Sistema de correo con Postfix, OpenLDAP, Courier ((POP3&&IMAP) + SSL), SASL, Spamassassin, Amavis-new y SquirrelMail - Apéndice I. Archivo de configuración /etc/amavis/amavisd.conf

use strict;

---

# Configuration file for amavisd-new
# Defaults modified for the Debian amavisd-new package
# $Id: amavisd-amavisd.conf.xml,v 1.1 2004/06/29 20:33:32 sergio Exp $
#
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.

---

#Sections:
# Section I    - Essential daemon and MTA settings
# Section II   - MTA specific
# Section III  - Logging
# Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Section V    - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI   - Resource limits
# Section VII  - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging

---

#GENERAL NOTES:
#  This file is a normal Perl code, interpreted by Perl itself.
#  - make sure this file (or directory where it resides) is NOT WRITABLE
#    by mere mortals, otherwise it represents a severe security risk!
#  - for values which are interpreted as booleans, it is recommended
#    to use 1 for true, and 0 or undef or for false.
#    THIS IS DIFFERENT FROM OLDER AMAVIS VERSIONS where "no" also meant false,
#    now it means true, like any nonempty string does!
#  - Perl syntax applies. Most notably: strings in "" may include variables
#    (which start with $ or @); to include characters @ and $ in double
#    quoted strings, precede them by a backslash; in single-quoted strings
#    the $ and @ lose their special meaning, so it is usually easier to use
#    single quoted strings. Still, in both cases backslash needs to be doubled.
#  - variables with names starting with a '@' are lists, the values assigned
#    to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
#    note the comma-separation and parenthesis. If strings in the list
#    do not contain spaces nor variables, a Perl operator qw() may be used
#    as a shorthand to split its argument on whitespace and produce a list
#    of strings, e.g. qw( one@foo example.com three );  Note that the argument
#    to qw is quoted implicitly and no variable interpretation is done within
#    (no '$' variable evaluations). The #-initiated comments can not be used
#    within the string. In other words, $ and # lose their special meaning
#    within a qw argument, just like within '...' strings.
#  - all e-mail addresses in this file and as used internally by the daemon
#    are in their raw (rfc2821-unquoted and nonbracketed) form, i.e.
#    Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com
#    and not <"Bob \"Funny\" Dude"@example.com>; also: and not '<>'.

---

#
# Section I - Essential daemon and MTA settings
#

---

# $MYHOME serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $MYHOME is not used directly by the program. No trailing slash!
$MYHOME = '/var/lib/amavis';   # (default is '/var/amavis')

---

# $mydomain serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $mydomain is never used directly by the program.
$mydomain = 'gsr.pt';      # (no useful default)

---

# Set the user and group to which the daemon will change if started as root
# (otherwise just keeps the UID unchanged, and these settings have no effect):
$daemon_user  = 'amavis'; # (no default (undef))
$daemon_group = 'amavis'; # (no default (undef))

---

# Runtime working directory (cwd), and a place where
# temporary directories for unpacking mail are created.
# if you change this, you might want to modify the cleanup()
# function in /etc/init.d/amavisd-new
# (no trailing slash, may be a scratch file system)
$TEMPBASE = $MYHOME;           # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean?

---

# $helpers_home sets environment variable HOME, and is passed as option
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
# on a normal persistent file system, not a scratch or temporary file system
#$helpers_home = $MYHOME;      # (defaults to $MYHOME)

---

# Run the daemon in the specified chroot jail if nonempty:
#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)

---

$pid_file  = "/var/run/amavis/amavisd.pid";  # (default: "$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")

---

# set environment variables if you want (no defaults):
$ENV{TMPDIR} = $TEMPBASE;       # wise, but usually not necessary
#...

---

# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
# both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'

---

# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
$forward_method = 'smtp:127.0.0.1:10025';  # where to forward checked mail
$notify_method = $forward_method;          # where to submit notifications

---

# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
#       uncomment the appropriate settings below if using other setups!

---

# SENDMAIL MILTER, using amavis-milter.c helper program:
# SEE amavisd-new-milter package docs FOR DEBIAN INSTRUCTIONS
#$forward_method = undef;  # no explicit forwarding, sendmail does it by itself
# milter; option -odd is needed to avoid deadlocks
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd \
#                                                -f ${sender} -- ${recipient}';
# just a thought: can we use use -Am instead of -odd ?

