mkdir -p './apt/preferences.d'
mkdir -p './binfmt.d'
mkdir -p './ca-certificates/update.d'
+mkdir -p './clamav/onerrorexecute.d'
+mkdir -p './clamav/onupdateexecute.d'
+mkdir -p './clamav/virusevent.d'
mkdir -p './dbus-1/session.d'
mkdir -p './dbus-1/system.d'
mkdir -p './dpkg/dpkg.cfg.d'
mkdir -p './initramfs-tools/scripts/nfs-top'
mkdir -p './initramfs-tools/scripts/panic'
mkdir -p './kernel/install.d'
+mkdir -p './logwatch/conf/logfiles'
+mkdir -p './logwatch/conf/services'
+mkdir -p './logwatch/scripts/services'
+mkdir -p './nginx/conf.d'
+mkdir -p './nginx/modules-available'
mkdir -p './opt'
mkdir -p './perl/CPAN'
mkdir -p './postfix/dynamicmaps.cf.d'
maybe chmod 0644 'aliases.db'
maybe chmod 0755 'alternatives'
maybe chmod 0644 'alternatives/README'
+maybe chmod 0755 'amavis'
+maybe chmod 0644 'amavis/README.l10n'
+maybe chmod 0755 'amavis/conf.d'
+maybe chmod 0644 'amavis/conf.d/01-debian'
+maybe chmod 0644 'amavis/conf.d/05-domain_id'
+maybe chmod 0644 'amavis/conf.d/05-node_id'
+maybe chmod 0644 'amavis/conf.d/15-av_scanners'
+maybe chmod 0644 'amavis/conf.d/15-content_filter_mode'
+maybe chmod 0644 'amavis/conf.d/20-debian_defaults'
+maybe chmod 0644 'amavis/conf.d/25-amavis_helpers'
+maybe chmod 0644 'amavis/conf.d/30-template_localization'
+maybe chmod 0644 'amavis/conf.d/50-user'
+maybe chmod 0755 'amavis/en_US'
+maybe chmod 0644 'amavis/en_US/charset'
+maybe chmod 0644 'amavis/en_US/template-auto-response.txt'
+maybe chmod 0644 'amavis/en_US/template-dsn.txt'
+maybe chmod 0644 'amavis/en_US/template-problem-feedback.txt'
+maybe chmod 0644 'amavis/en_US/template-release-quarantine.txt'
+maybe chmod 0644 'amavis/en_US/template-spam-admin.txt'
+maybe chmod 0644 'amavis/en_US/template-spam-sender.txt'
+maybe chmod 0644 'amavis/en_US/template-virus-admin.txt'
+maybe chmod 0644 'amavis/en_US/template-virus-recipient.txt'
+maybe chmod 0644 'amavis/en_US/template-virus-sender.txt'
maybe chmod 0755 'apache2'
maybe chmod 0644 'apache2/apache2.conf'
maybe chmod 0755 'apache2/conf-available'
maybe chmod 0644 'apache2/conf-available/charset.conf'
maybe chmod 0644 'apache2/conf-available/localized-error-pages.conf'
maybe chmod 0644 'apache2/conf-available/other-vhosts-access-log.conf'
+maybe chmod 0644 'apache2/conf-available/php7.3-fpm.conf'
maybe chmod 0644 'apache2/conf-available/security.conf'
maybe chmod 0644 'apache2/conf-available/serve-cgi-bin.conf'
maybe chmod 0755 'apache2/conf-enabled'
maybe chmod 0755 'apparmor.d'
maybe chmod 0755 'apparmor.d/force-complain'
maybe chmod 0755 'apparmor.d/local'
+maybe chmod 0644 'apparmor.d/local/usr.bin.freshclam'
maybe chmod 0644 'apparmor.d/local/usr.bin.man'
maybe chmod 0644 'apparmor.d/local/usr.sbin.chronyd'
+maybe chmod 0644 'apparmor.d/local/usr.sbin.clamd'
maybe chmod 0644 'apparmor.d/local/usr.sbin.named'
+maybe chmod 0644 'apparmor.d/usr.bin.freshclam'
maybe chmod 0644 'apparmor.d/usr.bin.man'
maybe chmod 0644 'apparmor.d/usr.sbin.chronyd'
+maybe chmod 0644 'apparmor.d/usr.sbin.clamd'
maybe chmod 0644 'apparmor.d/usr.sbin.mysqld'
maybe chmod 0644 'apparmor.d/usr.sbin.named'
maybe chmod 0755 'apt'
maybe chmod 0755 'chrony'
maybe chmod 0644 'chrony/chrony.conf'
maybe chmod 0640 'chrony/chrony.keys'
+maybe chmod 0755 'clamav'
+maybe chmod 0644 'clamav/clamd.conf'
+maybe chown 'clamav' 'clamav/freshclam.conf'
+maybe chgrp 'adm' 'clamav/freshclam.conf'
+maybe chmod 0444 'clamav/freshclam.conf'
+maybe chmod 0755 'clamav/onerrorexecute.d'
+maybe chmod 0755 'clamav/onupdateexecute.d'
+maybe chmod 0755 'clamav/virusevent.d'
maybe chmod 0755 'cloud'
maybe chmod 0644 'cloud/cloud.cfg'
maybe chmod 0755 'cloud/cloud.cfg.d'
maybe chmod 0644 'console-setup/remap.inc'
maybe chmod 0755 'cron.d'
maybe chmod 0644 'cron.d/.placeholder'
+maybe chmod 0644 'cron.d/amavisd-new'
maybe chmod 0644 'cron.d/greetings'
maybe chmod 0644 'cron.d/mdadm'
+maybe chmod 0644 'cron.d/mlmmj'
+maybe chmod 0644 'cron.d/php'
maybe chmod 0755 'cron.daily'
maybe chmod 0644 'cron.daily/.placeholder'
+maybe chmod 0755 'cron.daily/00logwatch'
maybe chmod 0755 'cron.daily/apache2'
maybe chmod 0755 'cron.daily/apt-compat'
maybe chmod 0755 'cron.daily/aptitude'
maybe chmod 0755 'cron.daily/mdadm'
maybe chmod 0755 'cron.daily/mlocate'
maybe chmod 0755 'cron.daily/passwd'
+maybe chmod 0755 'cron.daily/spamassassin'
maybe chmod 0755 'cron.hourly'
maybe chmod 0644 'cron.hourly/.placeholder'
maybe chmod 0755 'cron.monthly'
maybe chmod 0644 'debian_version'
maybe chmod 0755 'default'
maybe chmod 0644 'default/acpid'
+maybe chmod 0644 'default/amavisd-snmp-subagent'
maybe chmod 0644 'default/apache-htcacheclean'
maybe chmod 0644 'default/bind9'
maybe chmod 0644 'default/bsdmainutils'
maybe chmod 0644 'default/cron'
maybe chmod 0644 'default/cryptdisks'
maybe chmod 0644 'default/dbus'
+maybe chmod 0644 'default/dovecot'
maybe chmod 0644 'default/grub'
maybe chmod 0755 'default/grub.d'
maybe chmod 0644 'default/grub.d/init-select.cfg'
maybe chmod 0644 'default/mdadm'
maybe chmod 0644 'default/mysql'
maybe chmod 0644 'default/networking'
+maybe chmod 0644 'default/nginx'
maybe chmod 0644 'default/nss'
maybe chmod 0644 'default/rsync'
maybe chmod 0644 'default/rsyslog'
+maybe chmod 0644 'default/spamassassin'
maybe chmod 0644 'default/ssh'
maybe chmod 0644 'default/useradd'
+maybe chmod 0644 'default/uwsgi'
maybe chmod 0644 'deluser.conf'
maybe chmod 0755 'dhcp'
maybe chmod 0644 'dhcp/debug'
maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes'
maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/timesyncd'
maybe chmod 0644 'dhcp/dhclient.conf'
+maybe chmod 0755 'dovecot'
+maybe chmod 0755 'dovecot/conf.d'
+maybe chmod 0644 'dovecot/conf.d/10-auth.conf'
+maybe chmod 0644 'dovecot/conf.d/10-director.conf'
+maybe chmod 0644 'dovecot/conf.d/10-logging.conf'
+maybe chmod 0644 'dovecot/conf.d/10-mail.conf'
+maybe chmod 0644 'dovecot/conf.d/10-master.conf'
+maybe chmod 0644 'dovecot/conf.d/10-ssl.conf'
+maybe chmod 0644 'dovecot/conf.d/10-tcpwrapper.conf'
+maybe chmod 0644 'dovecot/conf.d/15-lda.conf'
+maybe chmod 0644 'dovecot/conf.d/15-mailboxes.conf'
+maybe chmod 0644 'dovecot/conf.d/20-imap.conf'
+maybe chmod 0644 'dovecot/conf.d/20-lmtp.conf'
+maybe chmod 0644 'dovecot/conf.d/20-managesieve.conf'
+maybe chmod 0644 'dovecot/conf.d/20-pop3.conf'
+maybe chmod 0644 'dovecot/conf.d/90-acl.conf'
+maybe chmod 0644 'dovecot/conf.d/90-plugin.conf'
+maybe chmod 0644 'dovecot/conf.d/90-quota.conf'
+maybe chmod 0644 'dovecot/conf.d/90-sieve-extprograms.conf'
+maybe chmod 0644 'dovecot/conf.d/90-sieve.conf'
+maybe chmod 0644 'dovecot/conf.d/auth-checkpassword.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-deny.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-dict.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-master.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-passwdfile.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-sql.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-static.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-system.conf.ext'
+maybe chmod 0644 'dovecot/conf.d/auth-vpopmail.conf.ext'
+maybe chgrp 'dovecot' 'dovecot/dovecot-dict-auth.conf.ext'
+maybe chmod 0640 'dovecot/dovecot-dict-auth.conf.ext'
+maybe chgrp 'dovecot' 'dovecot/dovecot-dict-sql.conf.ext'
+maybe chmod 0640 'dovecot/dovecot-dict-sql.conf.ext'
+maybe chgrp 'dovecot' 'dovecot/dovecot-sql.conf.ext'
+maybe chmod 0640 'dovecot/dovecot-sql.conf.ext'
+maybe chmod 0644 'dovecot/dovecot.conf'
+maybe chmod 0700 'dovecot/private'
maybe chmod 0755 'dpkg'
maybe chmod 0644 'dpkg/dpkg.cfg'
maybe chmod 0755 'dpkg/dpkg.cfg.d'
maybe chmod 0644 'etckeeper/update-ignore.d/README'
maybe chmod 0755 'etckeeper/vcs.d'
maybe chmod 0755 'etckeeper/vcs.d/50vcs-cmd'
+maybe chmod 0755 'fonts'
+maybe chmod 0755 'fonts/conf.avail'
+maybe chmod 0644 'fonts/conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf'
+maybe chmod 0644 'fonts/conf.avail/20-unhint-small-dejavu-lgc-sans.conf'
+maybe chmod 0644 'fonts/conf.avail/20-unhint-small-dejavu-lgc-serif.conf'
+maybe chmod 0644 'fonts/conf.avail/20-unhint-small-dejavu-sans-mono.conf'
+maybe chmod 0644 'fonts/conf.avail/20-unhint-small-dejavu-sans.conf'
+maybe chmod 0644 'fonts/conf.avail/20-unhint-small-dejavu-serif.conf'
+maybe chmod 0644 'fonts/conf.avail/57-dejavu-sans-mono.conf'
+maybe chmod 0644 'fonts/conf.avail/57-dejavu-sans.conf'
+maybe chmod 0644 'fonts/conf.avail/57-dejavu-serif.conf'
+maybe chmod 0644 'fonts/conf.avail/58-dejavu-lgc-sans-mono.conf'
+maybe chmod 0644 'fonts/conf.avail/58-dejavu-lgc-sans.conf'
+maybe chmod 0644 'fonts/conf.avail/58-dejavu-lgc-serif.conf'
+maybe chmod 0755 'fonts/conf.d'
+maybe chmod 0644 'fonts/conf.d/README'
+maybe chmod 0644 'fonts/fonts.conf'
maybe chmod 0644 'fstab'
maybe chmod 0644 'gai.conf'
maybe chmod 0755 'groff'
maybe chmod 0644 'hosts'
maybe chmod 0644 'hosts.allow'
maybe chmod 0644 'hosts.deny'
+maybe chmod 0755 'init'
maybe chmod 0755 'init.d'
maybe chmod 0755 'init.d/acpid'
+maybe chmod 0755 'init.d/amavis'
+maybe chmod 0755 'init.d/amavis-mc'
+maybe chmod 0755 'init.d/amavisd-snmp-subagent'
maybe chmod 0755 'init.d/apache-htcacheclean'
maybe chmod 0755 'init.d/apache2'
maybe chmod 0755 'init.d/atd'
maybe chmod 0755 'init.d/bind9'
maybe chmod 0755 'init.d/chrony'
+maybe chmod 0755 'init.d/clamav-daemon'
+maybe chmod 0755 'init.d/clamav-freshclam'
maybe chmod 0755 'init.d/cloud-config'
maybe chmod 0755 'init.d/cloud-final'
maybe chmod 0755 'init.d/cloud-init'
maybe chmod 0755 'init.d/cryptdisks'
maybe chmod 0755 'init.d/cryptdisks-early'
maybe chmod 0755 'init.d/dbus'
+maybe chmod 0755 'init.d/dovecot'
maybe chmod 0755 'init.d/hwclock.sh'
maybe chmod 0755 'init.d/keyboard-setup.sh'
maybe chmod 0755 'init.d/kmod'
+maybe chmod 0755 'init.d/lm-sensors'
maybe chmod 0755 'init.d/lvm2'
maybe chmod 0755 'init.d/lvm2-lvmpolld'
maybe chmod 0755 'init.d/mdadm'
maybe chmod 0755 'init.d/mdadm-waitidle'
maybe chmod 0755 'init.d/mysql'
maybe chmod 0755 'init.d/networking'
+maybe chmod 0755 'init.d/nginx'
+maybe chmod 0755 'init.d/php7.3-fpm'
maybe chmod 0755 'init.d/postfix'
maybe chmod 0755 'init.d/procps'
maybe chmod 0755 'init.d/qemu-guest-agent'
maybe chmod 0755 'init.d/rsyslog'
maybe chmod 0755 'init.d/salt-minion'
maybe chmod 0755 'init.d/screen-cleanup'
+maybe chmod 0755 'init.d/spamassassin'
maybe chmod 0755 'init.d/ssh'
maybe chmod 0755 'init.d/sudo'
maybe chmod 0755 'init.d/udev'
+maybe chmod 0755 'init.d/uwsgi'
+maybe chmod 0644 'init/php7.3-fpm.conf'
maybe chmod 0755 'initramfs-tools'
maybe chmod 0755 'initramfs-tools/conf.d'
maybe chmod 0644 'initramfs-tools/conf.d/resume'
maybe chmod 0644 'ld.so.conf.d/x86_64-linux-gnu.conf'
maybe chmod 0755 'ldap'
maybe chmod 0644 'ldap/ldap.conf'
+maybe chmod 0755 'ldap/schema'
+maybe chmod 0644 'ldap/schema/amavis.schema'
maybe chmod 0644 'libaudit.conf'
maybe chmod 0644 'locale.alias'
maybe chmod 0644 'locale.gen'
maybe chmod 0755 'logcheck'
maybe chmod 0755 'logcheck/ignore.d.paranoid'
+maybe chmod 0644 'logcheck/ignore.d.paranoid/clamav-daemon'
maybe chmod 0644 'logcheck/ignore.d.paranoid/mariadb-server-10_3'
maybe chmod 0755 'logcheck/ignore.d.server'
+maybe chmod 0644 'logcheck/ignore.d.server/clamav-daemon'
+maybe chmod 0644 'logcheck/ignore.d.server/clamav-freshclam'
maybe chmod 0644 'logcheck/ignore.d.server/gpg-agent'
maybe chmod 0644 'logcheck/ignore.d.server/libsasl2-modules'
maybe chmod 0644 'logcheck/ignore.d.server/mariadb-server-10_3'
maybe chmod 0644 'logrotate.d/bind'
maybe chmod 0644 'logrotate.d/btmp'
maybe chmod 0644 'logrotate.d/chrony'
+maybe chmod 0644 'logrotate.d/clamav-daemon'
+maybe chmod 0644 'logrotate.d/clamav-freshclam'
maybe chmod 0644 'logrotate.d/dpkg'
maybe chmod 0644 'logrotate.d/mysql-server'
+maybe chmod 0644 'logrotate.d/nginx'
