After upgrading a customers SBG 8.0.3 boxes (running on ESXi) that were rock solid to 9.0.0-20 they're getting contstant MTA crashes like this:
mta crashed on signal 6 on FQDN
exit code: 0x0086
or
mta crashed on signal 11 on FQDN
exit code: 0x008B
This is a major problem as it's slowing down inbound mail signifigantly having to wait for the MTA to reset itself.
Here's the output that's sent in the crash notifications:
Program output:
# ########################################################
# General Configuration
# ########################################################
# listener for console control
Control_Listener = (
"/data/mta/var/console~5" < file_mode="0660" >
)
# ########################################################
# SMTP Listeners
# ########################################################
Esmtp_Listener = (
"10.0.1.10:587,200" < proto="ipv4" status="disabled" > [
0.0.0.0/0 = (
ENHANCEDSTATUSCODES [
extension = "ENHANCEDSTATUSCODES"
]
context [
sms_listener_id = "1"
sms_reverse_dns = "false"
sms_pathway_query = ""
]
personality [
banner_hostname = "mx3.domain.com"
received_hostname = "mx3.domain.com"
]
TLS [
extension = "STARTTLS"
]
LOGIN [
extension_argument = "LOGIN"
uri = "sms_auth_scheme://"
extension = "AUTH"
]
Relay_Hosts = (0.0.0.0/0
)
continue
)
10.0.1.10/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
10.0.1.11/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
]
"10.0.1.10:41016,200" < proto="ipv4" status="enabled" > [
0.0.0.0/0 = (
ENHANCEDSTATUSCODES [
extension = "ENHANCEDSTATUSCODES"
]
context [
sms_listener_id = "2"
sms_reverse_dns = "false"
sms_pathway_query = "listener = 'inboundvirus'"
]
personality [
banner_hostname = "mx3.domain.com"
received_hostname = "mx3.domain.com"
]
TLS [
extension = "STARTTLS"
]
Relay_Hosts = (0.0.0.0/0
)
continue
)
10.0.1.10/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
10.0.1.11/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
]
"10.0.1.11:25,200" < status="enabled" proto="ipv4" > [
0.0.0.0/0 = (
ENHANCEDSTATUSCODES [
extension = "ENHANCEDSTATUSCODES"
]
context [
sms_pathway_query = "listener = 'dlp_bypass' OR listener = 'outbound'"
sms_reverse_dns = "false"
sms_listener_id = "3"
]
personality [
banner_hostname = "mx3.domain.com"
received_hostname = "mx3.domain.com"
]
TLS [
extension = "STARTTLS"
]
Relay_Hosts = (0.0.0.0/0
)
continue
)
10.0.1.10/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
10.0.1.11/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
]
"10.0.1.10:41017,200" < proto="ipv4" status="enabled" > [
0.0.0.0/0 = (
ENHANCEDSTATUSCODES [
extension = "ENHANCEDSTATUSCODES"
]
context [
sms_listener_id = "4"
sms_reverse_dns = "false"
sms_pathway_query = "listener = 'outboundvirus'"
]
personality [
received_hostname = "mx3.domain.com"
banner_hostname = "mx3.domain.com"
]
TLS [
extension = "STARTTLS"
]
Relay_Hosts = (0.0.0.0/0
)
continue
)
10.0.1.10/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
10.0.1.11/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
]
"10.0.1.10:25,200" < proto="ipv4" status="enabled" > [
0.0.0.0/0 = (
ENHANCEDSTATUSCODES [
extension = "ENHANCEDSTATUSCODES"
]
context [
sms_listener_id = "5"
sms_reverse_dns = "false"
sms_pathway_query = "listener = 'inbound'"
]
personality [
banner_hostname = "mx3.domain.com"
received_hostname = "mx3.domain.com"
]
TLS [
extension = "STARTTLS"
]
Relay_Hosts = (0.0.0.0/0
)
continue
)
10.0.1.10/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
10.0.1.11/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
]
"10.0.1.10:41015,200" < status="enabled" proto="ipv4" > [
0.0.0.0/0 = (
ENHANCEDSTATUSCODES [
extension = "ENHANCEDSTATUSCODES"
]
context [
sms_reverse_dns = "false"
sms_pathway_query = "listener = 'mte'"
sms_listener_id = "6"
]
personality [
banner_hostname = "mx3.domain.com"
received_hostname = "mx3.domain.com"
]
TLS [
extension = "STARTTLS"
]
Relay_Hosts = (0.0.0.0/0
)
continue
)
10.0.1.10/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
10.0.1.11/32 = (
context [
sms_connection_from_self = "true"
]
continue
)
]
)
Module datasource/ds_core ds_core < debug_level="warning" > {
aliases [
max_rows = "-1"
uri = "sqlite:/data/mta/etc/aliases.db"
]
masquerade_outbound [