---

# SENDMAIL (old non-milter setup, as relay):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail \
#                      -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;

---

# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
#$forward_method = undef;  # no explicit forwarding, amavis.c will call LDA
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i \
#                                                 -f ${sender} -- ${recipient}';

---

# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i \
#                                         -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;

---

# prefer to collect mail for forwarding as BSMTP files?
#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
#$notify_method = $forward_method;

---

# Net::Server pre-forking settings
# You may want $max_servers to match the width of your MTA pipe
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp
#
$max_servers  =  2;   # number of pre-forked children          (default 2)
$max_requests = 10;   # retire a child after that many accepts (default 10)

---

$child_timeout=5*60;  # abort child if it does not complete each task in n sec
                      # (default: 8*60 seconds)

---

# Check also the settings of @av_scanners at the end if you want to use
# virus scanners. If not, you may want to delete the whole long assignment
# to the variable @av_scanners, which will also remove the virus checking
# code (e.g. if you only want to do spam scanning).

---

# Here is a QUICK WAY to completely DISABLE some sections of code
# that WE DO NOT WANT (it won't even be compiled-in).
# For more refined controls leave the following two lines commented out,
# and see further down what these two lookup lists really mean.
#
# @bypass_virus_checks_acl = qw( . );  # uncomment to DISABLE anti-virus code
# @bypass_spam_checks_acl  = qw( . );  # uncomment to DISABLE anti-spam code
#
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
#@bypass_spam_checks_acl  = qw( . );    # No default dependency on spamassassin

---

# Lookup list of local domains (see README.lookups for syntax details)
#
# NOTE:
#   For backwards compatibility the variable names @local_domains (old) and
#   @local_domains_acl (new) are synonyms. For consistency with other lookups
#   the name @local_domains_acl is now preferred. It also makes it more
#   obviously distinct from the new %local_domains hash lookup table.
#
# local_domains* lookup tables are used in deciding whether a recipient
# is local or not, or in other words, if the message is outgoing or not.
# This affects inserting spam-related headers for local recipients,
# limiting recipient virus notifications (if enabled) to local recipients,
# in deciding if address extension may be appended, and in SQL lookups
# for non-fqdn addresses. Set it up correctly if you need features
# that rely on this setting (or just leave empty otherwise).
#
# With Postfix (2.0) a quick reminder on what local domains normally are:
# a union of domains specified in: $mydestination, $virtual_alias_domains,
# $virtual_mailbox_domains, and $relay_domains.
#
@local_domains_acl = ( ".$mydomain" );  # $mydomain and its subdomains
# @local_domains_acl = ( ".$mydomain", "my.other.domain" );
# @local_domains_acl = qw();  # default is empty, no recipient treated as local
# @local_domains_acl = qw( .example.com );
#@local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net);

---

# or alternatively(A), using a Perl hash lookup table, which may be assigned
# directly, or read from a file, one domain per line; comments and empty lines
# are ignored, a dot before a domain name implies its subdomains:
#
#read_hash(\%local_domains, '/etc/amavis/local_domains');

---

#or alternatively(B), using a list of regular expressions:
# $local_domains_re = new_RE( qr'[@.]example\.com$'i );
#
# see README.lookups for syntax and semantics

---

#
# Section II - MTA specific (defaults should be ok)
#

---

# if $relayhost_is_client is true, the IP address in $notify_method and
# $forward_method is dynamically overridden with SMTP client peer address
# (if available), which makes it possible for several hosts to share one
# daemon.  The static port number is also overridden, and is dynamically
# calculated  as being one above the incoming SMTP/LMTP session port number.
#
# These are logged at level 3, so enable logging until you know you got it
# right.
$relayhost_is_client = 0;         # (defaults to false)

---

$insert_received_line = 1;        # behave like MTA: insert 'Received:' header
          # (does not apply to sendmail/milter)
          # (default is true (1) )

---

# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
#   (used with amavis helper clients like amavis-milter.c and amavis.c,
#   NOT needed for Postfix and Exim  or dual-sendmail - keep it undefined.)
#$unix_socketname = "/var/lib/amavis/amavisd.sock"; # amavis helper protocol
                                                    # socket
$unix_socketname = undef;         # disable listening on a unix socket
                                  # (default is undef, i.e. disabled)

---

# Do we receive quoted or raw addresses from the helper program?
# (does not apply to SMTP;  defaults to true)
#$gets_addr_in_quoted_form = 1;   # "Bob \"Funny\" Dude"@example.com
#$gets_addr_in_quoted_form = 0;   # Bob "Funny" Dude@example.com

---

# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024;        # accept SMTP on this local TCP port
                                  # (default is undef, i.e. disabled)
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];

---

# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
#
# when MTA is at the same host, use the following (one or the other or both):
$inet_socket_bind = '127.0.0.1';  # limit socket bind to loopback interface
                                  # (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 );      # allow SMTP access only from localhost IP
                                  # (default is qw( 127.0.0.1 ) )

---

# when MTA (one or more) is on a different host, use the following:
# @inet_acl = qw(127/8 10.1.0.1 10.1.0.2);  # adjust the list as appropriate
# $inet_socket_bind = undef;      # bind to all IP interfaces if undef
#
# Example1:
# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
# permit only SMTP access from loopback and rfc1918 private address space
#
# Example2:
# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
#   127.0.0.1 10/8 172.16/12 192.168/16 );
# matches loopback and rfc1918 private address space except host 192.168.1.12
# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
#
# Example3:
# @inet_acl = qw( 127/8
#   !172.16.3.0   !172.16.3.127 172.16.3.0/25
#   !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
# matches loopback and both halves of the 172.16.3/24 C-class,
# split into two subnets, except all four broadcast addresses
# for these subnets
#
# See README.lookups for details on specifying access control lists.