+maybe chmod 0644 'logrotate.d/php7.3-fpm'
maybe chmod 0644 'logrotate.d/rsyslog'
maybe chmod 0644 'logrotate.d/salt-common'
+maybe chmod 0644 'logrotate.d/uwsgi'
maybe chmod 0644 'logrotate.d/wtmp'
+maybe chmod 0755 'logwatch'
+maybe chmod 0755 'logwatch/conf'
+maybe chmod 0755 'logwatch/conf/logfiles'
+maybe chmod 0755 'logwatch/conf/services'
+maybe chmod 0755 'logwatch/scripts'
+maybe chmod 0755 'logwatch/scripts/services'
maybe chmod 0755 'lvm'
maybe chmod 0700 'lvm/archive'
maybe chmod 0700 'lvm/backup'
maybe chmod 0444 'machine-id'
maybe chmod 0644 'magic'
maybe chmod 0644 'magic.mime'
+maybe chmod 0755 'mail'
maybe chmod 0644 'mailcap'
maybe chmod 0644 'mailcap.order'
maybe chmod 0644 'mailname'
maybe chmod 0755 'network'
maybe chmod 0755 'network/if-down.d'
maybe chmod 0755 'network/if-down.d/bind9'
+maybe chmod 0755 'network/if-down.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'network/if-down.d/postfix'
maybe chmod 0755 'network/if-post-down.d'
maybe chmod 0755 'network/if-post-down.d/chrony'
maybe chmod 0755 'network/if-up.d'
maybe chmod 0755 'network/if-up.d/bind9'
maybe chmod 0755 'network/if-up.d/chrony'
+maybe chmod 0755 'network/if-up.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'network/if-up.d/ethtool'
maybe chmod 0755 'network/if-up.d/postfix'
maybe chmod 0644 'network/interfaces'
maybe chmod 0755 'network/interfaces.d'
maybe chmod 0644 'network/interfaces.d/50-cloud-init'
maybe chmod 0644 'networks'
+maybe chmod 0755 'nftables.conf'
+maybe chmod 0755 'nginx'
+maybe chmod 0755 'nginx/conf.d'
+maybe chmod 0644 'nginx/fastcgi.conf'
+maybe chmod 0644 'nginx/fastcgi_params'
+maybe chmod 0644 'nginx/koi-utf'
+maybe chmod 0644 'nginx/koi-win'
+maybe chmod 0644 'nginx/mime.types'
+maybe chmod 0755 'nginx/modules-available'
+maybe chmod 0755 'nginx/modules-enabled'
+maybe chmod 0644 'nginx/nginx.conf'
+maybe chmod 0644 'nginx/proxy_params'
+maybe chmod 0644 'nginx/scgi_params'
+maybe chmod 0755 'nginx/sites-available'
+maybe chmod 0644 'nginx/sites-available/default'
+maybe chmod 0755 'nginx/sites-enabled'
+maybe chmod 0755 'nginx/snippets'
+maybe chmod 0644 'nginx/snippets/fastcgi-php.conf'
+maybe chmod 0644 'nginx/snippets/snakeoil.conf'
+maybe chmod 0644 'nginx/uwsgi_params'
+maybe chmod 0644 'nginx/win-utf'
maybe chmod 0644 'nsswitch.conf'
maybe chmod 0755 'opt'
maybe chmod 0644 'pam.conf'
maybe chmod 0644 'pam.d/common-session'
maybe chmod 0644 'pam.d/common-session-noninteractive'
maybe chmod 0644 'pam.d/cron'
+maybe chmod 0644 'pam.d/dovecot'
maybe chmod 0644 'pam.d/login'
maybe chmod 0644 'pam.d/newusers'
maybe chmod 0644 'pam.d/other'
maybe chmod 0755 'perl/CPAN'
maybe chmod 0755 'perl/Net'
maybe chmod 0644 'perl/Net/libnet.cfg'
+maybe chmod 0755 'php'
+maybe chmod 0755 'php/7.3'
+maybe chmod 0755 'php/7.3/cli'
+maybe chmod 0755 'php/7.3/cli/conf.d'
+maybe chmod 0644 'php/7.3/cli/php.ini'
+maybe chmod 0755 'php/7.3/fpm'
+maybe chmod 0755 'php/7.3/fpm/conf.d'
+maybe chmod 0644 'php/7.3/fpm/php-fpm.conf'
+maybe chmod 0644 'php/7.3/fpm/php.ini'
+maybe chmod 0755 'php/7.3/fpm/pool.d'
+maybe chmod 0644 'php/7.3/fpm/pool.d/www.conf'
+maybe chmod 0755 'php/7.3/mods-available'
+maybe chmod 0644 'php/7.3/mods-available/calendar.ini'
+maybe chmod 0644 'php/7.3/mods-available/ctype.ini'
+maybe chmod 0644 'php/7.3/mods-available/curl.ini'
+maybe chmod 0644 'php/7.3/mods-available/dom.ini'
+maybe chmod 0644 'php/7.3/mods-available/exif.ini'
+maybe chmod 0644 'php/7.3/mods-available/fileinfo.ini'
+maybe chmod 0644 'php/7.3/mods-available/ftp.ini'
+maybe chmod 0644 'php/7.3/mods-available/gd.ini'
+maybe chmod 0644 'php/7.3/mods-available/gettext.ini'
+maybe chmod 0644 'php/7.3/mods-available/iconv.ini'
+maybe chmod 0644 'php/7.3/mods-available/intl.ini'
+maybe chmod 0644 'php/7.3/mods-available/json.ini'
+maybe chmod 0644 'php/7.3/mods-available/mbstring.ini'
+maybe chmod 0644 'php/7.3/mods-available/mysqli.ini'
+maybe chmod 0644 'php/7.3/mods-available/mysqlnd.ini'
+maybe chmod 0644 'php/7.3/mods-available/opcache.ini'
+maybe chmod 0644 'php/7.3/mods-available/pdo.ini'
+maybe chmod 0644 'php/7.3/mods-available/pdo_mysql.ini'
+maybe chmod 0644 'php/7.3/mods-available/phar.ini'
+maybe chmod 0644 'php/7.3/mods-available/posix.ini'
+maybe chmod 0644 'php/7.3/mods-available/readline.ini'
+maybe chmod 0644 'php/7.3/mods-available/shmop.ini'
+maybe chmod 0644 'php/7.3/mods-available/simplexml.ini'
+maybe chmod 0644 'php/7.3/mods-available/sockets.ini'
+maybe chmod 0644 'php/7.3/mods-available/sysvmsg.ini'
+maybe chmod 0644 'php/7.3/mods-available/sysvsem.ini'
+maybe chmod 0644 'php/7.3/mods-available/sysvshm.ini'
+maybe chmod 0644 'php/7.3/mods-available/tokenizer.ini'
+maybe chmod 0644 'php/7.3/mods-available/wddx.ini'
+maybe chmod 0644 'php/7.3/mods-available/xml.ini'
+maybe chmod 0644 'php/7.3/mods-available/xmlreader.ini'
+maybe chmod 0644 'php/7.3/mods-available/xmlwriter.ini'
+maybe chmod 0644 'php/7.3/mods-available/xsl.ini'
+maybe chmod 0644 'php/7.3/mods-available/zip.ini'
maybe chmod 0755 'postfix'
maybe chmod 0644 'postfix/dynamicmaps.cf'
maybe chmod 0755 'postfix/dynamicmaps.cf.d'
maybe chmod 0755 'ppp/ip-down.d'
maybe chmod 0755 'ppp/ip-down.d/bind9'
maybe chmod 0755 'ppp/ip-down.d/chrony'
+maybe chmod 0755 'ppp/ip-down.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'ppp/ip-down.d/postfix'
maybe chmod 0755 'ppp/ip-up.d'
maybe chmod 0755 'ppp/ip-up.d/bind9'
maybe chmod 0755 'ppp/ip-up.d/chrony'
+maybe chmod 0755 'ppp/ip-up.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'ppp/ip-up.d/postfix'
maybe chmod 0644 'profile'
maybe chmod 0755 'profile.d'
maybe chmod 0755 'rc5.d'
maybe chmod 0755 'rc6.d'
maybe chmod 0755 'rcS.d'
+maybe chmod 0644 'rearj.cfg'
maybe chmod 0644 'reportbug.conf'
maybe chmod 0644 'resolv.conf'
maybe chmod 0755 'resolvconf'
maybe chmod 0644 'security/time.conf'
maybe chmod 0755 'selinux'
maybe chmod 0644 'selinux/semanage.conf'
+maybe chmod 0755 'sensors.d'
+maybe chmod 0644 'sensors.d/.placeholder'
+maybe chmod 0644 'sensors3.conf'
maybe chmod 0644 'services'
maybe chgrp 'shadow' 'shadow'
maybe chmod 0640 'shadow'
maybe chmod 0644 'skel/.bashrc.orig'
maybe chmod 0644 'skel/.cloud-locale-test.skip'
maybe chmod 0644 'skel/.profile'
+maybe chmod 0755 'spamassassin'
+maybe chmod 0644 'spamassassin/65_debian.cf'
+maybe chmod 0644 'spamassassin/init.pre'
+maybe chmod 0644 'spamassassin/local.cf'
+maybe chmod 0755 'spamassassin/sa-update-hooks.d'
+maybe chmod 0755 'spamassassin/sa-update-hooks.d/amavisd-new'
+maybe chmod 0644 'spamassassin/v310.pre'
+maybe chmod 0644 'spamassassin/v312.pre'
+maybe chmod 0644 'spamassassin/v320.pre'
+maybe chmod 0644 'spamassassin/v330.pre'
+maybe chmod 0644 'spamassassin/v340.pre'
+maybe chmod 0644 'spamassassin/v341.pre'
+maybe chmod 0644 'spamassassin/v342.pre'
maybe chmod 0755 'ssh'
maybe chmod 0644 'ssh/moduli'
maybe chmod 0644 'ssh/ssh_config'
maybe chmod 0644 'systemd/sleep.conf'
maybe chmod 0755 'systemd/system'
maybe chmod 0644 'systemd/system.conf'
+maybe chmod 0755 'systemd/system/clamav-daemon.service.d'
+maybe chmod 0644 'systemd/system/clamav-daemon.service.d/extend.conf'
maybe chmod 0755 'systemd/system/cloud-init.target.wants'
maybe chmod 0755 'systemd/system/getty.target.wants'
maybe chmod 0755 'systemd/system/multi-user.target.wants'
maybe chmod 0755 'ufw'
maybe chmod 0755 'ufw/applications.d'
maybe chmod 0644 'ufw/applications.d/bind9'
+maybe chmod 0644 'ufw/applications.d/dovecot-imapd'
+maybe chmod 0644 'ufw/applications.d/dovecot-pop3d'
+maybe chmod 0644 'ufw/applications.d/nginx'
maybe chmod 0644 'ufw/applications.d/openssh-server'
maybe chmod 0644 'ufw/applications.d/postfix'
maybe chmod 0755 'update-motd.d'
maybe chmod 0755 'update-motd.d/10-uname'
maybe chmod 0644 'updatedb.conf'
+maybe chmod 0755 'uwsgi'
+maybe chmod 0755 'uwsgi/apps-available'
+maybe chmod 0644 'uwsgi/apps-available/README'
+maybe chmod 0755 'uwsgi/apps-enabled'
+maybe chmod 0644 'uwsgi/apps-enabled/README'
maybe chmod 0755 'vim'
maybe chmod 0644 'vim/vimrc'
maybe chmod 0644 'vim/vimrc.local'
# See man 5 aliases for format
postmaster: root
+clamav: root
--- /dev/null
+/usr/bin/phar7.3
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/phar7.3.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/phar.phar7.3
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/phar.phar7.3.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/php7.3
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/php7.3.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/unrar-free
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/unrar-free.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/uwsgi-core
\ No newline at end of file
--- /dev/null
+/usr/lib/uwsgi/plugins/python37_plugin.so
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/uwsgi-core.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/uwsgi-core
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/uwsgi_python37.1.gz
\ No newline at end of file
--- /dev/null
+$Id: README.l10n 742 2005-12-26 17:15:22Z hmh $
+
+First of all, read /usr/share/doc/amavisd-new/README.customize.gz
+
+Amavisd-new is UTF8-aware, and it will do character-set conversion when dealing
+with DSN templates. The full unicode codespace is available, if used with the
+proper encodings... and you have to use the proper encodings if you don't want
+your DSNs to be flagged as more charset-challenged SPAM by other systems.
+
+ALWAYS respect the charset when adding l10n files.
+
+Amavisd-new does charset conversion twice: one when reading the text files with
+localized templates (to internal perl UTF8), and another when writing the email
+notification (from internal perl UTF8 to $hdr_encoding and $bdy_encoding).
+
+Headers will be RFC2047-encoded if they have any codepoints not allowed by
+RFC2822 after the charset conversions. The body text charset encoding is
+inserted in the proper MIME header.
+
+More details are available in /usr/share/doc/amavisd-new/RELEASE_NOTES.gz
+
--- /dev/null
+use strict;
+
+# ADMINISTRATORS:
+# Debian suggests that any changes you need to do that should never
+# be "updated" by the Debian package should be made in another file,
+# overriding the settings in this file.
+#
+# The package will *not* overwrite your settings, but by keeping
+# them separate, you will make the task of merging changes on these
+# configuration files much simpler...
+
+# see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for
+# a list of all variables with their defaults;
+# see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for
+# a traditional-style commented file
+# [note: the above files were not converted to Debian settings!]
+#
+# for more details see documentation in /usr/share/doc/amavisd-new
+# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
+
+
+# SETTINGS RARELY MODIFIED BY THE LOCAL ADMIN
+
+$ENV{PATH} = $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
+$file = 'file';
+$gzip = 'gzip';
+$bzip2 = 'bzip2';
+$lzop = 'lzop';
+$rpm2cpio = ['rpm2cpio.pl','rpm2cpio'];
+$cabextract = 'cabextract';
+$uncompress = ['uncompress', 'gzip -d', 'zcat'];
+#$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; #disabled (non-free, no security support)
+$unfreeze = undef;
+$arc = ['nomarch', 'arc'];
+$unarj = ['arj', 'unarj'];
+#$unrar = ['rar', 'unrar']; #disabled (non-free, no security support)
+$unrar = ['unrar-free'];
+$zoo = 'zoo';
+$lha = 'lha';
+$lha = undef;
+$pax = 'pax';
+$cpio = 'cpio';
+$ar = 'ar';
+$ripole = 'ripole';
+$dspam = 'dspam';
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+# $mydomain is used just for convenience in the config files and it is not
+# used internally by amavisd-new except in the default X_HEADER_LINE (which
+# Debian overrides by default anyway).