uri = "sqlite:/data/mta/etc/masquerade_outbound.db"
]
domains [
uri = "sqlite:/data/mta/etc/domains.db"
]
restrictions [
uri = "sqlite:/data/mta/etc/restrictions.db"
max_rows = "-1"
]
masquerade_inbound [
uri = "sqlite:/data/mta/etc/masquerade_inbound.db"
]
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmscore sms_pathway_integration < debug_level="warning" > {
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception smsmboxfix < debug_level="warning" > {
}
Module generic/icu icu {
}
Module datasource/ds_sqlite ds_sqlite {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmssmtpauth sms_smtp_auth_ds < debug_level="warning" > {
}
Module generic/cidrdb cidrdb {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsdelivery sms_smtp_client < debug_level="warning" > {
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmslogger sms_logger < debug_level="warning" > {
mtaLogLevel = "4"
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception smsbatv < debug_level="warning" > {
sms_bmiconfig_file = "/data/scanner/etc/bmiconfig.xml"
}
Module generic/sievelib sievelib {
Unknown sievelib command
}
Module generic/spf_macros spf_macros {
}
Validate validate/spf spf_v1 {
default_rule = "?all"
default_pra_rule = "?all"
add_headers = "true"
add_authentication_results = "false"
context_variable = "spf_status"
context_pra_variable = "senderid_pra_status"
permerror_code = "250"
pass_code = "250"
neutral_code = "250"
fail_code = "250"
fail_fallback_string = "SPF validation failure"
softfail_code = "250"
softfail_fallback_string = "SPF validation soft failure"
nxdomain_code = "550"
nxdomain_override_string = "Could not resolve sender's domain"
temperror_code = "250"
temperror_override_string = "Temporary SPF failure"
unknown_code = "250"
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_dkim < debug_level="warning" > {
Max_Dkim_Results = "10"
}
Validate validate/dkim dkim_validate < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_received_header < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_recipient_list_header < debug_level="warning" > {
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_smtp_cancel < debug_level="warning" > {
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_missing_headers < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_rcpt_val < debug_level="warning" > {
}
Validate validate/alias alias < debug_level="warning" > {
alias:full [
cache = "aliases"
map = "simple"
query = "SELECT rval from full_to_full where llp = :lp AND ldomain LIKE :domain"
]
alias:domain [
map = "simple"
query = "SELECT :lp || rdomain from domain_to_domain where ldomain LIKE :domain"
cache = "aliases"
]
map:simple [
lp = "%{localpart}"
rcpt = "%{rcptto}"
domain = "@%{domain}"
]
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_masquerade_headers < debug_level="warning" > {
masq:domain_to_full_inbound [
cache = "masquerade_inbound"
query = "SELECT rval from domain_to_full where lval LIKE :domain"
map = "simple"
]
masq:domain_inbound [
map = "simple"
query = "SELECT :lp || rdomain from domain_to_domain where ldomain LIKE :domain"
cache = "masquerade_inbound"
]
masq:full_outbound [
query = "SELECT rval from full_to_full where llp = :lp AND ldomain LIKE :domain"
map = "simple"
cache = "masquerade_outbound"
]
masq:domain_to_full_outbound [
map = "simple"
cache = "masquerade_outbound"
query = "SELECT rval from domain_to_full where lval LIKE :domain"
]
masq:full_inbound [
query = "SELECT rval from full_to_full where llp = :lp AND ldomain LIKE :domain"
cache = "masquerade_inbound"
map = "simple"
]
masq:domain_outbound [
map = "simple"
cache = "masquerade_outbound"
query = "SELECT :lp || rdomain from domain_to_domain where ldomain LIKE :domain"
]
map:simple [
lp = "%{localpart}"
addr = "%{addr}"
domain = "@%{domain}"
]
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception smspostmaster < debug_level="warning" > {
admin_address = "
postmaster@domain.com"
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_authentication_results < debug_level="warning" > {
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_hard_error_limit < debug_level="warning" > {
sms_hard_error_limit = "1024"