---

#
# Section III - Logging
#

---

# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file
$DO_SYSLOG = 1;                 # (defaults to false)
#$SYSLOG_LEVEL = 'user.info';   # (defaults to 'mail.info')

---

# Log file (if not using syslog)
$LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)

---

#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
#$log_level = 2; # (defaults to 0)

---

# Customizable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')
# For a list of available macros see README.customize .

---

# only log infected messages (useful with log level 0):
# $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])]#
# [? %#V |[? %#F ||, from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]#
# |, from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]';

---

# log both infected and noninfected messages (default):
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type \
                                                    (%F)] |INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';

---

#
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
#

---

# Select notifications text encoding when Unicode-aware Perl is converting
# text from internal character representation to external encoding (charset
# in MIME terminology). Used as argument to Perl Encode::encode subroutine.
#
#   to be used in RFC 2047-encoded header field bodies, e.g. in Subject:---#$hdr_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
#
#   to be used in notification body text: its encoding and Content-type.charset
#$bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')

---

# Default template texts for notifications may be overruled by directly
# assigning new text to template variables, or by reading template text
# from files. A second argument may be specified in a call to read_text(),
# specifying character encoding layer to be used when reading from the
# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
# Text will be converted to internal character representation by Perl 5.8.0
# or later; second argument is ignored otherwise. See PerlIO::encoding,
# Encode::PerlIO and perluniintro man pages.
#
# $notify_sender_templ      = read_text('/var/amavis/notify_sender.txt');
# $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
# $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
# $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
# $notify_spam_admin_templ  = read_text('/var/amavis/notify_spam_admin.txt');

---

# If notification template files are collectively available in some directory,
# use read_l10n_templates which calls read_text for each known template.
#
#   read_l10n_templates('/etc/amavis/en_US');
#
# Debian available locales: en_US, pt_BR
read_l10n_templates('en_US', '/etc/amavis');

---

# Here is an overall picture (sequence of events) of how pieces fit together
# (only virus controls are shown, spam controls work the same way):
#
#   bypass_virus_checks?

> PASS
#   no viruses?  

> PASS
#   log virus     if $log_templ is nonempty
#   quarantine    if $virus_quarantine_to is nonempty
#   notify admin  if $virus_admin (lookup) nonempty
#   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
#   add address extensions if adding extensions is enabled and virus will pass
#   send (non-)delivery notifications
#      to sender if DSN needed (BOUNCE or ($warn_virus_sender and D_PASS))
#   virus_lovers or final_destiny

D_PASS 

> PASS
#   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
#
# Equivalent flow diagram applies for spam checks.
# If a virus is detected, spam checking is skipped entirely.

---

# The following symbolic constants can be used in *destiny settings:
#
# D_PASS     mail will pass to recipients, regardless of bad contents;
#
# D_DISCARD  mail will not be delivered to its recipients, sender will NOT be
#            notified. Effectively we lose mail (but will be quarantined
#            unless disabled). Losing mail is not decent for a mailer,
#            but might be desired.
#
# D_BOUNCE   mail will not be delivered to its recipients, a non-delivery
#            notification (bounce) will be sent to the sender by amavisd-new;
#            Exception: bounce (DSN) will not be sent if a virus name matches
#            $viruses_that_fake_sender_re, or to messages from mailing lists
#            (Precedence: bulk|list|junk);
#
# D_REJECT   mail will not be delivered to its recipients, sender should
#            preferably get a reject, e.g. SMTP permanent reject response
#            (e.g. with milter), or non-delivery notification from MTA
#            (e.g. Postfix). If this is not possible (e.g. different recipients
#            have different tolerances to bad mail contents and not using LMTP)
#            amavisd-new sends a bounce by itself (same as D_BOUNCE).
#
# Notes:
#   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
#            for informing the sender about non-delivery, and how informative
#            the notification can be (amavisd-new knows more than MTA);
#   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
#            notification, colloquially called 'bounce') - depending on MTA;
#            Best suited for sendmail milter, especially for spam.
#   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
#            reason for mail non-delivery, but unable to reject the original
#            SMTP session). Best suited to reporting viruses, and for Postfix
#            and other dual-MTA setups, which can't reject original client SMTP
#            session, as the mail has already been enqueued.