+
+chomp($mydomain = `head -n 1 /etc/mailname`);
+
+# amavisd-new needs to know which email domains are to be considered local
+# to the administrative domain. Only emails to "local" domains are subject
+# to certain functionality, such as the addition of spam tags.
+#
+# Default local domains to $mydomain and all subdomains. Remember to
+# override or redefine this if $mydomain is changed later in the config
+# sequence.
+
+@local_domains_acl = ( ".$mydomain" );
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+# $myhostname is used by amavisd-new for node identification, and it is
+# important to get it right (e.g. for ESMTP EHLO, loop detection, and so on).
+
+chomp($myhostname = `hostname --fqdn`);
+
+# To manually set $myhostname, edit the following line with the correct Fully
+# Qualified Domain Name (FQDN) and remove the # at the beginning of the line.
+#
+#$myhostname = "mail.example.com";
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+##
+## AV Scanners (Debian version)
+##
+
+@av_scanners = (
+
+# ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/)
+# ['Sophie',
+# \&ask_daemon, ["{}/\n", '/var/run/sophie'],
+# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m,
+# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ],
+
+# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
+# ['Sophos SAVI', \&sophos_savi ],
+
+### http://www.clamav.net/
+ ['ClamAV-clamd',
+ \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
+ qr/\bOK$/m, qr/\bFOUND$/m,
+ qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+# NOTE: run clamd under the same user as amavisd, or run it under its own
+# uid such as clamav, add user clamav to the amavis group, and then add
+# AllowSupplementaryGroups to clamd.conf;
+# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
+# this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
+
+# ### http://www.openantivirus.org/
+# ['OpenAntiVirus ScannerDaemon (OAV)',
+# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
+# qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ],
+
+# ### http://www.vanja.com/tools/trophie/
+# ['Trophie',
+# \&ask_daemon, ["{}/\n", '/var/run/trophie'],
+# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m, qr/(?x)^ 1 ( : | [\000\r\n]* $)/m,
+# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ],
+
+# ### http://www.grisoft.com/
+# ['AVG Anti-Virus',
+# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
+# qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ],
+
+# ### http://www.f-prot.com/
+# ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6
+# \&ask_daemon,
+# ["SCAN FILE {}/*\n", '127.0.0.1:10200'],
+# qr/^(0|8|64) /m,
+# qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m,
+# qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ],
+
+# ### http://www.f-prot.com/
+# ['F-Prot f-protd', # old version
+# \&ask_daemon,
+# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
+# ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202',
+# '127.0.0.1:10203', '127.0.0.1:10204'] ],
+# qr/(?i)<summary[^>]*>clean<\/summary>/m,
+# qr/(?i)<summary[^>]*>infected<\/summary>/m,
+# qr/(?i)<name>(.+)<\/name>/m ],
+
+# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
+# ['DrWebD', \&ask_daemon, # DrWebD 4.31 or later
+# [pack('N',1). # DRWEBD_SCAN_CMD
+# pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
+# pack('N', # path length
+# length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
+# '{}/*'. # path
+# pack('N',0). # content size
+# pack('N',0),
+# '/var/drweb/run/drwebd.sock',
+# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot
+# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default
+# # '127.0.0.1:3000', # or over an inet socket
+# ],
+# qr/\A\x00[\x10\x11][\x00\x10]\x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED
+# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF
+# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm,
+# ],
+# # NOTE: If using amavis-milter, change length to:
+# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
+
+ ### http://www.kaspersky.com/ (kav4mailservers)
+ ['KasperskyLab AVP - aveclient',
+ ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
+ '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
+ '-p /var/run/aveserver -s {}/*',
+ [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
+ qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
+ ],
+ # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
+ # currupted or protected archives are to be handled
+
+ ### http://www.kaspersky.com/
+ ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
+ '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
+ qr/infected: (.+)/m,
+ sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
+ sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+ ],
+
+ ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
+ ### products and replaced by aveserver and aveclient
+ ['KasperskyLab AVPDaemonClient',
+ [ '/opt/AVP/kavdaemon', 'kavdaemon',
+ '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
+ '/opt/AVP/AvpTeamDream', 'AvpTeamDream',
+ '/opt/AVP/avpdc', 'avpdc' ],
+ "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
+ # change the startup-script in /etc/init.d/kavd to:
+ # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
+ # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
+ # adjusting /var/amavis above to match your $TEMPBASE.
+ # The '-f=/var/amavis' is needed if not running it as root, so it
+ # can find, read, and write its pid file, etc., see 'man kavdaemon'.
+ # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
+ # directory $TEMPBASE specifies) in the 'Names=' section.
+ # cd /opt/AVP/DaemonClients; configure; cd Sample; make
+ # cp AvpDaemonClient /opt/AVP/
+ # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
+
+ ### http://www.centralcommand.com/
+ ['CentralCommand Vexira (new) vascan',
+ ['vascan','/usr/lib/Vexira/vascan'],
+ "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
+ "--log=/var/log/vascan.log {}",
+ [0,3], [1,2,5],
+ qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
+ # Adjust the path of the binary and the virus database as needed.
+ # 'vascan' does not allow to have the temp directory to be the same as
+ # the quarantine directory, and the quarantine option can not be disabled.
+ # If $QUARANTINEDIR is not used, then another directory must be specified
+ # to appease 'vascan'. Move status 3 to the second list if password
+ # protected files are to be considered infected.
+
+ ### http://www.avira.com/
+ ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
+ ['Avira AntiVir', ['antivir','vexira'],
+ '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
+ qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
+ (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
+ # NOTE: if you only have a demo version, remove -z and add 214, as in:
+ # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
+
+ ### http://www.commandsoftware.com/
+ ['Command AntiVirus for Linux', 'csav',
+ '-all -archive -packed {}', [50], [51,52,53],
+ qr/Infection: (.+)/m ],
+
+ ### http://www.symantec.com/
+ ['Symantec CarrierScan via Symantec CommandLineScanner',
+ 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
+ qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
+ qr/^(?:Info|Virus Name):\s+(.+)/m ],
+
+ ### http://www.symantec.com/
+ ['Symantec AntiVirus Scan Engine',
+ 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
+ [0], qr/^Infected\b/m,
+ qr/^(?:Info|Virus Name):\s+(.+)/m ],
+ # NOTE: check options and patterns to see which entry better applies
+
+# ### http://www.f-secure.com/products/anti-virus/ version 4.65
+# ['F-Secure Antivirus for Linux servers',
+# ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
+# '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '.
+# '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8],
+# qr/(?:infection|Infected|Suspected): (.+)/m ],
+
+ ### http://www.f-secure.com/products/anti-virus/ version 5.52
+ ['F-Secure Antivirus for Linux servers',
+ ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
+ '--virus-action1=report --archive=yes --auto=yes '.
+ '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
+ qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
+ # NOTE: internal archive handling may be switched off by '--archive=no'
+ # to prevent fsav from exiting with status 9 on broken archives
+
+# ### http://www.avast.com/
+# ['avast! Antivirus daemon',
+# \&ask_daemon, # greets with 220, terminate with QUIT
+# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'],
+# qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t([^[ \t\015\012]+)/m ],
+
+# ### http://www.avast.com/
+# ['avast! Antivirus - Client/Server Version', 'avastlite',
+# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1],
+# qr/\t\[L\]\t([^[ \t\015\012]+)/m ],
+
+ ['CAI InoculateIT', 'inocucmd', # retired product
+ '-sec -nex {}', [0], [100],
+ qr/was infected by virus (.+)/m ],
+ # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
+
+ ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
+ ['CAI eTrust Antivirus', 'etrust-wrapper',
+ '-arc -nex -spm h {}', [0], [101],
+ qr/is infected by virus: (.+)/m ],
+ # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
+ # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
+
+ ### http://mks.com.pl/english.html
+ ['MkS_Vir for Linux (beta)', ['mks32','mks'],
+ '-s {}/*', [0], [1,2],
+ qr/--[ \t]*(.+)/m ],
+
+ ### http://mks.com.pl/english.html
+ ['MkS_Vir daemon', 'mksscan',
+ '-s -q {}', [0], [1..7],
+ qr/^... (\S+)/m ],
+
+# ### http://www.nod32.com/, version v2.52 (old)
+# ['ESET NOD32 for Linux Mail servers',
+# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
+# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '.
+# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '.
+# '--action-on-notscanned=accept {}',
+# [0,3], [1,2], qr/virus="([^"]+)"/m ],
+
+# ### http://www.eset.com/, version v2.7 (old)
+# ['ESET NOD32 Linux Mail Server - command line interface',
+# ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
+# '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ],
+
+# ### http://www.eset.com/, version 2.71.12
+# ['ESET Software ESETS Command Line Interface',
+# ['/usr/bin/esets_cli', 'esets_cli'],
+# '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ],
+
+ ### http://www.eset.com/, version 3.0
+ ['ESET Software ESETS Command Line Interface',
+ ['/usr/bin/esets_cli', 'esets_cli'],
+ '--subdir {}', [0], [2,3],
+ qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
+
+ ## http://www.nod32.com/, NOD32LFS version 2.5 and above
+ ['ESET NOD32 for Linux File servers',
+ ['/opt/eset/nod32/sbin/nod32','nod32'],
+ '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
+ '-w -a --action=1 -b {}',
+ [0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
+
+# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
+# ['ESET Software NOD32 Client/Server (NOD32SS)',
+# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT
+# ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
+# qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ],
+
+# Disabled as it conflicts with packaged /usr/bin/nvcc of "nvidia-cuda-toolkit"
+# (LP: 1582318)
+# ### http://www.norman.com/products_nvc.shtml
+# ['Norman Virus Control v5 / Linux', 'nvcc',
+# '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
+# qr/(?i).* virus in .* -> \'(.+)\'/m ],
+
+ ### http://www.pandasoftware.com/
+ ['Panda CommandLineSecure 9 for Linux',
+ ['/opt/pavcl/usr/bin/pavcl','pavcl'],
+ '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
+ qr/Number of files infected[ .]*: 0+(?!\d)/m,
+ qr/Number of files infected[ .]*: 0*[1-9]/m,
+ qr/Found virus :\s*(\S+)/m ],
+ # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
+ # before starting amavisd - the bases are then loaded only once at startup.
+ # To reload bases in a signature update script:
+ # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
+ # Please review other options of pavcl, for example:
+ # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
+
+# ### http://www.pandasoftware.com/
+# ['Panda Antivirus for Linux', ['pavcl'],
+# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
+# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
+# qr/Found virus :\s*(\S+)/m ],
+
+# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
+# Check your RAV license terms before fiddling with the following two lines!
+# ['GeCAD RAV AntiVirus 8', 'ravav',
+# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ],
+# # NOTE: the command line switches changed with scan engine 8.5 !
+# # (btw, assigning stdin to /dev/null causes RAV to fail)
+
+ ### http://www.nai.com/
+ ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
+ '--secure -rv --mime --summary --noboot - {}', [0], [13],
+ qr/(?x) Found (?:
+ \ the\ (.+)\ (?:virus|trojan) |
+ \ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
+ :\ (.+)\ NOT\ a\ virus)/m,
+ # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
+ # sub {delete $ENV{LD_PRELOAD}},
+ ],
+ # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
+ # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
+ # and then clear it when finished to avoid confusing anything else.
+ # NOTE2: to treat encrypted files as viruses replace the [13] with:
+ # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
+
+ ### http://www.virusbuster.hu/en/
+ ['VirusBuster', ['vbuster', 'vbengcl'],
+ "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
+ qr/: '(.*)' - Virus/m ],
+ # VirusBuster Ltd. does not support the daemon version for the workstation
+ # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
+ # binaries, some parameters AND return codes have changed (from 3 to 1).
+ # See also the new Vexira entry 'vascan' which is possibly related.
+
+# ### http://www.virusbuster.hu/en/
+# ['VirusBuster (Client + Daemon)', 'vbengd',
+# '-f -log scandir {}', [0], [3],
+# qr/Virus found = (.*);/m ],
+# # HINT: for an infected file it always returns 3,
+# # although the man-page tells a different story
+
+ ### http://www.cyber.com/
+ ['CyberSoft VFind', 'vfind',
+ '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
+ # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
+ ],
+
+ ### http://www.avast.com/
+ ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
+ '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
+
+ ### http://www.ikarus-software.com/
+ ['Ikarus AntiVirus for Linux', 'ikarus',
+ '{}', [0], [40], qr/Signature (.+) found/m ],
+
+ ### http://www.bitdefender.com/
+ ['BitDefender', 'bdscan', # new version
+ '--action=ignore --no-list {}', qr/^Infected files *:0+(?!\d)/m,
+ qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
+ qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
+
+ ### http://www.bitdefender.com/
+ ['BitDefender', 'bdc', # old version
+ '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
+ qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
+ qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
+ # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may
+ # not apply to your version of bdc, check documentation and see 'bdc --help'
+
+ ### ArcaVir for Linux and Unix http://www.arcabit.pl/
+ ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
+ '-v 1 -summary 0 -s {}', [0], [1,2],
+ qr/(?:VIR|WIR):[ \t]*(.+)/m ],
+
+# ['File::Scan', sub {Amavis::AV::ask_av(sub{
+# use File::Scan; my($fn)=@_;
+# my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
+# my($vname) = $f->scan($fn);
+# $f->error ? (2,"Error: ".$f->error)
+# : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
+# ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ],
+
+# ### fully-fledged checker for JPEG marker segments of invalid length
+# ['check-jpeg',
+# sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
+# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ],
+# # NOTE: place file JpegTester.pm somewhere where Perl can find it,
+# # for example in /usr/local/lib/perl5/site_perl
+
+# ### example: simpleminded checker for JPEG marker segments with
+# ### invalid length (only checks first 32k, which is not thorough enough)
+# ['check-jpeg-simple',
+# sub { Amavis::AV::ask_av(sub {
+# my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg');
+# open(FF,$f) or die "jpeg: open err $f: $!";
+# binmode(FF) or die "jpeg: binmode err $f: $!";
+# defined read(FF,$_,32000) or die "jpeg: read err $f: $!";
+# close(FF) or die "jpeg: close err $f: $!";
+# if (/^\xff\xd8\xff/) {
+# @r=(0,'jpeg ok');
+# while (!/\G(?:\xff\xd9|\z)/gc) { # EOI or eof
+# if (/\G\xff+(?=\xff|\z)/gc) {} # fill-bytes before marker
+# elsif (/\G\xff([\x01\xd0-\xd8])/gc) {} # TEM, RSTi, SOI
+# elsif (/\G\xff([^\x00\xff])(..)/gcs) { # marker segment start
+# my($n)=unpack("n",$2)-2;
+# $n=32766 if $n>32766; # Perl regexp limit
+# if ($n<0) {@r=(1,"bad jpeg: len=$n, pos=".pos); last}
+# elsif (/\G.{$n}/gcs) {} # ok
+# elsif (/\G.{0,$n}\z/gcs) {last} # truncated
+# else {@r=(1,"bad jpeg: unexpected, pos=".pos); last}
+# }
+# elsif (/\G[^\xff]+/gc) {} # ECS
+# elsif (/\G(?:\xff\x00)+/gc) {} # ECS
+# else {@r=(2,"bad jpeg: unexpected char, pos=".pos); last}
+# }
+# }; @r}, @_) },
+# ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ],
+
+# ### an example/testing/template virus scanner (external), wastes 3 seconds
+# ['wasteful sleeper example',
+# '/bin/sleep', '3', # calls external program
+# undef, undef, qr/no such/m ],
+
+# ### an example/testing/template virus scanner (internal), does nothing
+# ['null',
+# sub {}, ["{}"], # supplies its own subroutine, no external program
+# undef, undef, qr/no such/m ],
+
+);
+
+
+# If no virus scanners from the @av_scanners list produce 'clean' nor
+# 'infected' status (i.e. they all fail to run or the list is empty),
+# then _all_ scanners from the @av_scanners_backup list are tried
+# (again, subject to $first_infected_stops_scan). When there are both
+# daemonized and equivalent or similar command-line scanners available,
+# it is customary to place slower command-line scanners in the
+# @av_scanners_backup list. The default choice is somewhat arbitrary,
+# move entries from one list to another as desired, keeping main scanners
+# in the primary list to avoid warnings.
