this is enforced by "softlimit").  If you are running qmail-scanner, clamav, and SpamAssassin, it's very possible that 25 megabytes per connection may not be enough.  This is a VERY important setting, because softlimit/qmail will start deferring (soft-bouncing) mail if the smtpd processes use more memory than allowed in this value.

If smtpd_max_connections is exceeded, further connections are deferred.  (For those familiar with "Life With Qmail", this replaces the "concurrencyincoming" file).

smtpd_max_memory should be set to smtpd_max_connections multiplied by smtpd_max_memory_per_connection.

Suppose your machine has 1024MB of RAM. It's primarily a mail exchanger, so you want to allow SMTP processes to use 750MB of your RAM, leaving just a touch over 256MB for other processes. You set your smtpd_max_memory to 750.

To avoid any one particular smtp connection growing out of control, you set smtpd_max_memory_per_connection to 50MB.

You should then set smtpd_max_connections to 15. (15 * 50 = 750).

If you want to accept more than 15 simultaneous connections, you'll either need to raise smtpd_max_memory, or lower smtpd_max_memory_per_connection.

If you set smtpd_max_memory close to (or higher than) the amount of real RAM in your machine, your server can run out of real RAM and start to swap.  It's quite likely that your machine will slow to a crawl if this happens.

toaster-watcher will warn you (and lower your smtpd_max_connections value) if your smtpd_max_memory is lower than smtpd_max_connections multiplied by smtpd_max_memory_per_connection.

smtpd_use_mysql_relay_table     = 1

Set this to zero if you are not using the patched version of tcpserver built by the toaster install.

For more information, see http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml" target="_blank">http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml

smtpd_lookup_tcpremotehost      = 0smtpd_lookup_tcpremoteinfo      = 0smtpd_dns_paranoia              = 0smtpd_dns_lookup_timeout        = 26

DNS lookups allow you to be more careful about the mail you accept, but they can also slow down connections to your toaster.  If you want to reject mail based on the absence of reverse DNS, as described in the toaster FAQ, you must set smtpd_lookup_tcpremotehost to 1.

smtpd_run_as_user               = vpopmailsmtpd_run_as_group              = vchkpwsmtpd_chkusr_patch              = 1             # http://www.interazioni.it/qmail/smtpd_auth_enable               = 1             # enable / disable SMTP auth

smtpd_chkusr_patch can be turned on and off from here.  (This option only functions if this patch was installed, based on the qmail_chk_usr_patch setting, above).

smtpd_auth_enable lets you choose whether to allow SMTP AUTH, a method of authenticated relaying.  This is recommended.

smtpd_checkpasswd_bin           = vpopmail_home_dir/bin/vchkpwsmtpd_relay_database            = vpopmail_home_dir/etc/tcp.smtp.cdbsmtpd_qmail_queue               = /var/qmail/bin/qmail-scanner-queue.pl

Locations of a few programs and standard config files.

smtpd_log_method                = multilogsmtpd_log_postprocessor         = maillogs   # maillogs | nonesmtpd_log_maxsize_bytes         = 1000000    # make sure this is larger than 5 minutes of logging

These options are similar to the options for logging in the qmail-send section

rbl_enable                      = 1    # master RBL switch. Disables all RBLsrbl_enable_fail_closed          = 1    # default is onrbl_enable_soft_failure         = 1    # default is on (off means bounce immediately (553)rbl_timeout                     = 60   # default is 60 secondsrbl_reverse_dns                 = 1    # block based on presence of reverse DNSrbl_reverse_dns_failure         = soft # soft | hard  (temporary (451) or permanent (553) error)                                       # currently the only way to block based on DNS is modifying                                       # your ~vpopmail/etc/tcp.smtp file. See the FAQ for details                                       # Eventually toaster-watcher will be able to set that up

See the Toaster FAQ for a great explanation of what RBLs are and why you might want to use them to block spam.

Toaster-watcher monitors the RBLs you list here.  Only RBLs that are working will be used by your SMTP service.

rbl_enable_soft_failure decides whether an RBL hit results in a deferral or an immediate bounce: 1 produces a deferral; 0 produces an immediated bounce.