---

$final_virus_destiny      = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
$final_spam_destiny       = D_PASS;  # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested

---

# Alternatives to consider for spam:
# - use D_PASS if clients will do filtering based on inserted mail headers;
# - use D_DISCARD, if kill_level is set safely high;
# - use D_BOUNCE instead of D_REJECT if not using milter;
#
# D_BOUNCE is preferred for viruses, but consider:
# - use D_DISCARD to avoid bothering the rest of the network, it is hopeless
#   to try to keep up with the viruses that faker the envelope sender anyway,
#   and bouncing only increases the network cost of viruses for everyone
# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
#   virus storm;
#
# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
# to D_BOUNCE.
#
# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
# and D_PASS made settings $warnvirussender and $warnspamsender only still
# useful with D_PASS.

---

# The following $warn*sender settings are ONLY used when mail is
# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
# Bounces or rejects produce non-delivery status notification anyway.

---

# Notify virus sender?
#$warnvirussender = 1; # (defaults to false (undef))

---

# Notify spam sender?
#$warnspamsender = 1; # (defaults to false (undef))

---

# Notify sender of banned files?
#$warnbannedsender = 1; # (defaults to false (undef))

---

# Notify sender of syntactically invalid header containing non-ASCII characters?
#$warnbadhsender = 1; # (defaults to false (undef))

---

# Notify virus (or banned files) RECIPIENT?
#  (not very useful, but some policies demand it)
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))

---

# Notify also non-local virus/banned recipients if $warn*recip is true?
#  (including those not matching local_domains*)
#$warn_offsite = 1;    # (defaults to false (undef), i.e. only notify locals)

---

# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax.
#
$viruses_that_fake_sender_re = new_RE(
  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse'i,
  [qr'^(EICAR\.COM|Joke\.|Junk\.)'i           => 0],
  [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i         => 0],
  # [qr/.*/ => 1],   # true by default?
);

---

# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
# - the administrator address may be a simple fixed e-mail address (a scalar),
#   or may depend on the SENDER address (e.g. its domain), in which case
#   a ref to a hash table can be specified (specify lower-cased keys,
#   dot is a catchall, see README.lookups).
#
#   Empty or undef lookup disables virus admin notifications.

---

# $virus_admin = undef;   # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => , '.' => 'virusalert@example.com'};
# $virus_admin = 'virus-admin@example.com';
$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default

---

# equivalent to $virus_admin, but for spam admin notifications:
# $spam_admin = "spamalert\@$mydomain";
# $spam_admin = undef;    # do not send spam admin notifications (default)
# $spam_admin = {'not.example.com' => , '.' => 'spamalert@example.com'};

---

#advanced example, using a hash lookup table:
#$virus_admin = {
# 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com',
# '.sub1.example.com'  => 'virusalert@sub1.example.com',
# '.sub2.example.com'  => ,                  # don't send admin notifications
# 'a.sub3.example.com' => 'abuse@sub3.example.com',
# '.sub3.example.com'  => 'virusalert@sub3.example.com',
# '.example.com'       => 'noc@example.com',   # catchall for our virus senders
# '.'                  => 'virusalert@hq.example.com',  # catchall for the rest
#};

---

# whom notification reports are sent from (ENVELOPE SENDER);
# may be a null reverse path, or a fully qualified address:
#   (admin and recip sender addresses default to $mailfrom
#   for compatibility, which in turn defaults to undef (empty) )
#   If using strings in double quotes, don't forget to quote @, i.e. \@
#
#$mailfrom_notify_admin     = "virusalert\@$mydomain";
#$mailfrom_notify_recip     = "virusalert\@$mydomain";
#$mailfrom_notify_spamadmin = "spam.police\@$mydomain";

---

# 'From' HEADER FIELD for sender and admin notifications.
# This should be a replyable address, see rfc1894. Not to be confused
# with $mailfrom_notify_sender, which is the envelope return address
# and should be empty (null reverse path) according to rfc2821.
#
# The syntax of the 'From' header field is specified in rfc2822, section
# '3.4. Address Specification'. Note in particular that display-name must be
# a quoted-string if it contains any special characters like spaces and dots.
#
# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';
# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';
#   (defaults to: "amavisd-new <postmaster\@$myhostname>")
# $hdrfrom_notify_admin = $mailfrom_notify_admin;
#   (defaults to: $mailfrom_notify_admin)
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
#   (defaults to: $mailfrom_notify_spamadmin)

---

# whom quarantined messages appear to be sent from (envelope sender)
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
                                 # (default is undef)

---

# Location to put infected mail into: (applies to 'local:' quarantine method)
#   empty for not quarantining, may be a file (mailbox),
#   or a directory (no trailing slash)
#   (the default value is undef, meaning no quarantine)
#
$QUARANTINEDIR = '/var/lib/amavis/virusmails';