+
+@av_scanners_backup = (
+
+ ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
+ ['ClamAV-clamscan', 'clamscan',
+ "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
+ [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
+
+ ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6
+ ['F-PROT Antivirus for UNIX', ['fpscan'],
+ '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10
+ [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
+ qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
+
+ ### http://www.f-prot.com/ - backs up F-Prot Daemon (old)
+ ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
+ '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8],
+ qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
+
+ ### http://www.trendmicro.com/ - backs up Trophie
+ ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
+ '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
+
+ ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
+ ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier
+ ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
+ '-path={} -al -go -ot -cn -upn -ok-',
+ [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
+
+ ### http://www.kaspersky.com/
+ ['Kaspersky Antivirus v5.5',
+ ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
+ '/opt/kav/5.5/kav4unix/bin/kavscanner',
+ '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
+ '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
+ qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
+# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
+# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
+ ],
+
+# Commented out because the name 'sweep' clashes with Debian and FreeBSD
+# package/port of an audio editor. Make sure the correct 'sweep' is found
+# in the path when enabling.
+#
+# ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl
+# ['Sophos Anti Virus (sweep)', 'sweep',
+# '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
+# '--no-reset-atime {}',
+# [0,2], qr/Virus .*? found/m,
+# qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m,
+# ],
+# # other options to consider: -idedir=/usr/local/sav
+
+# Always succeeds and considers mail clean.
+# Potentially useful when all other scanners fail and it is desirable
+# to let mail continue to flow with no virus checking (when uncommented).
+# ['always-clean', sub {0}],
+
+);
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+# You can modify this file to re-enable SPAM checking through spamassassin
+# and to re-enable antivirus checking.
+
+#
+# Default antivirus checking mode
+# Please note, that anti-virus checking is DISABLED by
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+#@bypass_virus_checks_maps = (
+# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
+
+
+#
+# Default SPAM checking mode
+# Please note, that anti-spam checking is DISABLED by
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+#@bypass_spam_checks_maps = (
+# \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+# ADMINISTRATORS:
+# Debian suggests that any changes you need to do that should never
+# be "updated" by the Debian package should be made in another file,
+# overriding the settings in this file.
+#
+# The package will *not* overwrite your settings, but by keeping
+# them separate, you will make the task of merging changes on these
+# configuration files much simpler...
+
+# see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for
+# a list of all variables with their defaults;
+# see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for
+# a traditional-style commented file
+# [note: the above files were not converted to Debian settings!]
+#
+# for more details see documentation in /usr/share/doc/amavisd-new
+# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
+
+$QUARANTINEDIR = "$MYHOME/virusmails";
+$quarantine_subdir_levels = 1; # enable quarantine dir hashing
+
+$log_recip_templ = undef; # disable by-recipient level-0 log entries
+$DO_SYSLOG = 1; # log via syslogd (preferred)
+$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages
+$syslog_facility = 'mail';
+$syslog_priority = 'debug'; # switch to info to drop debug output, etc
+
+$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
+$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
+
+$inet_socket_port = 10024; # default listening socket
+
+$sa_spam_subject_tag = '***SPAM*** ';
+$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
+$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
+
+$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
+$sa_local_tests_only = 0; # only tests which do not require internet access?
+
+# Quota limits to avoid bombs (like 42.zip)
+
+$MAXLEVELS = 14;
+$MAXFILES = 1500;
+$MIN_EXPANSION_QUOTA = 100*1024; # bytes
+$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes
+
+# You should:
+# Use D_DISCARD to discard data (viruses)
+# Use D_BOUNCE to generate local bounces by amavisd-new
+# Use D_REJECT to generate local or remote bounces by the calling MTA
+# Use D_PASS to deliver the message
+#
+# Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding*
+# mail to your account. Use D_BOUNCE instead, otherwise you are delegating
+# the bounce work to your friendly forwarders, which might not like it at all.
+#
+# On dual-MTA setups, one can often D_REJECT, as this just makes your own
+# MTA generate the bounce message. Test it first.
+#
+# Bouncing viruses is stupid, always discard them after you are sure the AV
+# is working correctly. Bouncing real SPAM is also useless, if you cannot
+# D_REJECT it (and don't D_REJECT mail coming from your forwarders!).
+
+$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
+$final_banned_destiny = D_DISCARD;
+$final_spam_destiny = D_PASS;
+$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)
+
+$enable_dkim_verification = 0; #disabled to prevent warning
+
+$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
+
+# Set to empty ("") to add no header
+$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";
+
+# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS
+
+#
+# DO NOT SEND VIRUS NOTIFICATIONS TO OUTSIDE OF YOUR DOMAIN. EVER.
+#
+# These days, almost all viruses fake the envelope sender and mail headers.
+# Therefore, "virus notifications" became nothing but undesired, aggravating
+# SPAM. This holds true even inside one's domain. We disable them all by
+# default, except for the EICAR test pattern.
+#
+
+@viruses_that_fake_sender_maps = (new_RE(
+ [qr'\bEICAR\b'i => 0], # av test pattern name
+ [qr/.*/ => 1], # true for everything else
+));
+
+@keep_decoded_original_maps = (new_RE(
+# qr'^MAIL$', # retain full original message for virus checking (can be slow)
+ qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
+ qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
+# qr'^Zip archive data', # don't trust Archive::Zip
+));
+
+
+# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample
+
+$banned_filename_re = new_RE(
+# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
+
+ # block certain double extensions anywhere in the base name
+ qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
+
+ qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict
+
+ qr'^application/x-msdownload$'i, # block these MIME types
+ qr'^application/x-msdos-program$'i,
+ qr'^application/hta$'i,
+
+# qr'^application/x-msmetafile$'i, # Windows Metafile MIME type
+# qr'^\.wmf$', # Windows Metafile file(1) type
+
+# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types
+
+# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
+# [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
+# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives
+# [ qr'^application/x-zip-compressed$'i => 0], # allow any within such archives
+
+ qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
+# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
+# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
+# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
+# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
+
+# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
+
+ qr'^\.(exe-ms)$', # banned file(1) types
+# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
+);
+# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
+# and http://www.cknow.com/vtutor/vtextensions.htm
+
+
+# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
+
+@score_sender_maps = ({ # a by-recipient hash lookup table,
+ # results from all matching recipient tables are summed
+
+# ## per-recipient personal tables (NOTE: positive: black, negative: white)
+# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}],
+# 'user3@example.com' => [{'.ebay.com' => -3.0}],
+# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0,
+# '.cleargreen.com' => -5.0}],
+
+ ## site-wide opinions about senders (the '.' matches any recipient)
+ '.' => [ # the _first_ matching sender determines the score boost
+
+ new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
+ [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
+ [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
+ [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
+ [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
+ [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
+ [qr'^(your_friend|greatoffers)@'i => 5.0],
+ [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
+ ),
+
+# read_hash("/var/amavis/sender_scores_sitewide"),
+
+# This are some examples for whitelists, since envelope senders can be forged
+# they are not enabled by default.
+ { # a hash-type lookup table (associative array)
+ #'nobody@cert.org' => -3.0,
+ #'cert-advisory@us-cert.gov' => -3.0,
+ #'owner-alert@iss.net' => -3.0,
+ #'slashdot@slashdot.org' => -3.0,
+ #'securityfocus.com' => -3.0,
+ #'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
+ #'security-alerts@linuxsecurity.com' => -3.0,
+ #'mailman-announce-admin@python.org' => -3.0,
+ #'amavis-user-admin@lists.sourceforge.net'=> -3.0,
+ #'amavis-user-bounces@lists.sourceforge.net' => -3.0,
+ #'spamassassin.apache.org' => -3.0,
+ #'notification-return@lists.sophos.com' => -3.0,
+ #'owner-postfix-users@postfix.org' => -3.0,
+ #'owner-postfix-announce@postfix.org' => -3.0,
+ #'owner-sendmail-announce@lists.sendmail.org' => -3.0,
+ #'sendmail-announce-request@lists.sendmail.org' => -3.0,
+ #'donotreply@sendmail.org' => -3.0,
+ #'ca+envelope@sendmail.org' => -3.0,
+ #'noreply@freshmeat.net' => -3.0,
+ #'owner-technews@postel.acm.org' => -3.0,
+ #'ietf-123-owner@loki.ietf.org' => -3.0,
+ #'cvs-commits-list-admin@gnome.org' => -3.0,
+ #'rt-users-admin@lists.fsck.com' => -3.0,
+ #'clp-request@comp.nus.edu.sg' => -3.0,
+ #'surveys-errors@lists.nua.ie' => -3.0,
+ #'emailnews@genomeweb.com' => -5.0,
+ #'yahoo-dev-null@yahoo-inc.com' => -3.0,
+ #'returns.groups.yahoo.com' => -3.0,
+ #'clusternews@linuxnetworx.com' => -3.0,
+ #lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
+ #lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
+
+ # soft-blacklisting (positive score)
+ #'sender@example.net' => 3.0,
+ #'.example.net' => 1.0,
+
+ },
+ ], # end of site-wide tables
+});
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+##
+## Functionality required for amavis helpers like
+## amavis-release.
+##
+
+# Enable required AM.PDP protocol socket.
+#
+# this is incompatible with the old helpers, but one can
+# have multiple inet (not unix) sockets to overcome this
+# issue. Refer to the amavisd-new documentation for more
+# information
+
+$unix_socketname = "/var/lib/amavis/amavisd.sock";
+
+$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
+$policy_bank{'AM.PDP-SOCK'} = {
+ protocol => 'AM.PDP',
+ auth_required_release => 0, # don't require secret-id for release
+};
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+# l10n (localization) of the AMaViSd-new DSN templates
+# Override or change as necessary
+
+# Select notifications text encoding when Unicode-aware Perl is converting
+# text from internal character representation to external encoding (charset
+# in MIME terminology). Used as argument to Perl Encode::encode subroutine.
+#
+# to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
+#$hdr_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
+#
+# to be used in notification body text: its encoding and Content-type.charset
+#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
+
+# Default template texts for notifications may be overruled by directly
+# assigning new text to template variables, or by reading template text
+# from files. A second argument may be specified in a call to read_text(),
+# specifying character encoding layer to be used when reading from the
+# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
+# Text will be converted to internal character representation by Perl 5.8.0
+# or later; second argument is ignored otherwise. See PerlIO::encoding,
+# Encode::PerlIO and perluniintro man pages.
+#
+# $notify_sender_templ = read_text('/var/amavis/notify_sender.txt');
+# $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
+# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
+# $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
+# $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
+# $notify_spam_admin_templ = read_text('/var/amavis/notify_spam_admin.txt');
+
+# If notification template files are collectively available in some directory,
+# you can use read_l10n_templates which calls read_text for each known
+# template. Name the files as above, and include a file named "charset" with
+# the charset used in the files. This is how Debian ships l10n templates.
+#
+# syntax: read_l10n_templates(<directory>); OR
+# read_l10n_templates(<subdirectory>, <master directory>);
+#
+read_l10n_templates('en_US', '/etc/amavis');
+
+1; # ensure a defined return
--- /dev/null
+use strict;
+
+#
+# Place your configuration directives here. They will override those in
+# earlier files.
+#
+# See /usr/share/doc/amavisd-new/ for documentation and examples of
+# the directives you can use in this file
+#
+
+
+#------------ Do not modify anything below this line -------------
+1; # ensure a defined return
--- /dev/null
+# This is charset for en_US messages.
+# If you are creating new messages, use 'iconv -l' to get possible encodings.
+ascii # or iso-8859-1
+ignored lines after first one
--- /dev/null
+#
+# =============================================================================
+# This is a template for the plain text part of an auto response (e.g.
+# vacation, out-of-office), see RFC 3834.
+#
+From: %f
+Date: %d
+To: [? %#T |undisclosed-recipients:;|[%T|, ]]
+[? %#C |#|Cc: [%C|, ]]
+Reply-To: postmaster@%h
+Message-ID: <ARE%i@%h>
+Auto-Submitted: auto-replied
+[:wrap|76||\t|Subject: Auto: autoresponse to: %s]
+[? %m |#|In-Reply-To: %m]
+Precedence: junk
+
+This is an auto-response to a message \
+[? %a |\nreceived on %d,|received from\nIP address \[%a\] on %d,]
+envelope sender: %s
+(author) From: [:rfc2822_from]
+[? %j |#|[:wrap|78|| |Subject: %j]]
+[?[:dkim|author]|#|
+A first-party DKIM or DomainKeys signature is valid, d=[:dkim|author].]
--- /dev/null
+#
+# =============================================================================
+# This is a template for (neutral: non-virus, non-spam, non-banned)
+# DELIVERY STATUS NOTIFICATIONS to sender.
+# For syntax and customization instructions see README.customize.
+# The From, To and Date header fields will be provided automatically.
+# Long header fields will be automatically wrapped by the program.