The rbl_reverse_dns paramaters are not fully implemented, but will eventually allow you to bounce messages from servers which do not have Reverse DNS configured.  See the FAQ for how to implement that feature now.

rbl_sbl.spamhaus.org            = 1rbl_bl.ordb.org                 = 1rbl_list.dsbl.org               = 1rbl_bl.spamcop.net              = 1rbl_relays.ordb.org             = 1rbl_dev.null.dk                 = 1rbl_rbl-plus.mail-abuse.org     = 0    # Subscription only!rbl_blackholes.mail-abuse.org   = 0    # Subscription only!rbl_relays.mail-abuse.org       = 0    # Subscription only!rbl_dialups.mail-abuse.org      = 0    # Subscription only!rbl_korea.services.net          = 1rbl_cn.rbl.cluecentral.net      = 1rbl_kr.rbl.cluecentral.net      = 1rbl_dsn.rfc-ignorant.org        = 1rbl_whois.rfc-ignorant.org      = 1rbl_abuse.rfc-ignorant.org      = 1rbl_postmaster.rfc-ignorant.org = 1rbl_relays.visi.com             = 1rbl_opm.blitzed.org             = 1rbl_dnsbl.sorbs.net             = 1rbl_relays.osirusoft.com        = 0   # DEADrbl_formmail.relays.monkeys.com = 0   # monkeys.com DEAD as of 2003.09.22rbl_proxies.relays.monkeys.com  = 0   # monkeys.com DEAD as of 2003.09.22rbl_abuse.easynet.nl            = 0   # DEAD as of 2003.12.11

This set of options lets you choose which RBLs to use.  Think carefully about which RBLs you use; you are allowing a third party's opinion to determine what mail your server will accept and reject.  This isn't necessarily a bad thing, but you should evaluate each RBL, learn what you can about how it is set up, and make a judgement call about whether (a) you trust the people running it and (b) you agree with their policies on when to blacklist someone.

The author of this documentation, for example, thinks it is WRONG to blacklist IP addresses solely on the basis of their country of origin, and thus he does not use korea.services.net, cn.rbl.cluecentral.net, or kr.rbl.cluecentral.net.  Other administrators have observed that 99% of the mail their users receive from these countries is spam, and so feel that they are justified in using these RBLs.  It's your mail server; decide on a reasonable policy and choose blacklists accordingly.

If you want to add blacklists to this list, you can just add them.  For example, to use the combined SBL-XBL list published by spamhaus, just add "rbl_sbl-xbl.spamhaus.org = 1" and it will be recognized by toaster-watcher.

rwl_enable                      = 0   # master RWL switch. Disables all RWLsrwl_list.example.com            = 0   # realtime white list example

Realtime white lists are the opposite of RBLs.  To our knowledge, no public RWLs exist.  A more common use of this feature would be to run a RWL on a local host, for the purpose of over-riding specific RBL entries.

However, if you only have a few IP addresses you want to override, it's a lot less trouble to just add them to your tcp.smtp file.

If you're interested in using this option, see DJB's docs on rblsmtpd at http://cr.yp.to/ucspi-tcp/rblsmtpd.html." target="_blank">http://cr.yp.to/ucspi-tcp/rblsmtpd.html.  DJB refers to RWLs as anti-RBLs.

[davidcl]

########################################              POP3D                  ########################################pop3_daemon                    = qpop3d  #  qpop3d | courier

This block of options controls the POP3 server.  As indicated, the toaster supports two different POP3 servers-- qpop3d, distributed with qmail, and courier-pop3, distributed with courier-imap.  Currently qpop3d is recommended, and several of the options below will only be effective under qpop3d.

### pop3_hostname [ system | qmail | mail.example.com ]##  system - will set to the systems hostname#  qmail  - will set to contents of qmail/control/me#  other  - anything else is considered to be a hostname##pop3_hostname                  = systempop3_max_memory_per_connection = 2pop3_max_connections           = 50pop3_max_memory                = 256pop3_lookup_tcpremotehost      = 0pop3_lookup_tcpremoteinfo      = 0pop3_dns_paranoia              = 0pop3_dns_lookup_timeout        = 26pop3_ip_address_listen_on      = all

The options above are essentially identical to options described in the qmail-smtpd section, so the explanations will not be duplicated here.  