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsreception sms_smtp_fixup < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsqueue sms_dsn_params < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsqueue sms_queue < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmssuffixdb smssuffixdb < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmscore sms_blobject < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmscore sms_generate_mail_raw < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmscore sms_get_domain_settings < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmscore sms_badmsg_params < debug_level="warning" > {
sms_badmsg_notification_address = "
postmaster@domain.com"
sms_badmsg_queue = "/data/mta/bad-messages"
}
Validate validate/inbound_audit inbound_audit {
}
Validate validate/sieve sieve {
cache_size = "200"
cache_life = "260"
connect_phase1 = "/opt/Symantec/Brightmail/mta/sieve/connect.siv"
ehlo_phase1 = "/opt/Symantec/Brightmail/mta/sieve/ehlo.siv"
mailfrom_phase1 = "/opt/Symantec/Brightmail/mta/sieve/mailfrom.siv"
rcptto_phase1 = "/opt/Symantec/Brightmail/mta/sieve/rcptto.siv"
data_phase1 = "/opt/Symantec/Brightmail/mta/sieve/data.siv"
set_binding_phase1 = "/opt/Symantec/Brightmail/mta/sieve/set_binding.siv"
hook:core_log_permanent_failure_v1 [
pool = "DSN"
script = "/opt/Symantec/Brightmail/mta/sieve/bounce_dsn.siv"
async = "snapshot"
]
hook:delay_dsn_send_notification [
pool = "DSN"
script = "/opt/Symantec/Brightmail/mta/sieve/delay_dsn.siv"
return = "1"
async = "snapshot"
]
hook:bad_msg_send_notification [
script = "/opt/Symantec/Brightmail/mta/sieve/badmsg_notification.siv"
async = "false"
]
hook:core_final_validation [
async = "false"
script = "/opt/Symantec/Brightmail/mta/sieve/dkim_sign.siv"
]
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsstats sms_stats < debug_level="warning" > {
calc_interval = "5"
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsrouting sms_routing < debug_level="warning" > {
clean_per_iter = "2"
default_local = ( "[mail.colo.domain.com]" )
dlp = ( "[10.0.1.11]:25?pref=65535" )
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsintegration sms_integration < debug_level="warning" > {
sms_bmiconfig_file = "/data/scanner/etc/bmiconfig.xml"
sms_hostname = "mx3.domain.com"
sms_firewall_threadpool_id = "SMS_Firewall_Threads"
sms_content_threadpool_id = "SMS_Content_Threads"
sms_badmsg_threadpool_id = "SMS_BadMsg_Threads"
sms_max_mds_cache_size = "524288"
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsintegration sms_fw_stats < debug_level="warning" > {
sms_stats_dir = "/data/scanner/stats"
}
Module generic/delay_dsn delay_dsn {
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmscore sms_core < debug_level="warning" > {
sms_inbound_queue_paused = "false"
sms_outbound_queue_paused = "false"
sms_scanning_paused = "false"
sms_deferred_retry_interval = "30"
sms_badmsg_enabled = "true"
sms_badmsg_retries = "2"
sms_max_batch_size = "100"
sms_dsn_message_expiration = "86400"
sms_postmaster_address = "
null@domain.com"
}
Validate /opt/Symantec/Brightmail/mta/lib/libsmsauditlogger sms_auditlogger < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmscore sms_get_config < debug_level="warning" > {
dns_reputation_domain = "zodiac.brightmail.com"
data_dir = "/data/mta"
dns_reputation_domain_enabled = "true"
software_dir = "/opt/Symantec/Brightmail/mta"
authsvr_id = ""
}
Module /opt/Symantec/Brightmail/mta/lib/libsmscore batch < debug_level="warning" > {
batch_db_path = "/data/mta/var/batch_ids"
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsdelivery sms_dds_alias < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsdelivery sms_smtp_post_read < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsdelivery sms_delivery_tls < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmsdelivery sms_banner_fail < debug_level="warning" > {
}
Module /opt/Symantec/Brightmail/mta/lib/libsmspickup sms_pickup < debug_level="warning" > {
pickup_interval = "10"
}
Validate validate/dkim dkim_sign < debug_level="warning" > {
digest = "rsa-sha256"
header_canon = "simple"
body_canon = "simple"
headerlist = "From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive"
sign_condition = "can_relay"
copy_headers = "false"
all_headers = "false"
body_length_limit = "false"