+#
+Subject: [?%#D|Undeliverable mail|Delivery status notification]\
+[? [:ccat|major] |||, MTA-BLOCKED\
+|, OVERSIZED message\
+|, invalid header section[=explain_badh|1]\
+[?[:ccat|minor]||: bad MIME|: unencoded 8-bit character\
+|: improper use of control char|: all-whitespace header line\
+|: header line longer than 998 characters|: header field syntax error\
+|: missing required header field|: duplicate header field|]\
+|, UNSOLICITED BULK EMAIL apparently from you\
+|, UNSOLICITED BULK EMAIL apparently from you\
+|, contents UNCHECKED\
+|, BANNED contents type (%F)\
+|, VIRUS in message apparently from you (%V)\
+]
+Message-ID: <DSN%i@%h>
+
+[? %#D |#|Your message WAS SUCCESSFULLY RELAYED to:[\n %D]
+[~[:dsn_notify]|["\\bSUCCESS\\b"]|\
+and you explicitly requested a delivery status notification on success.\n]\
+]
+[? %#N |#|The message WAS NOT relayed to:[\n %N]
+]
+[:wrap|78|||This [?%#D|nondelivery|delivery] report was \
+generated by the program amavisd-new at host %h. \
+Our internal reference code for your message is %n/%i]
+
+# ccat_min 0: other, 1: bad MIME, 2: 8-bit char, 3: NUL/CR,
+# 4: empty, 5: long, 6: syntax, 7: missing, 8: multiple
+[? [:explain_badh] ||[? [:ccat|minor]
+|INVALID HEADER
+|INVALID HEADER: BAD MIME HEADER SECTION OR BAD MIME STRUCTURE
+|INVALID HEADER: INVALID 8-BIT CHARACTERS IN HEADER SECTION
+|INVALID HEADER: INVALID CONTROL CHARACTERS IN HEADER SECTION
+|INVALID HEADER: FOLDED HEADER FIELD LINE MADE UP ENTIRELY OF WHITESPACE
+|INVALID HEADER: HEADER LINE LONGER THAN RFC 5322 LIMIT OF 998 CHARACTERS
+|INVALID HEADER: HEADER FIELD SYNTAX ERROR
+|INVALID HEADER: MISSING REQUIRED HEADER FIELD
+|INVALID HEADER: DUPLICATE HEADER FIELD
+|INVALID HEADER
+]
+[[:wrap|78| | |%X]\n]
+]\
+#
+[:wrap|78|| |Return-Path: %s[?[:dkim|envsender]|| (OK)]]
+[:wrap|78|| |From: [:header_field|From|100][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|\
+[:wrap|78|| |Sender: [:header_field|Sender|100]\
+[?[:dkim|sender]|| (dkim:SENDER)]]]
+[? %m |#|[:wrap|78|| |Message-ID: %m]]
+[? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+[? %#X|#|[? [:useragent] |#|[:wrap|78|| |[:useragent]]]]
+[? %j |#|[:wrap|78|| |Subject: [:header_field|Subject|100]]]
+
+# ccat_min 0: other, 1: bad MIME, 2: 8-bit char, 3: NUL/CR,
+# 4: empty, 5: long, 6: syntax, 7: missing, 8: multiple
+[? [:explain_badh] ||[? [:ccat|minor]
+|# 0: other
+|# 1: bad MIME
+|# 2: 8-bit char
+WHAT IS AN INVALID CHARACTER IN A MAIL HEADER SECTION?
+
+ The RFC 5322 document specifies rules for forming internet messages.
+ It does not allow the use of characters with codes above 127 to be
+ used directly (non-encoded) in a mail header section.
+
+ If such characters (e.g. with diacritics) from ISO Latin or other
+ alphabets need to be included in a header section, these characters
+ need to be properly encoded according to RFC 2047. Such encoding
+ is often done transparently by mail reader (MUA), but if automatic
+ encoding is not available (e.g. by some older MUA) it is a user's
+ responsibility to avoid using such characters in a header section,
+ or to encode them manually. Typically the offending header fields
+ in this category are 'Subject', 'Organization', and comment fields
+ or display names in e-mail addresses of 'From', 'To' or 'Cc'.
+
+ Sometimes such invalid header fields are inserted automatically
+ by some MUA, MTA, content filter, or other mail handling service.
+ If this is the case, such service needs to be fixed or properly
+ configured. Typically the offending header fields in this category
+ are 'Date', 'Received', 'X-Mailer', 'X-Priority', 'X-Scanned', etc.
+
+ If you don't know how to fix or avoid the problem, please report it
+ to _your_ postmaster or system manager.
+#
+[~[:useragent]|^X-Mailer:\\s*Microsoft Outlook Express 6\\.00|["
+ If using Microsoft Outlook Express as your MUA, make sure its
+ settings under:
+ Tools -> Options -> Send -> Mail Sending Format -> Plain & HTML
+ are: "MIME format" MUST BE selected,
+ and "Allow 8-bit characters in headers" MUST NOT be enabled!
+"]]#
+|# 3: NUL/CR
+IMPROPER USE OF CONTROL CHARACTER IN A MESSAGE HEADER SECTION
+
+ The RFC 5322 document specifies rules for forming internet messages.
+ It does not allow the use of control characters NUL and bare CR
+ to be used directly in a mail header section.
+|# 4: empty
+IMPROPERLY FOLDED HEADER FIELD LINE MADE UP ENTIRELY OF WHITESPACE
+
+ The RFC 5322 document specifies rules for forming internet messages.
+ In section '3.2.2. Folding white space and comments' it explicitly
+ prohibits folding of header fields in such a way that any line of a
+ folded header field is made up entirely of white-space characters
+ (control characters SP and HTAB) and nothing else.
+|# 5: long
+HEADER LINE LONGER THAN RFC 5322 LIMIT OF 998 CHARACTERS
+
+ The RFC 5322 document specifies rules for forming internet messages.
+ Section '2.1.1. Line Length Limits' prohibits each line of a header
+ section to be more than 998 characters in length (excluding the CRLF).
+|# 6: syntax
+|# 7: missing
+MISSING REQUIRED HEADER FIELD
+
+ The RFC 5322 document specifies rules for forming internet messages.
+ Section '3.6. Field Definitions' specifies that certain header fields
+ are required (origination date field and the "From:" originator field).
+|# 8: multiple
+DUPLICATE HEADER FIELD
+
+ The RFC 5322 document specifies rules for forming internet messages.
+ Section '3.6. Field Definitions' specifies that certain header fields
+ must not occur more than once in a message header section.
+|# other
+]]#
--- /dev/null
+#
+# =============================================================================
+# This is a template for the plain text part of a problem/feedback report,
+# with either the original message included in-line, or attached,
+# or the message is structured as a FEEDBACK REPORT NOTIFICATIONS format.
+# See RFC 5965 - "An Extensible Format for Email Feedback Reports".
+#
+From: %f
+Date: %d
+Subject: Fw: %j
+To: [? %#T |undisclosed-recipients:;|[%T|, ]]
+[? %#C |#|Cc: [%C|, ]]
+Message-ID: <ARF%i@%h>
+#Auto-Submitted: auto-generated
+
+This is an e-mail [:feedback_type] report for a message \
+[? %a |\nreceived on %d,|received from\nIP address [:client_addr_port] on %d,]
+
+[:wrap|78|| |Return-Path: %s]
+[:wrap|78|| |From: [:header_field|From][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|[:wrap|78|| |Sender: [:header_field|Sender]]]
+[? %m |#|[:wrap|78|| |Message-ID: %m]]
+[? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+[? %j |#|[:wrap|78|| |Subject: [:header_field|Subject|100]]]
+[?[:dkim|author]|#|
+A first-party DKIM or DomainKeys signature is valid, d=[:dkim|author].]
+
+Reporting-MTA: %h
+Our internal reference code for the message is %n/%i
+
+[~[:report_format]|["^(arf|attach|dsn)$"]|["\
+A complete original message is attached.
+[~[:report_format]|["^arf$"]|\
+For more information on the ARF format please see RFC 5965.
+]"]|["\
+A complete original message in its pristine form follows:
+"]]#
--- /dev/null
+#
+# =============================================================================
+# This is a template for the plain text part of a RELEASE FROM A QUARANTINE,
+# applicable if a chosen release format is 'attach' (not 'resend').
+#
+From: %f
+Date: %d
+Subject: \[released message\] %j
+To: [? %#T |undisclosed-recipients:;|[%T|, ]]
+[? %#C |#|Cc: [%C|, ]]
+Message-ID: <QRA%i@%h>
+
+Please find attached a message which was held in a quarantine,
+and has now been released.
+
+[:wrap|78|| |Return-Path: %s[?[:dkim|envsender]|| (OK)]]
+[:wrap|78|| |From: [:header_field|From][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|\
+[:wrap|78|| |Sender: [:header_field|Sender]\
+[?[:dkim|sender]|| (dkim:SENDER)]]]
+# [? %m |#|[:wrap|78|| |Message-ID: %m]]
+# [? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+# [? [:useragent] |#|[:wrap|78|| |[:useragent]]]
+[? %j |#|[:wrap|78|| |Subject: %j]]
+
+Our internal reference code for the message is %n/%i
+#
+[~[:report_format]|["^attach$"]|["[? [:attachment_password] |#|
+
+Contents of the attached mail message may pose a threat to your computer or
+could be a social engineering deception, so it should be handled cautiously.
+To prevent undesired automatic opening, the attached original mail message
+has been wrapped in a password-protected ZIP archive.
+
+Here is the password that allows opening of the attached archive:
+
+ [:attachment_password]
+
+Note that the attachment is not strongly encrypted and the password
+is not a strong secret (being displayed in this non-encrypted text),
+so this attachment is not suitable for guarding a secret contents.
+The sole purpose of this password protection it to prevent undesired
+accidental or automatic opening of a message, either by some filtering
+software, a virus scanner, or by a mail reader.
+]"]|]#
--- /dev/null
+#
+# =============================================================================
+# This is a template for spam ADMINISTRATOR NOTIFICATIONS.
+# For syntax and customization instructions see README.customize.
+# Long header fields will be automatically wrapped by the program.
+#
+From: %f
+Date: %d
+Subject: Spam FROM [?%l||LOCAL ][?%a||[:client_addr_port] ]%s
+To: [? %#T |undisclosed-recipients:;|[%T|, ]]
+[? %#C |#|Cc: [%C|, ]]
+Message-ID: <SA%i@%h>
+
+Content type: [:ccat|name|main]#
+[? [:ccat|is_blocked_by_nonmain] ||, blocked for [:ccat|name]]
+Internal reference code for the message is %n/%i
+
+[? %a |#|[:wrap|78|| |First upstream SMTP client IP address: \[%a\] %g]]
+[? %e |#|[:wrap|78|| |According to a 'Received:' trace,\
+ the message apparently originated at: \[%e\], %t]]
+
+[:wrap|78|| |Return-Path: %s[?[:dkim|envsender]|| (OK)]]
+[:wrap|78|| |From: [:header_field|From][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|\
+[:wrap|78|| |Sender: [:header_field|Sender]\
+[?[:dkim|sender]|| (dkim:SENDER)]]]
+[? %m |#|[:wrap|78|| |Message-ID: %m]]
+[? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+[? [:useragent] |#|[:wrap|78|| |[:useragent]]]
+[? %j |#|[:wrap|78|| |Subject: %j]]
+[? %q |Not quarantined.|The message has been quarantined as: %q]
+
+[? %#D |#|The message WILL BE relayed to:[\n%D]
+]
+[? %#N |#|The message WAS NOT relayed to:[\n%N]
+]
+Spam scanner report:
+[%A
+]\
--- /dev/null
+#
+# =============================================================================
+# This is a template for spam SENDER NOTIFICATIONS.
+# For syntax and customization instructions see README.customize.
+# The From, To and Date header fields will be provided automatically.
+# Long header fields will be automatically wrapped by the program.
+#
+Subject: Considered UNSOLICITED BULK EMAIL, apparently from you
+[? %m |#|In-Reply-To: %m]
+Message-ID: <SS%i@%h>
+
+A message from %s[
+to: %R]
+
+was considered unsolicited bulk e-mail (UBE).
+
+Our internal reference code for your message is %n/%i
+
+The message carried your return address, so it was either a genuine mail
+from you, or a sender address was faked and your e-mail address abused
+by third party, in which case we apologize for undesired notification.
+
+We do try to minimize backscatter for more prominent cases of UBE and
+for infected mail, but for less obvious cases some balance between
+losing genuine mail and sending undesired backscatter is sought,
+and there can be some collateral damage on either side.
+
+[? %a |#|[:wrap|78|| |First upstream SMTP client IP address: \[%a\] %g]]
+[? %e |#|[:wrap|78|| |According to a 'Received:' trace,\
+ the message apparently originated at: \[%e\], %t]]
+
+[:wrap|78|| |Return-Path: %s[?[:dkim|envsender]|| (OK)]]
+[:wrap|78|| |From: [:header_field|From|100][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|\
+[:wrap|78|| |Sender: [:header_field|Sender|100]\
+[?[:dkim|sender]|| (dkim:SENDER)]]]
+[? %m |#|[:wrap|78|| |Message-ID: %m]]
+[? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+# [? [:useragent] |#|[:wrap|78|| |[:useragent]]]
+[? %j |#|[:wrap|78|| |Subject: [:header_field|Subject|100]]]
+[? %#X |#|\n[[:wrap|78|| |%X]\n]]
+
+[? %#D |Delivery of the email was stopped!
+]#
+#
+# Spam scanner report:
+# [%A
+# ]\
--- /dev/null
+#
+# =============================================================================
+# This is a template for non-spam (e.g. VIRUS,...) ADMINISTRATOR NOTIFICATIONS.
+# For syntax and customization instructions see README.customize.
+# Long header fields will be automatically wrapped by the program.
+#
+From: %f
+Date: %d
+Subject: [? [:ccat|major] |Clean mail|Clean mail|MTA-blocked mail|\
+OVERSIZED mail|INVALID HEADER in mail|Spammy|Spam|UNCHECKED contents in mail|\
+BANNED contents (%F) in mail|VIRUS (%V) in mail]\
+ FROM [?%l||LOCAL ][?%a||[:client_addr_port] ]%s
+To: [? %#T |undisclosed-recipients:;|[%T|, ]]
+[? %#C |#|Cc: [%C|, ]]
+Message-ID: <VA%i@%h>
+
+[? %#V |No viruses were found.
+|A virus was found: %V
+|Two viruses were found:\n %V
+|%#V viruses were found:\n %V
+]
+[? %#F |#|[:wrap|78|| |Banned [?%#F|names|name|names]: %F]]
+[? %#X |#|Bad header:[\n[:wrap|78| | |%X]]]
+[? %#W |#\
+|Scanner detecting a virus: %W
+|Scanners detecting a virus: %W
+]
+Content type: [:ccat|name|main]#
+[? [:ccat|is_blocked_by_nonmain] ||, blocked for [:ccat|name]]
+Internal reference code for the message is %n/%i
+
+[? %a |#|[:wrap|78|| |First upstream SMTP client IP address: \[%a\] %g]]
+[? %e |#|[:wrap|78|| |According to a 'Received:' trace,\
+ the message apparently originated at: \[%e\], %t]]
+
+[:wrap|78|| |Return-Path: %s[?[:dkim|envsender]|| (OK)]]
+[:wrap|78|| |From: [:header_field|From][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|\
+[:wrap|78|| |Sender: [:header_field|Sender]\
+[?[:dkim|sender]|| (dkim:SENDER)]]]
+[? %m |#|[:wrap|78|| |Message-ID: %m]]
+[? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+[? %j |#|[:wrap|78|| |Subject: %j]]
+[? %q |Not quarantined.|The message has been quarantined as: %q]
+
+[? %#S |Notification to sender will not be mailed.
+
+]#
+[? %#D |#|The message WILL BE relayed to:[\n%D]
+]
+[? %#N |#|The message WAS NOT relayed to:[\n%N]
+]
+[? %#V |#|[? %#v |#|Virus scanner output:[\n %v]
+]]
--- /dev/null
+#
+# =============================================================================
+# This is a template for VIRUS/BANNED/BAD-HEADER RECIPIENTS NOTIFICATIONS.
+# For syntax and customization instructions see README.customize.
+# Long header fields will be automatically wrapped by the program.