However, it's worth noting that POP3 connections require a lot less RAM than SMTP connections.

pop3_checkpasswd_bin           = vpopmail_home_dir/bin/vchkpw

The program listed here will validate usernames and passwords for the POP3 service.  Most toasters will not change this setting.

### pop3_log_method - [ syslog | multilog | verbose | stats | disabled ]##pop3_log_method                = multilog   # multilog required for RRDutilpop3_log_postprocessor         = maillogs   # maillogs | nonepop3_log_maxsize_bytes         = 1000000    # make this > 5 minutes of logging

These options are similar to the options for logging in the qmail-send section.

[davidcl]

########################################         qmail-smtpd-submit          ########################################submit_enable                  = 1submit_listen_on_address       = all           # all, a hostname, or IPsubmit_listen_on_port          = submission    # submission or a port numbersubmit_hostname                = system

"submission" is confusing to many people, but it should not be.  Basically, this creates a second SMTP service, running on a different port number.

If you leave submit_listen_on_port set to "submission" then this will use port 587.  The most common use of the submission protocol is for customers whose ISPs block port 25, or route it through their own servers.  In many cases they do not block port 587, because the submission service is supposed to be fully authenticated.

The options for submission should look familiar by now-- they are identical to the options for qmail-smtpd.  That's because in fact this is just another copy of qmail-smtpd.  The only difference is that you don't set up RBLs for the submission protocol, since you'll only be accepting connections from your authenticated customers.

# submit_hostname [ system | qmail | mail.example.com ]##  system - will set to the systems hostname#  qmail  - will set to contents of qmail/control/me#  other  - anything else is considered to be a hostname##submit_max_memory_per_connection = 25            # in megabytessubmit_max_connections         = 50submit_use_mysql_relay_table   = 0submit_lookup_tcpremotehost    = 0submit_lookup_tcpremoteinfo    = 0submit_dns_paranoia            = 0submit_dns_lookup_timeout      = 26submit_run_as_user             = vpopmailsubmit_run_as_group            = vchkpwsubmit_chkusr_patch            = 1             # http://www.interazioni.it/qmail/submit_auth_enable             = 1             # enable / disable SMTP authsubmit_checkpasswd_bin         = vpopmail_home_dir/bin/vchkpwsubmit_relay_database          = vpopmail_home_dir/etc/tcp.smtp.cdbsubmit_qmail_queue             = /var/qmail/bin/qmail-scanner-queue.pl### submit_log_method - [ syslog | multilog | debug | stats | disabled ]## - syslog   - logs to $mail_syslog ( normally /var/log/maillog on FreeBSD )# - multilog - logs via multilog to $qmail_log_base/smtp - required for maillogs & RRDutil.# - debug    - enables full debugging, records entire SMTP converation# - stats    - only logs stats lines# - disabled - silently discards all logs##submit_log_method                = syslogsubmit_log_postprocessor         = none       # maillogs | nonesubmit_log_maxsize_bytes         = 1000000    # make sure this is larger than 5 minutes of logging

[davidcl]

########################################            QMAILADMIN               ########################################qmailadmin_spam_option          = 1qmailadmin_help_links           = 1qmailadmin_install_as_root      = 0qmailadmin_modify_quotas        = 1qmailadmin_domain_autofill      = 1qmailadmin_spam_command         = | /usr/local/bin/maildrop /usr/local/etc/mail/mailfilterqmailadmin_cgi-bin_dir          = /usr/local/www/cgi-binqmailadmin_http_docroot         = /usr/local/www/data  # overrides toaster_http_docsqmailadmin_http_images          = /usr/local/www/data/images

If you change these qmailadmin options, you must re-run toaster_setup.pl -s qmailadmin before they will take effect.

If qmailadmin_spam_option is set, each user's mail settings will contain a checkbox for spam filtering.  When this is checked, that user's mail will be sent through the program set under qmailadmin_spam_command.

Leave this unchanged if you want to use the maildrop script supplied with the toaster.  If you have some other filtering method, set it here.

########################################            phpMyAdmin               ########################################phpMyAdmin_controluser          = pmaphpMyAdmin_controlpassword      = pmapassphpMyAdmin_auth_type            = cookie  ( cookie | http )

If you chose to install phpMyAdmin, these options control how you log into that program.