}
# Enable generation of delay DSNs. We hook this, so they are
# generated in Sieve.
# Generate_Delay_DSN = true
# Set hostname for EHLO
EHLO_Hostname = "mx3.domain.com"
Allow_8Bit_Localparts = false
Body_Timeout = 600
# ########################################################
# Timeouts
# ########################################################
Connect_Timeout = 30
# This is intentionally a bogus domain, for dealing with
# postmaster unquafified address
# NOTE: the 'noop.internal' string is special, it is used in the
# smspostmaster module, and cannot be changed hwere without changing
# it in that module as well.
Domain_For_Unqualified_Recipient_Addresses = "noop.internal"
Ehlo_Timeout = 300
# Don't generate bounces, we will do that in sieve
Generate_Bounces = false
# ########################################################
# ecelerity.conf configuration file
# All modifications here require a server restart.
# ########################################################
# Move hostname out into global context to resolve 1639772 #
Hostname = "mx3.domain.com"
Idle_Timeout = 5
Mailfrom_Timeout = 300
# Master DB file
Masterdb_File = "/data/mta/var/master.db"
# keep message dictionaries in memory
# For now we shall disable this for bug 35725
# Keep_Message_Dicts_In_Memory = true
# total number messages delivered per connection
Max_Deliveries_Per_Connection = 0
# total number recipients batched per message
Max_Recipients_Per_Batch = 100
# Causes the Message_Expiration value to always be used for perm fails.
Max_Retries = "none"
# Memory options
Memory_Goal = 90
Message_Expiration = 432000
Prohibited_Hosts = (
127.0.0.1/8
0.0.0.0
255.255.255.255
)
Rcptto_Timeout = 300
# DNS resolver
Resolv_Conf = "/etc/mta.resolv.conf"
# Default Binding Settings
Retry_Interval = 900
Rset_Timeout = 600
# queue directory
Spoolbase = "/data/mta/queue"
# Delivery suspension
Suspend_Delivery = false
# TLS CA
Tls_Ca = "/usr/share/ssl/certs/ca-bundle.crt"
Tls_Ciphers = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-eNULL"
# 8BITMIME support, default to 'ifneeded'
Transform_8BITMIME_Content = "ifneeded"
Generate_Delay_DSN = true
Delay_DSN_Retry_Interval = 14400
Delay_DSN_Max_Retry_Interval = 57600
# Turn off DKIM signing globaly, only turn on per domain
DKIM = false
# ########################################################
# SMTP Delivery Bindings
# ########################################################
Binding_Group "controlcenter" {
# We want to set this limit to the total outbound connections for the binding, so it dosn't throttle less then the total per host
Max_Outbound_Connections = 100
Server_Max_Outbound_Connections = 100
Binding "controlcenter%1" {
Bind_Address = "10.0.1.10"
}
}
Binding_Group "dynamicroutes" {
# We want to set this limit to the total outbound connections for the binding, so it dosn't throttle less then the total per host
Max_Outbound_Connections = 100
Server_Max_Outbound_Connections = 100
Binding "dynamicroutes%1" {
Bind_Address = "10.0.1.11"
}
}
Binding_Group "local" {
# We want to set this limit to the total outbound connections for the binding, so it dosn't throttle less then the total per host
Max_Outbound_Connections = 100
Server_Max_Outbound_Connections = 100
Binding "local%1" {
Bind_Address = "10.0.1.10"
}
}
Binding_Group "nonlocal" {
# We want to set this limit to the total outbound connections for the binding, so it dosn't throttle less then the total per host
Max_Outbound_Connections = 100
Server_Max_Outbound_Connections = 100
Binding "nonlocal%1" {
Bind_Address = "10.0.1.11"
}
}
Binding_Group "outbound" {
Max_Outbound_Connections = 2000
Server_Max_Outbound_Connections = 2000
Binding "outbound" {
Bind_Address = "10.0.1.11"