+#
+From: %f
+Date: %d
+Subject: [? [:ccat|major] |Clean mail|Clean mail|MTA-blocked mail|\
+OVERSIZED mail|INVALID HEADER in mail|Spammy|Spam|UNCHECKED contents in mail|\
+BANNED contents (%F) in mail|VIRUS (%V) in mail] TO YOU from %s
+[? [:header_field|To] |To: undisclosed-recipients:;|To: [:header_field|To]]
+[? [:header_field|Cc] |#|Cc: [:header_field|Cc]]
+Message-ID: <VR%i@%h>
+
+[? %#V |[? %#F ||BANNED CONTENTS ALERT]|VIRUS ALERT]
+
+Our content checker found
+[? %#V |#|[:wrap|78| | |[?%#V|viruses|virus|viruses]: %V]]
+[? %#F |#|[:wrap|78| | |banned [?%#F|names|name|names]: %F]]
+[? %#X |#|[[:wrap|78| | |%X]\n]]
+
+in an email to you [? %#V |from:|from probably faked sender:]
+ %o
+[? %#V |#|claiming to be: %s]
+
+Content type: [:ccat|name|main]#
+[? [:ccat|is_blocked_by_nonmain] ||, blocked for [:ccat|name]]
+Our internal reference code for your message is %n/%i
+
+[? %a |#|[:wrap|78|| |First upstream SMTP client IP address: \[%a\] %g]]
+[? %e |#|[:wrap|78|| |According to a 'Received:' trace,\
+ the message apparently originated at: \[%e\], %t]]
+
+[:wrap|78|| |Return-Path: %s[?[:dkim|envsender]|| (OK)]]
+[:wrap|78|| |From: [:header_field|From][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|\
+[:wrap|78|| |Sender: [:header_field|Sender]\
+[?[:dkim|sender]|| (dkim:SENDER)]]]
+[? %m |#|[:wrap|78|| |Message-ID: %m]]
+[? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+[? [:useragent] |#|[:wrap|78|| |[:useragent]]]
+[? %j |#|[:wrap|78|| |Subject: %j]]
+[? %q |Not quarantined.|The message has been quarantined as: %q]
+
+Please contact your system administrator for details.
--- /dev/null
+#
+# =============================================================================
+# This is a template for VIRUS/BANNED SENDER NOTIFICATIONS.
+# For syntax and customization instructions see README.customize.
+# The From, To and Date header fields will be provided automatically.
+# Long header fields will be automatically wrapped by the program.
+#
+Subject: [? [:ccat|major]
+|Clean message from you\
+|Clean message from you\
+|Clean message from you (MTA blocked)\
+|OVERSIZED message from you\
+|BAD-HEADER in message from you\
+|Spam claiming to be from you\
+|Spam claiming to be from you\
+|A message with UNCHECKED contents from you\
+|BANNED contents from you (%F)\
+|VIRUS in message apparently from you (%V)\
+]
+[? %m |#|In-Reply-To: %m]
+Message-ID: <VS%i@%h>
+
+[? [:ccat|major] |Clean|Clean|MTA-BLOCKED|OVERSIZED|INVALID HEADER|\
+Spammy|Spam|UNCHECKED contents|BANNED CONTENTS ALERT|VIRUS ALERT]
+
+Our content checker found
+[? %#V |#|[:wrap|78| | |[? %#V |viruses|virus|viruses]: %V]]
+[? %#F |#|[:wrap|78| | |banned [? %#F |names|name|names]: %F]]
+[? %#X |#|[[:wrap|78| | |%X]\n]]
+
+in email presumably from you %s
+to the following [? %#R |recipients|recipient|recipients]:[
+-> %R]
+
+Our internal reference code for your message is %n/%i
+
+[? %a |#|[:wrap|78|| |First upstream SMTP client IP address: \[%a\] %g]]
+[? %e |#|[:wrap|78|| |According to a 'Received:' trace,\
+ the message apparently originated at: \[%e\], %t]]
+
+[:wrap|78|| |Return-Path: %s[?[:dkim|envsender]|| (OK)]]
+[:wrap|78|| |From: [:header_field|From|100][?[:dkim|author]|| (dkim:AUTHOR)]]
+[? [:header_field|Sender]|#|\
+[:wrap|78|| |Sender: [:header_field|Sender|100]\
+[?[:dkim|sender]|| (dkim:SENDER)]]]
+[? %m |#|[:wrap|78|| |Message-ID: %m]]
+[? %r |#|[:wrap|78|| |Resent-Message-ID: %r]]
+[? %j |#|[:wrap|78|| |Subject: [:header_field|Subject|100]]]
+
+[? %#D |Delivery of the email was stopped!
+
+]#
+[? %#V ||Please check your system for viruses,
+or ask your system administrator to do so.
+
+]#
+[? %#V |[? %#F ||#
+The message [?%#D|has been blocked|triggered this warning] because it contains a component
+(as a MIME part or nested within) with declared name
+or MIME type or contents type violating our access policy.
+
+To transfer contents that may be considered risky or unwanted
+by site policies, or simply too large for mailing, please consider
+publishing your content on the web, and only sending an URL of the
+document to the recipient.
+
+Depending on the recipient and sender site policies, with a little
+effort it might still be possible to send any contents (including
+viruses) using one of the following methods:
+
+- encrypted using pgp, gpg or other encryption methods;
+
+- wrapped in a password-protected or scrambled container or archive
+ (e.g.: zip -e, arj -g, arc g, rar -p, or other methods)
+
+Note that if the contents is not intended to be secret, the
+encryption key or password may be included in the same message
+for recipient's convenience.
+
+We are sorry for inconvenience if the contents was not malicious.
+
+The purpose of these restrictions is to cut the most common propagation
+methods used by viruses and other malware. These often exploit automatic
+mechanisms and security holes in more popular mail readers (Microsoft
+mail readers and browsers are a common target). By requiring an explicit
+and decisive action from the recipient to decode mail, the danger of
+automatic malware propagation is largely reduced.
+#
+# Details of our mail restrictions policy are available at ...
+
+]]#
--- /dev/null
+# Redirect to local php-fpm if mod_php is not available
+<IfModule !mod_php7.c>
+<IfModule proxy_fcgi_module>
+ # Enable http authorization headers
+ <IfModule setenvif_module>
+ SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+ </IfModule>
+
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler "proxy:unix:/run/php/php7.3-fpm.sock|fcgi://localhost"
+ </FilesMatch>
+ <FilesMatch ".+\.phps$">
+ # Deny access to raw php sources by default
+ # To re-enable it's recommended to enable access to the files
+ # only in specific virtual host or directory
+ Require all denied
+ </FilesMatch>
+ # Deny access to files without filename (e.g. '.php')
+ <FilesMatch "^\.ph(ar|p|ps|tml)$">
+ Require all denied
+ </FilesMatch>
+</IfModule>
+</IfModule>
--- /dev/null
+# vim:syntax=apparmor
+# Author: Jamie Strandboge <jamie@ubuntu.com>
+# Last Modified: Sun Aug 3 09:39:03 2008
+
+#include <tunables/global>
+
+/usr/bin/freshclam flags=(attach_disconnected) {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/user-tmp>
+ #include <abstractions/openssl>
+
+ capability setgid,
+ capability setuid,
+
+ @{PROC}/filesystems r,
+ owner @{PROC}/[0-9]*/status r,
+
+ /etc/clamav/clamd.conf r,
+ /etc/clamav/freshclam.conf r,
+ /etc/clamav/onerrorexecute.d/* mr,
+ /etc/clamav/onupdateexecute.d/* mr,
+ /etc/clamav/virusevent.d/* mr,
+
+ owner @{HOME}/.clamtk/db/ rw,
+ owner @{HOME}/.clamtk/db/** rwk,
+
+ owner @{HOME}/.klamav/database/ rw,
+ owner @{HOME}/.klamav/database/** rwk,
+
+ /usr/bin/freshclam mr,
+
+ /var/lib/clamav/ r,
+ /var/lib/clamav/** krw,
+
+ /var/log/clamav/* krw,
+ /{,var/}run/clamav/freshclam.pid w,
+ /{,var/}run/clamav/clamd.ctl rw,
+
+ deny /{,var/}run/samba/{gencache,unexpected}.tdb mrwkl,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.freshclam>
+}
--- /dev/null
+# vim:syntax=apparmor
+# Author: Jamie Strandboge <jamie@ubuntu.com>
+# Last Modified: Sun Aug 3 09:39:03 2008
+
+#include <tunables/global>
+
+/usr/sbin/clamd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/openssl>
+
+ # LP: #433764:
+ capability dac_override,
+
+ # needed, when using systemd
+ capability setgid,
+ capability setuid,
+
+ @{PROC}/filesystems r,
+ @{PROC}/[0-9]*/status r,
+
+ /etc/clamav/clamd.conf r,
+
+ /usr/sbin/clamd mr,
+
+ /tmp/ rw,
+ /tmp/** krw,
+
+ /var/lib/clamav/ r,
+ /var/lib/clamav/** krw,
+ /var/log/clamav/* krw,
+
+ /{,var/}run/clamav/clamd.ctl w,
+ /{,var/}run/clamav/clamd.pid w,
+
+ /var/spool/clamsmtp/* r,
+
+ /var/spool/qpsmtpd/* r,
+
+ /var/spool/p3scan/children/** r,
+
+ /var/spool/havp/** r,
+
+ # For amavisd-new integration
+ /var/lib/amavis/tmp/** r,
+
+ # For mimedefang integration
+ /var/spool/MIMEDefang/mdefang-*/Work/ r,
+ /var/spool/MIMEDefang/mdefang-*/Work/** r,
+
+ # For use with exim
+ /var/spool/exim4/** r,
+
+ # Allow home dir to be scanned
+ @{HOME}/ r,
+ @{HOME}/** r,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.clamd>
+}
--- /dev/null
+#Automatically Generated by clamav-daemon postinst
+#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
+#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
+LocalSocket /var/run/clamav/clamd.ctl
+FixStaleSocket true
+LocalSocketGroup clamav
+LocalSocketMode 666
+# TemporaryDirectory is not set to its default /tmp here to make overriding
+# the default with environment variables TMPDIR/TMP/TEMP possible
+User clamav
+ScanMail true
+ScanArchive true
+ArchiveBlockEncrypted false
+MaxDirectoryRecursion 15
+FollowDirectorySymlinks false
+FollowFileSymlinks false
+ReadTimeout 180
+MaxThreads 12
+MaxConnectionQueueLength 15
+LogSyslog false
+LogRotate true
+LogFacility LOG_LOCAL6
+LogClean false
+LogVerbose false
+PreludeEnable no
+PreludeAnalyzerName ClamAV
+DatabaseDirectory /var/lib/clamav
+OfficialDatabaseOnly false
+SelfCheck 3600
+Foreground false
+Debug false
+ScanPE true
+MaxEmbeddedPE 10M
+ScanOLE2 true
+ScanPDF true
+ScanHTML true
+MaxHTMLNormalize 10M
+MaxHTMLNoTags 2M
+MaxScriptNormalize 5M
+MaxZipTypeRcg 1M
+ScanSWF true
+ExitOnOOM false
+LeaveTemporaryFiles false
+AlgorithmicDetection true
+ScanELF true
+IdleTimeout 30
+CrossFilesystems true
+PhishingSignatures true
+PhishingScanURLs true
+PhishingAlwaysBlockSSLMismatch false
+PhishingAlwaysBlockCloak false
+PartitionIntersection false
+DetectPUA false
+ScanPartialMessages false
+HeuristicScanPrecedence false
+StructuredDataDetection false
+CommandReadTimeout 30
+SendBufTimeout 200
+MaxQueue 100
+ExtendedDetectionInfo true
+OLE2BlockMacros false
+AllowAllMatchScan true
+ForceToDisk false
+DisableCertCheck false
+DisableCache false
+MaxScanTime 120000
+MaxScanSize 100M
+MaxFileSize 25M
+MaxRecursion 16
+MaxFiles 10000
+MaxPartitions 50
+MaxIconsPE 100
+PCREMatchLimit 10000
+PCRERecMatchLimit 5000
+PCREMaxFileSize 25M
+ScanXMLDOCS true
+ScanHWP3 true
+MaxRecHWP3 16
+StreamMaxLength 25M
+LogFile /var/log/clamav/clamav.log
+LogTime true
+LogFileUnlock false
+LogFileMaxSize 0
+Bytecode true
+BytecodeSecurity TrustSigned
+BytecodeTimeout 60000
+OnAccessMaxFileSize 5M
--- /dev/null
+# Automatically created by the clamav-freshclam postinst
+# Comments will get lost when you reconfigure the clamav-freshclam package
+
+DatabaseOwner clamav
+UpdateLogFile /var/log/clamav/freshclam.log
+LogVerbose false
+LogSyslog false
+LogFacility LOG_LOCAL6
+LogFileMaxSize 0
+LogRotate true
+LogTime true
+Foreground false
+Debug false
+MaxAttempts 5
+DatabaseDirectory /var/lib/clamav
+DNSDatabaseInfo current.cvd.clamav.net
+ConnectTimeout 30
+ReceiveTimeout 0
+TestDatabases yes
+ScriptedUpdates yes
+CompressLocalDatabase no
+SafeBrowsing false
+Bytecode true
+NotifyClamd /etc/clamav/clamd.conf
+# Check for new database 24 times a day
+Checks 24
+DatabaseMirror db.local.clamav.net
+DatabaseMirror database.clamav.net
--- /dev/null
+#
+# SpamAssassin maintenance for amavisd-new
+#
+# m h dom mon dow user command
+18 */3 * * * amavis test -e /usr/sbin/amavisd-new-cronjob && /usr/sbin/amavisd-new-cronjob sa-sync
+24 1 * * * amavis test -e /usr/sbin/amavisd-new-cronjob && /usr/sbin/amavisd-new-cronjob sa-clean
--- /dev/null
+0 */2 * * * root /usr/bin/test -x /usr/bin/mlmmj-maintd && /usr/bin/mlmmj-maintd -F -d /var/spool/mlmmj
--- /dev/null
+# /etc/cron.d/php@PHP_VERSION@: crontab fragment for PHP
+# This purges session files in session.save_path older than X,
+# where X is defined in seconds as the largest value of
+# session.gc_maxlifetime from all your SAPI php.ini files
+# or 24 minutes if not defined. The script triggers only
+# when session.save_handler=files.
+#
+# WARNING: The scripts tries hard to honour all relevant
+# session PHP options, but if you do something unusual
+# you have to disable this script and take care of your
+# sessions yourself.
+
+# Look for and purge old sessions every 30 minutes
+09,39 * * * * root [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi
--- /dev/null
+#!/bin/bash
+
+#Check if removed-but-not-purged
+test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
+
+#execute
+/usr/sbin/logwatch --output mail
+
+#Note: It's possible to force the recipient in above command
+#Just pass --mailto address@a.com instead of --output mail
--- /dev/null
+#!/bin/sh
+
+# Duncan Findlay
+# duncf@debian.org
+
+# Daily cronjob for SpamAssassin updates. This isn't pretty but it
+# should do the job.
+
+CRON=0
+
+test -f /etc/default/spamassassin && . /etc/default/spamassassin
+
+test -x /usr/bin/sa-update || exit 0
+test -x /etc/init.d/spamassassin || exit 0
+command -v gpg > /dev/null || exit 0
+
+if [ "$CRON" = "0" ] ; then
+ exit 0
+fi
+
+# If there's a problem with the ruleset or configs, print the output
+# of spamassassin --lint (which will typically get emailed to root)
+# and abort.
