AntiSpamGateway: jsmtpd-plugin-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<jsmtpdsetup xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="jsmtpd-plugin-config.xsd">
        <ACLSetup name="Ldap ACL" class="org.jsmtpd.plugins.acls.LdapACL">
                <propertyset name="adminBindDn" value="cn=directoryAdministor,dc=jsmtpd,dc=org"/><!-- admin dn to bind on ldap server -->
                <propertyset name="adminBindPassword" value="it's my top secret password"/> <!-- admin password -->
                <propertyset name="ldapUrl" value="ldap://address.of.the.ldap.server/"/> <!-- url of the ldap server -->
                <propertyset name="ldapUserProvider" value="ou=people,dc=jsmtpd,dc=org"/> <!-- The branch in the DIT holding user objects (posix/shadow accounts) -->
                <propertyset name="ldapNetworkProvider" value="ou=networks,dc=jsmtpd,dc=org"/> <!-- The branch holding the network objects -->
        </ACLSetup>

        <DNSSetup class="org.jsmtpd.plugins.dnsServices.DNSJavaResolver" name="DNS Java">
                <propertyset name="dnsServers" value="ip.of.dns.server"/> <!-- DNS server used -->
        </DNSSetup>

        <LocalDeliveryService name="relay to io" class="org.jsmtpd.plugins.deliveryServices.SMTPRelay">
                <!-- local mail is relayed to io.jsmtpd.org, of course io.jsmtpd.org has to accept theses connections -->
                <propertyset name="relay" value="213.251.163.82"/> 
                <propertyset name="smtpPort" value="25"/>
        </LocalDeliveryService>
        
        <RemoteDeliveryService name="Remote smtp sender" class="org.jsmtpd.plugins.deliveryServices.RemoteSmtpSender">
        </RemoteDeliveryService><!-- Outgoing mail is sent directly by this instance of Jsmtpd -->
        
        <smtpExtensions>
                <smtpExtension name="tls" class="org.jsmtpd.plugins.smtpExtension.TLSSwitcher"> <!-- A plugin allowing to change clear connection to SSL connection -->
                        <propertyset name="keystoreName" value="keystore"/> <!-- must be in classpath, eg etc/ by example. It's holding the server's SSL cert --> 
                        <propertyset name="keystorePassword" value="password_of_your_keystore"/> <!-- A password for the file holding the cert -->
                </smtpExtension>
                <smtpExtension name="auth" class="org.jsmtpd.plugins.smtpExtension.LdapAuthenticator">
                        <propertyset name="adminBindDn" value="cn=directoryAdministor,dc=jsmtpd,dc=org"/>
                        <propertyset name="adminBindPassword" value="it's my top secret password"/>
                        <propertyset name="ldapUrl" value="ldap://address.of.the.ldap.server/"/>
                        <propertyset name="ldapUserProvider" value="ou=people,dc=jsmtpd,dc=org"/>
                        <propertyset name="ldapUserPassword" value="userPassword"/><!-- It specifies the name of the attribute holding users password. With shaddowAccount  object class, this is userPassword -->
                </smtpExtension>
                <!-- The greylist / SPF checker, see dev.jsmtpd.org for details -->
                <smtpExtension name="Greylist SPF" class="org.jsmtpd.plugins.smtpExtensions.GreyList"/>
        </smtpExtensions>
        
        <filtersetup>
                <!-- This filter always says true -->
                <filterInit name="chainvalid" class="org.jsmtpd.plugins.filters.builtin.ChainSucces">
                </filterInit>
                <!-- connectes to a spamassassin daemon (daemon) by TCP connection -->
                <filterInit name="antispam" class="org.jsmtpd.plugins.filters.SA.SAFilter">
                        <propertyset name="spamdHost" value="spamd.server.mydomain.com"/> <!-- Change to your Spamassassin server ip -->
                        <propertyset name="spamdPort" value="783"/><!-- Spamd default port -->
                        <propertyset name="socketTimeout" value="45"/> <!-- Spamd has 45 secs to process the mail, after the plugin disconnects -->
                        <propertyset name="skipIfSizeMore" value="524288"/><!-- Most spam are small, the plugin will not scan big mail that are likely not spams -->
                </filterInit>
                