}
}
# This is the ecelerity native logging module. Uncomment if you desire
# native ecelerity logging.
# Logger logging/ec_logger ec_logger < name="ec_logger" >
# {
# mainlog = /data/logs/mainlog.ec
# paniclog = /data/logs/paniclog.ec
# rejectlog = /data/logs/rejectlog.ec
# }
# Logging Verbosity
Debug_Flags {
CRITICAL = ( "FD" "SMTP" "LOG1" "DNS" "DNSDS" "NET" "SIG" "MEM" "DB" "SSL" "MOD" "START" )
ERROR = ( "FD" "SMTP" "LOG1" "DNS" "DNSDS" "NET" "SIG" "MEM" "DB" "SSL" "MOD" "START" )
WARNING = ( "FD" "SMTP" "LOG1" "DNS" "DNSDS" "NET" "SIG" "MEM" "DB" "SSL" "MOD" "START" )
}
# authentication configuration
Pathway "authentication" {
sms_context [
sms_advertise_8bitmime = "true"
sms_max_incoming_connections_per_host = "20"
sms_filter = "true"
sms_allow_percent_sign = "false"
sms_allow_minus_sign = "false"
sms_firewall = "false"
sms_queue_status = "enabled"
sms_max_incoming_connections = "2000"
sms_insert_received_header = "true"
sms_pause_mode = "normal"
sms_supress_tls = "false"
sms_perform_dds_aliasing = "true"
sms_dpp = "false"
__bypass_spf_v1 = "true"
sms_smtp_greeting = "Symantec Brightmail Gateway"
sms_reverse_dns = "true"
sms_audit_smtp_server_session = "true"
__bypass_dkim_validate = "true"
sms_stage = "outbound"
sms_source = "internal"
sms_strip_received_header = "false"
]
sms_personality [
sms_max_recipients_per_message = "1024"
sms_message_size = "10485760"
sms_static_banner = "mx3.domain.com ESMTP Symantec Brightmail Gateway"
sms_idle_timeout = "30"
]
Masquerade_Schemes = ( "full_outbound" "domain_outbound" "domain_to_full_outbound" )
Masquerade_Headers = ( "Disposition-Notification-To" "Errors-To" "Mail-Followup-To" "Resent-From" "Resent-Sender" "Return-Path" "Return-Receipt-To" )
Masquerade_Unqualified_Headers = ( "From" "Reply-To" "Sender" "Errors-To" "Mail-Followup-To" "Resent-From" "Resent-Sender" "Return-Receipt-To" "Disposition-Notification-To" "Return-Path" )
}
# dlp_bypass configuration
Pathway "dlp_bypass" {
sms_context [
sms_source = "internal"
sms_perform_dds_aliasing = "true"
sms_audit_smtp_server_session = "false"
sms_supress_tls = "false"
sms_reverse_dns = "true"
sms_advertise_8bitmime = "true"
sms_allow_percent_sign = "false"
sms_max_incoming_connections_per_host = "20"
sms_pause_mode = "normal"
__bypass_spf_v1 = "true"
sms_insert_received_header = "true"
sms_max_incoming_connections = "2000"
sms_strip_received_header = "false"
sms_stage = "outbound"
sms_firewall = "false"
__bypass_dkim_validate = "true"
sms_queue_status = "enabled"
sms_dpp = "false"
sms_allow_minus_sign = "false"
sms_filter = "true"
sms_smtp_greeting = "Symantec Brightmail Security"
]
sms_personality [
sms_message_size = "10485760"
sms_static_banner = "mx3.domain.com ESMTP Symantec Brightmail Security"
sms_max_recipients_per_message = "1024"
sms_idle_timeout = "30"
]
Masquerade_Schemes = ( "full_outbound" "domain_outbound" "domain_to_full_outbound" )
Masquerade_Headers = ( "Disposition-Notification-To" "Errors-To" "Mail-Followup-To" "Resent-From" "Resent-Sender" "Return-Path" "Return-Receipt-To" )