+die_with_lint() {
+ env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \
+ --chuid debian-spamd:debian-spamd --start \
+ --exec /usr/bin/spamassassin -- -D --lint 2>&1
+ exit 1
+}
+
+do_compile() {
+# Compile rules if the required tools are available. Prior to version
+# 3.3.2-8, there was an additional check to verify that an sa-compile
+# run had previously been executed by hand. With sa-learn now
+# distributed in a separate, optional, package, this check is no
+# longer necessary.
+ if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile ]; then
+ env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \
+ --chuid debian-spamd:debian-spamd --start \
+ --exec /usr/bin/sa-compile -- --quiet
+
+ # Fixup perms -- group and other should be able to
+ # read and execute, but never write. Works around
+ # sa-compile's failure to obey umask.
+ runuser -u debian-spamd -- \
+ chmod -R go-w,go+rX /var/lib/spamassassin/compiled
+ fi
+}
+
+# Tell a running spamd to reload its configs and rules.
+reload() {
+ # Reload
+ if which invoke-rc.d >/dev/null 2>&1; then
+ invoke-rc.d --quiet spamassassin status > /dev/null && \
+ invoke-rc.d spamassassin reload > /dev/null
+ else
+ /etc/init.d/spamassassin reload > /dev/null
+ fi
+ if [ -d /etc/spamassassin/sa-update-hooks.d ]; then
+ run-parts --lsbsysinit /etc/spamassassin/sa-update-hooks.d
+ fi
+}
+
+# Sleep for up to 3600 seconds if not running interactively
+if [ ! -t 0 ]; then
+ RANGE=3600
+ number=`od -vAn -N2 -tu4 < /dev/urandom`
+ number=`expr $number "%" $RANGE`
+ sleep $number
+fi
+
+# Update
+umask 022
+env -i LANG="$LANG" PATH="$PATH" http_proxy="$http_proxy" \
+ start-stop-daemon --chuid debian-spamd:debian-spamd --start \
+ --exec /usr/bin/sa-update -- \
+ --gpghomedir /var/lib/spamassassin/sa-update-keys 2>&1
+
+case $? in
+ 0)
+ # got updates!
+ env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \
+ --chuid debian-spamd:debian-spamd --start \
+ --exec /usr/bin/spamassassin -- --lint 2>&1 || die_with_lint
+ do_compile
+ reload
+ ;;
+ 1)
+ # no updates
+ exit 0
+ ;;
+ 2)
+ # lint failed!
+ die_with_lint
+ ;;
+ *)
+ echo "sa-update failed for unknown reasons" 1>&2
+ ;;
+esac
+
+# Local variables:
+# mode: shell-script
+# tab-width: 4
+# indent-tabs-mode: nil
+# end:
--- /dev/null
+# there are two implementations of the subagent daemon:
+# 1) the default bdb version
+# 2) a zero mq based version
+# if you want to use this agent you need at least
+# libnet-snmp-perl installed.
+# the zeromq version also needs libzeromq-perl.
+# You also have to enable zeromq
+# in amavis: $enable_zmq = 1;
+#
+# See RELEASE_NOTES for details.
+
+AGENT_BACKEND="bdb" # use zeromq for the zeromq version
--- /dev/null
+# /etc/default/dovecot
+
+# Set to '1' to allow Dovecot daemons to produce core dumps
+#ALLOW_COREDUMPS=1
--- /dev/null
+# Note: You may want to look at the following page before setting the ULIMIT.
+# http://wiki.nginx.org/CoreModule#worker_rlimit_nofile
+# Set the ulimit variable if you need defaults to change.
+# Example: ULIMIT="-n 4096"
+#ULIMIT="-n 4096"
+
+# Define the stop schedule for nginx
+# see the start-stop-daemon --retry documentation for more information
+#
+#STOP_SCHEDULE="QUIT/5/TERM/5/KILL/5"
--- /dev/null
+# /etc/default/spamassassin
+# Duncan Findlay
+
+# WARNING: please read README.spamd before using.
+# There may be security risks.
+
+# Prior to version 3.4.2-1, spamd could be enabled by setting
+# ENABLED=1 in this file. This is no longer supported. Instead, please
+# use the update-rc.d command, invoked for example as "update-rc.d
+# spamassassin enable", to enable the spamd service.
+
+# Options
+# See man spamd for possible options. The -d option is automatically added.
+
+# SpamAssassin uses a preforking model, so be careful! You need to
+# make sure --max-children is not set to anything higher than 5,
+# unless you know what you're doing.
+
+OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
+
+# Pid file
+# Where should spamd write its PID to file? If you use the -u or
+# --username option above, this needs to be writable by that user.
+# Otherwise, the init script will not be able to shut spamd down.
+PIDFILE="/var/run/spamd.pid"
+
+# Set nice level of spamd
+#NICE="--nicelevel 15"
+
+# Cronjob
+# Set to anything but 0 to enable the cron job to automatically update
+# spamassassin's rules on a nightly basis
+CRON=0
--- /dev/null
+# Defaults for uWSGI initscript
+# sourced by /etc/init.d/uwsgi
+
+# If you don't want uWSGI to be started as a system service,
+# disable it using the command 'update-rc.d uwsgi disable'
+
+# At startup VERBOSE value is setted in 'no'. So when user invokes
+# uWSGI init.d script, no output is showed.
+# It could be unexpected behaviour, because it is common practice for
+# init.d script to ignore VERBOSE value.
+# Here VERBOSE is overriden to conform such the practice.
+VERBOSE=yes
+
+# Should init.d script print configuration file names while marking progress of
+# it's execution?
+#
+# If 'no', then init.d script prints one-character symbols instead file names.
+#
+# Printing confnames is quite informative, but could mess terminal output or
+# be somewhat dangerous (as filename could contain arbitary characters).
+# ASCII control characters in file names are replaced with '?' in init.d script
+# output, nevertheless you were warned.
+PRINT_CONFNAMES_IN_INITD_SCRIPT_OUTPUT=no
+
+# init.d script starts instance of uWSGI daemon for each found user-created
+# configuration file.
+#
+# Options from inherited configuration file are passed to each instance by
+# default. They could be overrided (or extended) by user configuration file.
+INHERITED_CONFIG=/usr/share/uwsgi/conf/default.ini
--- /dev/null
+##
+## Authentication processes
+##
+
+# Disable LOGIN command and all other plaintext authentications unless
+# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
+# matches the local IP (ie. you're connecting from the same computer), the
+# connection is considered secure and plaintext authentication is allowed.
+# See also ssl=required setting.
+#disable_plaintext_auth = yes
+
+# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
+# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
+#auth_cache_size = 0
+# Time to live for cached data. After TTL expires the cached record is no
+# longer used, *except* if the main database lookup returns internal failure.
+# We also try to handle password changes automatically: If user's previous
+# authentication was successful, but this one wasn't, the cache isn't used.
+# For now this works only with plaintext authentication.
+#auth_cache_ttl = 1 hour
+# TTL for negative hits (user not found, password mismatch).
+# 0 disables caching them completely.
+#auth_cache_negative_ttl = 1 hour
+
+# Space separated list of realms for SASL authentication mechanisms that need
+# them. You can leave it empty if you don't want to support multiple realms.
+# Many clients simply use the first one listed here, so keep the default realm
+# first.
+#auth_realms =
+
+# Default realm/domain to use if none was specified. This is used for both
+# SASL realms and appending @domain to username in plaintext logins.
+#auth_default_realm =
+
+# List of allowed characters in username. If the user-given username contains
+# a character not listed in here, the login automatically fails. This is just
+# an extra check to make sure user can't exploit any potential quote escaping
+# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
+# set this value to empty.
+#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+
+# Username character translations before it's looked up from databases. The
+# value contains series of from -> to characters. For example "#@/@" means
+# that '#' and '/' characters are translated to '@'.
+#auth_username_translation =
+
+# Username formatting before it's looked up from databases. You can use
+# the standard variables here, eg. %Lu would lowercase the username, %n would
+# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
+# "-AT-". This translation is done after auth_username_translation changes.
+#auth_username_format = %Lu
+
+# If you want to allow master users to log in by specifying the master
+# username within the normal username string (ie. not using SASL mechanism's
+# support for it), you can specify the separator character here. The format
+# is then <username><separator><master username>. UW-IMAP uses "*" as the
+# separator, so that could be a good choice.
+#auth_master_user_separator =
+
+# Username to use for users logging in with ANONYMOUS SASL mechanism
+#auth_anonymous_username = anonymous
+
+# Maximum number of dovecot-auth worker processes. They're used to execute
+# blocking passdb and userdb queries (eg. MySQL and PAM). They're
+# automatically created and destroyed as needed.
+#auth_worker_max_count = 30
+
+# Host name to use in GSSAPI principal names. The default is to use the
+# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
+# entries.
+#auth_gssapi_hostname =
+
+# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
+# default (usually /etc/krb5.keytab) if not specified. You may need to change
+# the auth service to run as root to be able to read this file.
+#auth_krb5_keytab =
+
+# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
+# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
+#auth_use_winbind = no
+
+# Path for Samba's ntlm_auth helper binary.
+#auth_winbind_helper_path = /usr/bin/ntlm_auth
+
+# Time to delay before replying to failed authentications.
+#auth_failure_delay = 2 secs
+
+# Require a valid SSL client certificate or the authentication fails.
+#auth_ssl_require_client_cert = no
+
+# Take the username from client's SSL certificate, using
+# X509_NAME_get_text_by_NID() which returns the subject's DN's
+# CommonName.
+#auth_ssl_username_from_cert = no
+
+# Space separated list of wanted authentication mechanisms:
+# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
+# gss-spnego
+# NOTE: See also disable_plaintext_auth setting.
+auth_mechanisms = plain
+
+##
+## Password and user databases
+##
+
+#
+# Password database is used to verify user's password (and nothing more).
+# You can have multiple passdbs and userdbs. This is useful if you want to
+# allow both system users (/etc/passwd) and virtual users to login without
+# duplicating the system users into virtual database.
+#
+# <doc/wiki/PasswordDatabase.txt>
+#
+# User database specifies where mails are located and what user/group IDs
+# own them. For single-UID configuration use "static" userdb.
+#
+# <doc/wiki/UserDatabase.txt>
+
+#!include auth-deny.conf.ext
+#!include auth-master.conf.ext
+
+!include auth-system.conf.ext
+#!include auth-sql.conf.ext
+#!include auth-ldap.conf.ext
+#!include auth-passwdfile.conf.ext
+#!include auth-checkpassword.conf.ext
+#!include auth-vpopmail.conf.ext
+#!include auth-static.conf.ext
--- /dev/null
+##
+## Director-specific settings.
+##
+
+# Director can be used by Dovecot proxy to keep a temporary user -> mail server
+# mapping. As long as user has simultaneous connections, the user is always
+# redirected to the same server. Each proxy server is running its own director
+# process, and the directors are communicating the state to each others.
+# Directors are mainly useful with NFS-like setups.
+
+# List of IPs or hostnames to all director servers, including ourself.
+# Ports can be specified as ip:port. The default port is the same as
+# what director service's inet_listener is using.
+#director_servers =
+
+# List of IPs or hostnames to all backend mail servers. Ranges are allowed
+# too, like 10.0.0.10-10.0.0.30.
+#director_mail_servers =
+
+# How long to redirect users to a specific server after it no longer has
+# any connections.
+#director_user_expire = 15 min
+
+# How the username is translated before being hashed. Useful values include
+# %Ln if user can log in with or without @domain, %Ld if mailboxes are shared
+# within domain.
+#director_username_hash = %Lu
+
+# To enable director service, uncomment the modes and assign a port.
+service director {
+ unix_listener login/director {
+ #mode = 0666
+ }
+ fifo_listener login/proxy-notify {
+ #mode = 0666
+ }
+ unix_listener director-userdb {
+ #mode = 0600
+ }
+ inet_listener {
+ #port =
+ }
+}
+
+# Enable director for the wanted login services by telling them to
+# connect to director socket instead of the default login socket:
+service imap-login {
+ #executable = imap-login director
+}
+service pop3-login {
+ #executable = pop3-login director
+}
+service submission-login {
+ #executable = submission-login director
+}
+
+# Enable director for LMTP proxying:
+protocol lmtp {
+ #auth_socket_path = director-userdb
+}
--- /dev/null
+##
+## Log destination.
+##
+
+# Log file to use for error messages. "syslog" logs to syslog,
+# /dev/stderr logs to stderr.
+#log_path = syslog
+
+# Log file to use for informational messages. Defaults to log_path.
+#info_log_path =
+# Log file to use for debug messages. Defaults to info_log_path.
+#debug_log_path =
+
+# Syslog facility to use if you're logging to syslog. Usually if you don't
+# want to use "mail", you'll use local0..local7. Also other standard
+# facilities are supported.
+#syslog_facility = mail
+
+##
+## Logging verbosity and debugging.
+##
+
+# Log filter is a space-separated list conditions. If any of the conditions
+# match, the log filter matches (i.e. they're ORed together). Parenthesis
+# are supported if multiple conditions need to be matched together.
+# Supported conditions are:
+# event:<name wildcard> - Match event name. '*' and '?' wildcards supported.
+# source:<filename>[:<line number>] - Match source code filename [and line]
+# field:<key>=<value wildcard> - Match field key to a value. Can be specified
+# multiple times to match multiple keys.
+# cat[egory]:<value> - Match a category. Can be specified multiple times to
+# match multiple categories.
+# For example: event:http_request_* (cat:error cat:storage)
+
+# Filter to specify what debug logging to enable. This will eventually replace
+# mail_debug and auth_debug settings.
+#log_debug =
+
+# Crash after logging a matching event. For example category:error will crash
+# any time an error is logged, which can be useful for debugging.
+#log_core_filter =
+
+# Log unsuccessful authentication attempts and the reasons why they failed.
+#auth_verbose = no
+
+# In case of password mismatches, log the attempted password. Valid values are
+# no, plain and sha1. sha1 can be useful for detecting brute force password
+# attempts vs. user simply trying the same password over and over again.
+# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
+#auth_verbose_passwords = no
+
+# Even more verbose logging for debugging purposes. Shows for example SQL
+# queries.
+#auth_debug = no
+
+# In case of password mismatches, log the passwords and used scheme so the
+# problem can be debugged. Enabling this also enables auth_debug.
+#auth_debug_passwords = no
+
+# Enable mail process debugging. This can help you figure out why Dovecot
+# isn't finding your mails.
+#mail_debug = no
+
+# Show protocol level SSL errors.
+#verbose_ssl = no
+
+# mail_log plugin provides more event logging for mail processes.
+plugin {
+ # Events to log. Also available: flag_change append
+ #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
+ # Available fields: uid, box, msgid, from, subject, size, vsize, flags
+ # size and vsize are available only for expunge and copy events.
+ #mail_log_fields = uid box msgid size
+}
+
+##
+## Log formatting.
+##
+
+# Prefix for each line written to log file. % codes are in strftime(3)
+# format.
+#log_timestamp = "%b %d %H:%M:%S "
+
+# Space-separated list of elements we want to log. The elements which have
+# a non-empty variable value are joined together to form a comma-separated
+# string.
+#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
+
+# Login log format. %s contains login_log_format_elements string, %$ contains
+# the data we want to log.
+#login_log_format = %$: %s
+
+# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
+# possible variables you can use.
