use strict;

#
# Section IX - Policy banks (dynamic policy switching)
#

## Define some policy banks (sets of settings) and give them
## arbitrary names (the names '', 'MYNETS' and 'MYUSERS' have special meaning):
#
# $policy_bank{'ALT'} = {
#   log_level => 3,
#   syslog_ident => 'alt-amavis',
#   syslog_facility => 'LOCAL3',
#   inet_acl => [qw( 10.0.1.14 )],
#   final_spam_destiny => D_PASS, final_bad_header_destiny => D_PASS,
#   forward_method => 'smtp:*:*',
#   notify_method  => 'smtp:[127.0.0.1]:10025',
#   virus_admin_maps => "abuse\@$mydomain",
#   spam_lovers_maps => [@spam_lovers_maps, [qw( abuse@example.com )]],
#   spam_tag_level_maps  => 2.1,
#   spam_tag2_level_maps => 6.32,
#   spam_kill_level_maps => 6.72,
#   spam_dsn_cutoff_level_maps => 8,
#   defang_spam => 1,
#   local_client_bind_address => '10.11.12.13',
#   localhost_name => 'amavis.example.com',
#   smtpd_greeting_banner =>
#     '${helo-name} ${protocol} ${product} ${version-id} (${version-date}) TEST service ready';
#   auth_mech_avail => [qw(PLAIN LOGIN)],
#   auth_required_inp => 1,
#   auth_required_out => 1,
#   amavis_auth_user => 'amavisd', amavis_auth_pass = 'tOpsecretX',
#   av_scanners => [  # provide only 'free' scanners
#     ['ClamAV-clamd',
#       \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#       qr/\bOK$/, qr/\bFOUND$/,
#       qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
#     ],
#   ],
#   av_scanners_backup => [
#     ['ClamAV-clamscan', 'clamscan',
#       "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
#       qr/^.*?: (?!Infected Archive)(.*) FOUND$/,
#     ],
#   ],
# };

# NOTE: the use of policy banks for changing protocol on the input socket is
# only needed when different protocols need to be spoken on different sockets
# at the same time. For normal use just set globally e.g.: $protocol='AM.PDP';
#
#$policy_bank{'AM.PDP-SOCK'} = {
#  protocol => 'AM.PDP',  # Amavis policy delegation protocol
#  auth_required_release => 0,  # do not require secret_id for amavisd-release
#};
#
#$policy_bank{'AM.PDP-INET'} = {
#  protocol => 'AM.PDP',  # Amavis policy delegation protocol
#  inet_acl => [qw( 127.0.0.1 [::1] )],  # restrict to these IP addresses
#};
#
## the name 'MYNETS' has special semantics: this policy bank gets loaded
## whenever MTA supplies the original SMTP client IP address (Postfix XFORWARD
## extension or a new AM.PDP protocol) and that address matches @mynetworks.
#
# $terminate_dsn_on_notify_success = 1;
# $policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
#   originating => 1,  # is true in MYNETS by deflt, but let's make it explicit
#   terminate_dsn_on_notify_success => 0,
#   spam_kill_level_maps => 6.9,
#   syslog_facility => 'LOCAL4',  # tell syslog to log to a separate file
#   virus_admin_maps => ["virusalert\@$mydomain"], # alert of internal viruses
#   spam_admin_maps  => ["spamalert\@$mydomain"],  # alert of internal spam
#   bypass_spam_checks_maps   => [1],  # or: don't spam-check internal mail
#   bypass_banned_checks_maps => [1],  # don't banned-check internal mail
#   warnbadhsender => 1,  # warn local senders about their broken MUA
#   banned_filename_maps => ['MYNETS-DEFAULT'], # more permissive banning rules
#   spam_quarantine_cutoff_level_maps => undef, # quarantine all local spam
#   spam_dsn_cutoff_level_maps => undef,  # ensure NDN regardless of spam level
#   spam_dsn_cutoff_level_bysender_maps => # but only from local domain senders
#     [ { lc(".$mydomain") => undef,  '.' => 15 } ],
# };

## the name 'MYUSERS' has special semantics: this policy bank gets loaded
## whenever the sender matches @local_domains_maps. This only makes sense
## if local sender addresses can be trusted -- for example by requiring
## authentication before letting users send with their local address.
#
# $policy_bank{'MYUSERS'} = {
#   final_virus_destiny => D_BOUNCE, # bounce only to authenticated local users
#   final_banned_destiny=> D_BOUNCE,
# };


## Now we can assign policy banks to amavisd tcp port numbers listed in
## $inet_socket_port. Whenever the connection from MTA is received, first
## a built-in policy bank $policy_bank{''} gets loaded, which bringings-in
## all the global/legacy settings, then it gets overlaid by the bank
## named in the $interface_policy{$port} if any, and finally the bank
## 'MYNETS' is overlaid if it exists and the SMTP client IP address
## is known (by XFORWARD command from MTA) and it matches @mynetworks.

# $interface_policy{'10026'} = 'ALT';

# used by amavisd-release utility of a new AM.PDP-based amavis-milter client
#$interface_policy{'9998'} = 'AM.PDP-INET';
#$interface_policy{'SOCK'} = 'AM.PDP-SOCK';


# Want to execute additional configuration files from some directory?
#
#{ my($d) = '/etc/amavis/conf.d';  # do *.cf or *.conf files in this directory
#  local(*D); opendir(D,$d) or die "Can't open dir $d: $!";
#  my(@d) = sort grep {/\.(cf|conf)$/ && -f} map {/^(.*)$/,"$d/$1"} readdir(D);
#  closedir(D) or die "Can't close $d: $!";
#  for my $f (@d) {
#    printf("Reading config file %s\n", $f); $!=0;
#    if (defined(do $f)) {}
#    elsif ($@ ne '') { die "Error in $f: $@" }
#    elsif ($! != 0)  { die "Error reading $f: $!" }
#  }
#}

1;  # insure a defined return