Masquerade_Unqualified_Headers = ( "From" "Reply-To" "Sender" "Errors-To" "Mail-Followup-To" "Resent-From" "Resent-Sender" "Return-Receipt-To" "Disposition-Notification-To" "Return-Path" )
}
# inbound configuration
Pathway "inbound" {
sms_context [
sms_firewall = "true"
sms_supress_tls = "false"
sms_dpp = "false"
sms_allow_minus_sign = "false"
sms_pause_mode = "normal"
sms_allow_percent_sign = "false"
sms_filter = "true"
sms_stage = "inbound"
sms_max_incoming_connections = "2000"
__bypass_spf_v1 = "true"
sms_source = "external"
sms_insert_received_header = "true"
sms_advertise_8bitmime = "true"
sms_perform_dds_aliasing = "true"
sms_queue_status = "enabled"
sms_audit_smtp_server_session = "true"
sms_max_incoming_connections_per_host = "0"
sms_smtp_greeting = "Symantec Brightmail Security"
__bypass_dkim_validate = "true"
sms_strip_received_header = "false"
sms_reverse_dns = "true"
]
sms_personality [
sms_static_banner = "mx3.domain.com ESMTP Symantec Brightmail Security"
sms_idle_timeout = "30"
sms_message_size = "10485760"
sms_max_recipients_per_message = "1024"
]
Alias_Schemes = ( "full" "domain" )
Masquerade_Schemes = ( "full_inbound" "domain_inbound" "domain_to_full_inbound" )
Masquerade_Headers = ( "Apparently-To" "Bcc" "Cc" "Resent-Bcc" "Resent-Cc" "Resent-Reply-To" "Resent-To" "To" )
}
# inboundvirus configuration
Pathway "inboundvirus" {
sms_context [
sms_allow_percent_sign = "false"
sms_reverse_dns = "false"
sms_audit_smtp_server_session = "false"
sms_queue_status = "enabled"
sms_pause_mode = "normal"
sms_supress_tls = "false"
sms_max_incoming_connections = "2000"
sms_insert_received_header = "false"
sms_allow_minus_sign = "false"
sms_perform_dds_aliasing = "true"
sms_max_incoming_connections_per_host = "20"
sms_strip_received_header = "false"
__bypass_dkim_validate = "true"
sms_filter = "true"
sms_source = "external_virus"
sms_stage = "delivery"
sms_dpp = "true"
sms_firewall = "false"
sms_smtp_greeting = "Symantec Brightmail Gateway"
__bypass_spf_v1 = "true"
sms_advertise_8bitmime = "true"
]
sms_personality [
sms_static_banner = "mx3.domain.com ESMTP Symantec Brightmail Gateway"
]
}
# ########################################################
# Pathways
# ########################################################
# mte configuration
Pathway "mte" {
sms_context [
sms_audit_smtp_server_session = "false"
sms_perform_dds_aliasing = "true"
sms_strip_received_header = "false"
sms_stage = "delivery"
sms_reverse_dns = "false"
__bypass_spf_v1 = "true"
sms_supress_tls = "false"
sms_smtp_greeting = "Symantec Brightmail Gateway"
sms_filter = "false"
sms_allow_percent_sign = "false"
sms_source = "mte"
sms_insert_received_header = "false"
sms_pause_mode = "normal"
sms_firewall = "false"
sms_queue_status = "enabled"
sms_dpp = "true"
sms_max_incoming_connections = "2000"
__bypass_dkim_validate = "true"
sms_allow_minus_sign = "false"
sms_advertise_8bitmime = "true"
sms_max_incoming_connections_per_host = "20"
]
sms_personality [
sms_static_banner = "mx3.domain.com ESMTP Symantec Brightmail Gateway"
]
}
# outbound configuration
Pathway "outbound" {
