use strict;

#
# Section II - MTA specific (defaults should be ok)
#

#$insert_received_line = 1;       # behave like MTA: insert 'Received:' header
			          # (does not apply to sendmail/milter)
			          # (default is true)

# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with amavisd-release, or
#   sendmail milter through helper clients like amavis-milter.c and amavis.c)
#   option(s) -p overrides $inet_socket_port and $unix_socketname
#$unix_socketname = '/var/run/amavis/amavisd.sock'; # amavis helper protocol socket
#$unix_socketname = undef;        # disable listening on a unix socket
                                  # (default is undef, i.e. disabled)
                                  # (usual setting is $MYHOME/amavisd.sock)

# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024;        # accept SMTP on this local TCP port
                                  # (default is undef, i.e. disabled)
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];

# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
#
# when MTA is at the same host, use the following (one or the other or both):
#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
                                  # (default is '127.0.0.1')
@inet_acl = qw(127.0.0.1 [::1]);  # allow SMTP access only from localhost IP
                                  # (default is qw(127.0.0.1 [::1]) )

# when MTA (one or more) is on a different host, use the following:
#@inet_acl = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2);  # adjust list as needed
#$inet_socket_bind = undef;       # bind to all IP interfaces if undef

#
# Example1:
# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
# permit only SMTP access from loopback and rfc1918 private address space
#
# Example2:
# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
#		  127.0.0.1 10/8 172.16/12 192.168/16 );
# matches loopback and rfc1918 private address space except host 192.168.1.12
# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
#
# Example3:
# @inet_acl = qw( 127/8
#		  !172.16.3.0   !172.16.3.127 172.16.3.0/25
#		  !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
# matches loopback and both halves of the 172.16.3/24 C-class,
# split into two subnets, except all four broadcast addresses
# for these subnets


# @mynetworks is an IP access list which determines if the original SMTP client
# IP address belongs to our internal networks, i.e. mail is coming from inside.
# It is much like the Postfix parameter 'mynetworks' in semantics and similar
# in syntax, and its value should normally match the Postfix counterpart.
# It only affects the value of a macro %l (=sender-is-local),
# and the loading of policy 'MYNETS' if present (see below).
# Note that '-o smtp_send_xforward_command=yes' (or its lmtp counterpart)
# must be enabled in the Postfix service that feeds amavisd, otherwise
# client IP address is not available to amavisd-new.
#
# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );  # default
#
# A list of networks can also be read from a file, either as an IP acl in
# CIDR notation, one address per line (comments and empty lines are allowed):
#   @mynetworks_maps = (read_array('/etc/amavisd-mynetworks'), \@mynetworks);
#
# or less flexibly (but provides faster lookups for large lists) by reading
# into a hash lookup table, which only allows for full addresses or classful
# IPv4 subnets with truncated octets, such as 127, 10, 192.168, 10.11.12.13,
# one address per line (comments and empty lines are allowed):
#   @mynetworks_maps = (read_hash('/etc/amavisd-mynetworks'), \@mynetworks);

# See README.lookups for details on specifying access control lists.

1;  # insure a defined return