[davidcl]

########################################    Qmail Scanner Queue Processing   ########################################

These options relate to qmail-scanner, the queue processing tool which runs antivirus and antispam programs on your mail.  

qmail_scanner_logging          = 1qmail_scanner_debugging        = 0

Beware: If debugging is turned on, qmail-scanner generates huge, massive logfiles.

qmail_scanner_postmaster       = postmaster@example.com

This address will receive notices of viruses and malformed messages that are quarantined by qmail-scanner.

qmail_scanner_clamav           = 1qmail_scanner_spamassassin     = 1qmail_scanner_spamass_verbose  = 0qmail_scanner_fprot            = 0

These options let you choose which programs will be run by qmail-scanner.

qmail_scanner_stats            = 2.0.2  #  0, ver

This enables the qmail-scanner-stats package, which provides pretty graphs of qmail-scanner's activities.

qs_quarantine_process          = 1  # check through files in qs quarantineqs_quarantine_dir              = /var/spool/qmailscan/quarantineqs_quarantine_clean            = 1  # delete messages after processing them?

Several options relating to the qmail-scanner quarantine directory.  qs_quarantine_process and qs_quarantine_clean enable toaster-watcher to scan your quarantine directory and delete the files there.  This is highly recommended, since otherwise the quarantine will eventually fill up your disk.

qs_quarantine_verbose          = 1  # report activity?qs_block_virus_senders         = 1  # add virus senders IP to tcp.smtpqs_block_virus_senders_soft    = 0  # use a temporary error instead of permanentqs_block_virus_senders_time    = 24 # how long to block virus senders for (in hours)

In addition to deleting your quarantined viruses, toaster-watcher can also block the IP addresses of computers that originate viruses.  If you want to enable this feature, make sure you add these lines to your tcp.smtp file:

                               # NOTICE: The following lines must be added to your                               # tcp.smtp file exactly as shown in order for blocking                               # of virus senders to work. Toaster-watcher.pl will                               # place the entries between those two lines in your                               # tcp.smtp file.### BEGIN QMAIL SCANNER VIRUS ENTRIES ###### END QMAIL SCANNER VIRUS ENTRIES ###

If your toaster ever accepts mail from other mail servers, and you enable the block virus senders feature, you may want to specifically include those server IPs in tcp.smtp.

[davidcl]

########################################      Maildir Old Message Cleanup    ########################################maildir_clean_interval         = 7    # days between cleanup runs

maildir clean is a function of toaster-watcher. If you turn it on (by setting maildir_clean_interval to something other than zero), then toaster-watcher will create /var/log/mail/clean.log.

maildir_clean_Read             = 0    # remove read messagesmaildir_clean_Unread           = 0    # remove unread messages (days)maildir_clean_Sent             = 90   # sent messages over x days are removedmaildir_clean_Trash            = 14   # trashed messages over x days are removedmaildir_clean_Spam             = 14   # spam messages over x days are removed

For each user on the system, messages matching the criteria above will be deleted.  For example, with the default settings, any messages over 14 days old in any user's Spam or Trash folders will be deleted.

maildir_clean_Spam_learn       = 1    # feed spam through sa-learn (SpamAssassin)maildir_clean_Read_learn       = 1    # feed ham through sa-learn (SpamAssassin)maildir_clean_Read_learn_days  = 0    # only learn from messages older than x days

In addition to deleting messages, the messages can be sent through sa-learn to improve SpamAssassin's Bayesian filtering.  Bayesian filtering uses the content of previous spam messages and non-spam (ham) messages to guess which future messages are spam.  The more mail sent through sa-learn for each user, the better the Bayesian filtering gets.

For each user of each domain on the system, their read messages are assumed to be "ham" if they are older than maildir_clean_Read_learn_days. If you only want messages older than a few days to be learned as ham (giving users a chance to move any missed spam from their read box to Spam) then increase this setting.

Messages in the spam folder are assumed to be "spam" if they are older than maildir_clean_Spam days.  It's similarly a good idea to give users some time to make sure there are no false positives in this folder-- that is, legitimate messages which SpamAssassin has mistakenly tagged.