sms_context [
sms_allow_percent_sign = "false"
sms_insert_received_header = "true"
sms_strip_received_header = "false"
sms_filter = "true"
sms_queue_status = "enabled"
__bypass_spf_v1 = "true"
sms_max_incoming_connections_per_host = "20"
sms_reverse_dns = "true"
sms_pause_mode = "normal"
sms_dpp = "false"
sms_firewall = "false"
sms_max_incoming_connections = "2000"
sms_audit_smtp_server_session = "true"
sms_stage = "outbound"
sms_perform_dds_aliasing = "true"
__bypass_dkim_validate = "true"
sms_allow_minus_sign = "false"
sms_supress_tls = "false"
sms_source = "internal"
sms_smtp_greeting = "Symantec Brightmail Security"
sms_advertise_8bitmime = "true"
]
sms_personality [
sms_idle_timeout = "30"
sms_message_size = "10485760"
sms_static_banner = "mx3.domain.com ESMTP Symantec Brightmail Security"
sms_max_recipients_per_message = "1024"
]
Masquerade_Schemes = ( "full_outbound" "domain_outbound" "domain_to_full_outbound" )
Masquerade_Headers = ( "Disposition-Notification-To" "Errors-To" "Mail-Followup-To" "Resent-From" "Resent-Sender" "Return-Path" "Return-Receipt-To" )
Masquerade_Unqualified_Headers = ( "From" "Reply-To" "Sender" "Errors-To" "Mail-Followup-To" "Resent-From" "Resent-Sender" "Return-Receipt-To" "Disposition-Notification-To" "Return-Path" )
}
# outboundvirus configuration
Pathway "outboundvirus" {
sms_context [
sms_reverse_dns = "false"
sms_firewall = "false"
sms_max_incoming_connections_per_host = "20"
sms_perform_dds_aliasing = "true"
sms_strip_received_header = "false"
sms_allow_minus_sign = "false"
sms_supress_tls = "false"
sms_advertise_8bitmime = "true"
sms_audit_smtp_server_session = "false"
sms_dpp = "true"
__bypass_dkim_validate = "true"
sms_pause_mode = "normal"
sms_max_incoming_connections = "2000"
sms_smtp_greeting = "Symantec Brightmail Gateway"
sms_queue_status = "enabled"
sms_filter = "true"
sms_allow_percent_sign = "false"
sms_insert_received_header = "false"
sms_source = "internal_virus"
sms_stage = "delivery"
__bypass_spf_v1 = "true"
]
sms_personality [
sms_static_banner = "mx3.domain.com ESMTP Symantec Brightmail Gateway"
]
}
# ########################################################
# Message RFC2822 validations and modifications
# ########################################################
RFC2822 {
Pedantic_Address_Rules = false
Lone_LF_in_Body = "ignore"
Lone_LF_in_Headers = "fix"
Date_Header = "ifneeded"
MessageID_Header = "ignore"
Missing_Headers = "allow"
Trace_Headers = false
}
# user and group the ecelerity process will run under
Security {
Group = "bmi"
User = "mailwall"
}
ThreadPool "DSN" {
Backlog = 500
Concurrency = 4
Stack_Size = 1048576
}
ThreadPool "SMS_BadMsg_Threads" {
Concurrency = 1
Stack_Size = 1048576
}
ThreadPool "SMS_Content_Threads" {
Concurrency = 16
Stack_Size = 1048576
}
# ########################################################
# Thread pools
# ########################################################
ThreadPool "SMS_Firewall_Threads" {
Concurrency = 2
Stack_Size = 1048576
}
Storing data in /data/scanner/jobs/mta/2010.04.21-10.04.06