                <!-- connects to a clamav daemon, by tcp connection -->
                <filterInit name="antivirus" class="org.jsmtpd.plugins.filters.ClamAV.ClamAVFilter">
                        <propertyset name="clamdHost" value="spamd.server.mydomain.com"/> <!-- Change to your ClamAV server ip -->
                        <propertyset name="clamdPort" value="3310"/><!-- clamd default port -->
                        <propertyset name="socketTimeout" value="45"/>
                        <propertyset name="failOnError" value="true"/> <!-- If there is a virus in the mail, drop it regardless of the state of the filter tree -->
                </filterInit>

                <!-- Query realtime black list servers. Theses are in fact DNS requests against free services -->
                <filterInit class="org.jsmtpd.plugins.inputIPFilters.RBLFilter" name="rtBlackList">
                        <propertyset name="bypassLocal" value="true"></propertyset>
                        <propertyset name="RBLServer" value="sbl-xbl.spamhaus.org"></propertyset>
                        <propertyset name="RBLServer" value="whois.rfc-ignorant.org"></propertyset>
                        <propertyset name="RBLServer" value="relays.ordb.org"></propertyset>
                </filterInit>
                
                <!-- Ip registered here are rejected upon connection -->
                <filterInit class="org.jsmtpd.plugins.inputIPFilters.ExpireBlackList" name="blacklist">
                                <!-- Incoming connections from ACL's relayed host bypass this plugin -->
                                <propertyset name="bypassLocal" value="true"></propertyset>
                                <propertyset name="blacklistedIP" value="ip.of.a.smtp"></propertyset>
                                <!-- List is truncated ;) -->
                </filterInit>
                
                <!-- This is the ldap aliases rewriter. When someone sends me a mail at jfp@jsmtpd.org, it is changed by this plugin to my real system mailbox -->
                <!-- info about replacements is gathered from the ldap server -->
                <filterInit class="org.jsmtpd.plugins.filters.ldap.LdapBodyRewriter" name="ldap rewriter">
                                <propertyset name="adminBindDn" value="cn=directoryAdministor,dc=jsmtpd,dc=org"/>
                                <propertyset name="adminBindPassword" value="it's my top secret password"/>
                                <propertyset name="ldapUrl" value="ldap://address.of.the.ldap.server/"/>
                                <propertyset name="ldapUserProvider" value="ou=people,dc=jsmtpd,dc=org"/>
                </filterInit>
                
                <!-- The filter to attach signs -->
                <!-- A snippet is a template of sign -->
                <filterInit name="ReplaceSnippet" class="org.jsmtpd.plugins.filters.snippets.ReplaceSnippetFilter">
                        <propertyset name="path" value="path/to/snippets/"/>
                        <propertyset name="prefix" value="--"/>
                        <propertyset name="suffix" value=""/>
                 </filterInit>
                </filterInit-->

        </filtersetup>
        <inputIPFilterChain>
                        <ipFilter name="blacklist"/>
                        <ipFilter name="rtBlackList"/>
        </inputIPFilterChain>
        <!-- Filter the email contents folowing this tree, plugin names must be something loaded in filtersetup -->
        <!-- My strategy is to drop mail containing viruses -->
        <!-- Then recipients are rewritten -->
        <!-- After the are filtered by spam assassin -->
        <!-- Finnaly mails tagged spam and legitimate mails get snippet attached -->
        <!-- I do not drop spam mails tagged by spam assassin, in case spamassin takes a wrong decision -->
        <!-- I also read spam headers some times, it gives ideas of filter plugins ;) -->
        <!-- Spam mails are rewritten by spamassin: it adds a X-SPAM-FLAG field. On my mail client, a simple rule to move suspected spam (mail containing this header) to a separate folder -->
        <bodyFilterTree>
                <filter name="antivirus">
                        <true>
                                <filter name="ldap rewriter">
                                        <true>
                                                <filter name="antispam">
                                                        <true>
                                                                <filter name="ReplaceSnippet">
                                                                                        <true/>
                                                                                        <false/>
                                                                                </filter>
                                                        </true>
                                                        <false>
                                                                <filter name="ReplaceSnippet">
                                                                                        <true/>
                                                                                        <false/>
                                                                </filter>
                                                        </false>
                                                </filter>
                                        </true>
                                        <false/>
                                </filter>
                        </true>
                        <false/>
                </filter>
        </bodyFilterTree>

</jsmtpdsetup>