+#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
+
+# Format to use for logging mail deliveries:
+# %$ - Delivery status message (e.g. "saved to INBOX")
+# %m / %{msgid} - Message-ID
+# %s / %{subject} - Subject
+# %f / %{from} - From address
+# %p / %{size} - Physical size
+# %w / %{vsize} - Virtual size
+# %e / %{from_envelope} - MAIL FROM envelope
+# %{to_envelope} - RCPT TO envelope
+# %{delivery_time} - How many milliseconds it took to deliver the mail
+# %{session_time} - How long LMTP session took, not including delivery_time
+# %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
+#deliver_log_format = msgid=%m: %$
--- /dev/null
+##
+## Mailbox locations and namespaces
+##
+
+# Location for users' mailboxes. The default is empty, which means that Dovecot
+# tries to find the mailboxes automatically. This won't work if the user
+# doesn't yet have any mail, so you should explicitly tell Dovecot the full
+# location.
+#
+# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
+# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
+# kept. This is called the "root mail directory", and it must be the first
+# path given in the mail_location setting.
+#
+# There are a few special variables you can use, eg.:
+#
+# %u - username
+# %n - user part in user@domain, same as %u if there's no domain
+# %d - domain part in user@domain, empty if there's no domain
+# %h - home directory
+#
+# See doc/wiki/Variables.txt for full list. Some examples:
+#
+# mail_location = maildir:~/Maildir
+# mail_location = mbox:~/mail:INBOX=/var/mail/%u
+# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
+#
+# <doc/wiki/MailLocation.txt>
+#
+mail_location = mbox:~/mail:INBOX=/var/mail/%u
+
+# If you need to set multiple mailbox locations or want to change default
+# namespace settings, you can do it by defining namespace sections.
+#
+# You can have private, shared and public namespaces. Private namespaces
+# are for user's personal mails. Shared namespaces are for accessing other
+# users' mailboxes that have been shared. Public namespaces are for shared
+# mailboxes that are managed by sysadmin. If you create any shared or public
+# namespaces you'll typically want to enable ACL plugin also, otherwise all
+# users can access all the shared mailboxes, assuming they have permissions
+# on filesystem level to do so.
+namespace inbox {
+ # Namespace type: private, shared or public
+ #type = private
+
+ # Hierarchy separator to use. You should use the same separator for all
+ # namespaces or some clients get confused. '/' is usually a good one.
+ # The default however depends on the underlying mail storage format.
+ #separator =
+
+ # Prefix required to access this namespace. This needs to be different for
+ # all namespaces. For example "Public/".
+ #prefix =
+
+ # Physical location of the mailbox. This is in same format as
+ # mail_location, which is also the default for it.
+ #location =
+
+ # There can be only one INBOX, and this setting defines which namespace
+ # has it.
+ inbox = yes
+
+ # If namespace is hidden, it's not advertised to clients via NAMESPACE
+ # extension. You'll most likely also want to set list=no. This is mostly
+ # useful when converting from another server with different namespaces which
+ # you want to deprecate but still keep working. For example you can create
+ # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
+ #hidden = no
+
+ # Show the mailboxes under this namespace with LIST command. This makes the
+ # namespace visible for clients that don't support NAMESPACE extension.
+ # "children" value lists child mailboxes, but hides the namespace prefix.
+ #list = yes
+
+ # Namespace handles its own subscriptions. If set to "no", the parent
+ # namespace handles them (empty prefix should always have this as "yes")
+ #subscriptions = yes
+
+ # See 15-mailboxes.conf for definitions of special mailboxes.
+}
+
+# Example shared namespace configuration
+#namespace {
+ #type = shared
+ #separator = /
+
+ # Mailboxes are visible under "shared/user@domain/"
+ # %%n, %%d and %%u are expanded to the destination user.
+ #prefix = shared/%%u/
+
+ # Mail location for other users' mailboxes. Note that %variables and ~/
+ # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
+ # destination user's data.
+ #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
+
+ # Use the default namespace for saving subscriptions.
+ #subscriptions = no
+
+ # List the shared/ namespace only if there are visible shared mailboxes.
+ #list = children
+#}
+# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
+#mail_shared_explicit_inbox = no
+
+# System user and group used to access mails. If you use multiple, userdb
+# can override these by returning uid or gid fields. You can use either numbers
+# or names. <doc/wiki/UserIds.txt>
+#mail_uid =
+#mail_gid =
+
+# Group to enable temporarily for privileged operations. Currently this is
+# used only with INBOX when either its initial creation or dotlocking fails.
+# Typically this is set to "mail" to give access to /var/mail.
+mail_privileged_group = mail
+
+# Grant access to these supplementary groups for mail processes. Typically
+# these are used to set up access to shared mailboxes. Note that it may be
+# dangerous to set these if users can create symlinks (e.g. if "mail" group is
+# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
+# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
+#mail_access_groups =
+
+# Allow full filesystem access to clients. There's no access checks other than
+# what the operating system does for the active UID/GID. It works with both
+# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
+# or ~user/.
+#mail_full_filesystem_access = no
+
+# Dictionary for key=value mailbox attributes. This is used for example by
+# URLAUTH and METADATA extensions.
+#mail_attribute_dict =
+
+# A comment or note that is associated with the server. This value is
+# accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/comment".
+#mail_server_comment = ""
+
+# Indicates a method for contacting the server administrator. According to
+# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
+# is currently not enforced. Use for example mailto:admin@example.com. This
+# value is accessible for authenticated users through the IMAP METADATA server
+# entry "/shared/admin".
+#mail_server_admin =
+
+##
+## Mail processes
+##
+
+# Don't use mmap() at all. This is required if you store indexes to shared
+# filesystems (NFS or clustered filesystem).
+#mmap_disable = no
+
+# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
+# since version 3, so this should be safe to use nowadays by default.
+#dotlock_use_excl = yes
+
+# When to use fsync() or fdatasync() calls:
+# optimized (default): Whenever necessary to avoid losing important data
+# always: Useful with e.g. NFS when write()s are delayed
+# never: Never use it (best performance, but crashes can lose data)
+#mail_fsync = optimized
+
+# Locking method for index files. Alternatives are fcntl, flock and dotlock.
+# Dotlocking uses some tricks which may create more disk I/O than other locking
+# methods. NFS users: flock doesn't work, remember to change mmap_disable.
+#lock_method = fcntl
+
+# Directory where mails can be temporarily stored. Usually it's used only for
+# mails larger than >= 128 kB. It's used by various parts of Dovecot, for
+# example LDA/LMTP while delivering large mails or zlib plugin for keeping
+# uncompressed mails.
+#mail_temp_dir = /tmp
+
+# Valid UID range for users, defaults to 500 and above. This is mostly
+# to make sure that users can't log in as daemons or other system users.
+# Note that denying root logins is hardcoded to dovecot binary and can't
+# be done even if first_valid_uid is set to 0.
+#first_valid_uid = 500
+#last_valid_uid = 0
+
+# Valid GID range for users, defaults to non-root/wheel. Users having
+# non-valid GID as primary group ID aren't allowed to log in. If user
+# belongs to supplementary groups with non-valid GIDs, those groups are
+# not set.
+#first_valid_gid = 1
+#last_valid_gid = 0
+
+# Maximum allowed length for mail keyword name. It's only forced when trying
+# to create new keywords.
+#mail_max_keyword_length = 50
+
+# ':' separated list of directories under which chrooting is allowed for mail
+# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
+# This setting doesn't affect login_chroot, mail_chroot or auth chroot
+# settings. If this setting is empty, "/./" in home dirs are ignored.
+# WARNING: Never add directories here which local users can modify, that
+# may lead to root exploit. Usually this should be done only if you don't
+# allow shell access for users. <doc/wiki/Chrooting.txt>
+#valid_chroot_dirs =
+
+# Default chroot directory for mail processes. This can be overridden for
+# specific users in user database by giving /./ in user's home directory
+# (eg. /home/./user chroots into /home). Note that usually there is no real
+# need to do chrooting, Dovecot doesn't allow users to access files outside
+# their mail directory anyway. If your home directories are prefixed with
+# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
+#mail_chroot =
+
+# UNIX socket path to master authentication server to find users.
+# This is used by imap (for shared users) and lda.
+#auth_socket_path = /var/run/dovecot/auth-userdb
+
+# Directory where to look up mail plugins.
+#mail_plugin_dir = /usr/lib/dovecot/modules
+
+# Space separated list of plugins to load for all services. Plugins specific to
+# IMAP, LDA, etc. are added to this list in their own .conf files.
+#mail_plugins =
+
+##
+## Mailbox handling optimizations
+##
+
+# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
+# also required for IMAP NOTIFY extension to be enabled.
+#mailbox_list_index = yes
+
+# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
+# of potentially returning out-of-date results after e.g. server crashes.
+# The results will be automatically fixed once the folders are opened.
+#mailbox_list_index_very_dirty_syncs = yes
+
+# Should INBOX be kept up-to-date in the mailbox list index? By default it's
+# not, because most of the mailbox accesses will open INBOX anyway.
+#mailbox_list_index_include_inbox = no
+
+# The minimum number of mails in a mailbox before updates are done to cache
+# file. This allows optimizing Dovecot's behavior to do less disk writes at
+# the cost of more disk reads.
+#mail_cache_min_mail_count = 0
+
+# When IDLE command is running, mailbox is checked once in a while to see if
+# there are any new mails or other changes. This setting defines the minimum
+# time to wait between those checks. Dovecot can also use inotify and
+# kqueue to find out immediately when changes occur.
+#mailbox_idle_check_interval = 30 secs
+
+# Save mails with CR+LF instead of plain LF. This makes sending those mails
+# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
+# But it also creates a bit more disk I/O which may just make it slower.
+# Also note that if other software reads the mboxes/maildirs, they may handle
+# the extra CRs wrong and cause problems.
+#mail_save_crlf = no
+
+# Max number of mails to keep open and prefetch to memory. This only works with
+# some mailbox formats and/or operating systems.
+#mail_prefetch_count = 0
+
+# How often to scan for stale temporary files and delete them (0 = never).
+# These should exist only after Dovecot dies in the middle of saving mails.
+#mail_temp_scan_interval = 1w
+
+# How many slow mail accesses sorting can perform before it returns failure.
+# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
+# The untagged SORT reply is still returned, but it's likely not correct.
+#mail_sort_max_read_count = 0
+
+protocol !indexer-worker {
+ # If folder vsize calculation requires opening more than this many mails from
+ # disk (i.e. mail sizes aren't in cache already), return failure and finish
+ # the calculation via indexer process. Disabled by default. This setting must
+ # be 0 for indexer-worker processes.
+ #mail_vsize_bg_after_count = 0
+}
+
+##
+## Maildir-specific settings
+##
+
+# By default LIST command returns all entries in maildir beginning with a dot.
+# Enabling this option makes Dovecot return only entries which are directories.
+# This is done by stat()ing each entry, so it causes more disk I/O.
+# (For systems setting struct dirent->d_type, this check is free and it's
+# done always regardless of this setting)
+#maildir_stat_dirs = no
+
+# When copying a message, do it with hard links whenever possible. This makes
+# the performance much better, and it's unlikely to have any side effects.
+#maildir_copy_with_hardlinks = yes
+
+# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
+# when its mtime changes unexpectedly or when we can't find the mail otherwise.
+#maildir_very_dirty_syncs = no
+
+# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
+# getting the mail's physical size, except when recalculating Maildir++ quota.
+# This can be useful in systems where a lot of the Maildir filenames have a
+# broken size. The performance hit for enabling this is very small.
+#maildir_broken_filename_sizes = no
+
+# Always move mails from new/ directory to cur/, even when the \Recent flags
+# aren't being reset.
+#maildir_empty_new = no
+
+##
+## mbox-specific settings
+##
+
+# Which locking methods to use for locking mbox. There are four available:
+# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
+# solution. If you want to use /var/mail/ like directory, the users
+# will need write access to that directory.
+# dotlock_try: Same as dotlock, but if it fails because of permissions or
+# because there isn't enough disk space, just skip it.
+# fcntl : Use this if possible. Works with NFS too if lockd is used.
+# flock : May not exist in all systems. Doesn't work with NFS.
+# lockf : May not exist in all systems. Doesn't work with NFS.
+#
+# You can use multiple locking methods; if you do the order they're declared
+# in is important to avoid deadlocks if other MTAs/MUAs are using multiple
+# locking methods as well. Some operating systems don't allow using some of
+# them simultaneously.
+#
+# The Debian value for mbox_write_locks differs from upstream Dovecot. It is
+# changed to be compliant with Debian Policy (section 11.6) for NFS safety.
+# Dovecot: mbox_write_locks = dotlock fcntl
+# Debian: mbox_write_locks = fcntl dotlock
+#
+#mbox_read_locks = fcntl
+#mbox_write_locks = fcntl dotlock
+
+# Maximum time to wait for lock (all of them) before aborting.
+#mbox_lock_timeout = 5 mins
+
+# If dotlock exists but the mailbox isn't modified in any way, override the
+# lock file after this much time.
+#mbox_dotlock_change_timeout = 2 mins
+
+# When mbox changes unexpectedly we have to fully read it to find out what
+# changed. If the mbox is large this can take a long time. Since the change
+# is usually just a newly appended mail, it'd be faster to simply read the
+# new mails. If this setting is enabled, Dovecot does this but still safely
+# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
+# how it's expected to be. The only real downside to this setting is that if
+# some other MUA changes message flags, Dovecot doesn't notice it immediately.
+# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
+# commands.
+#mbox_dirty_syncs = yes
+
+# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
+# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
+#mbox_very_dirty_syncs = no
+
+# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
+# commands and when closing the mailbox). This is especially useful for POP3
+# where clients often delete all mails. The downside is that our changes
+# aren't immediately visible to other MUAs.
+#mbox_lazy_writes = yes
+
+# If mbox size is smaller than this (e.g. 100k), don't write index files.
+# If an index file already exists it's still read, just not updated.
+#mbox_min_index_size = 0
+
+# Mail header selection algorithm to use for MD5 POP3 UIDLs when
+# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired
+# algorithm, but it fails if the first Received: header isn't unique in all
+# mails. An alternative algorithm is "all" that selects all headers.
+#mbox_md5 = apop3d
+
+##
+## mdbox-specific settings
+##
+
+# Maximum dbox file size until it's rotated.
+#mdbox_rotate_size = 10M
+
+# Maximum dbox file age until it's rotated. Typically in days. Day begins
+# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
+#mdbox_rotate_interval = 0
+
+# When creating new mdbox files, immediately preallocate their size to
+# mdbox_rotate_size. This setting currently works only in Linux with some
+# filesystems (ext4, xfs).
+#mdbox_preallocate_space = no
+
+##
+## Mail attachments
+##
+
+# sdbox and mdbox support saving mail attachments to external files, which
+# also allows single instance storage for them. Other backends don't support
+# this for now.
+
+# Directory root where to store mail attachments. Disabled, if empty.
+#mail_attachment_dir =
+
+# Attachments smaller than this aren't saved externally. It's also possible to
+# write a plugin to disable saving specific attachments externally.
+#mail_attachment_min_size = 128k
+
+# Filesystem backend to use for saving attachments:
+# posix : No SiS done by Dovecot (but this might help FS's own deduplication)
+# sis posix : SiS with immediate byte-by-byte comparison during saving
+# sis-queue posix : SiS with delayed comparison and deduplication
+#mail_attachment_fs = sis posix
+
+# Hash format to use in attachment filenames. You can add any text and
+# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
+# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
+#mail_attachment_hash = %{sha1}
+
+# Settings to control adding $HasAttachment or $HasNoAttachment keywords.
+# By default, all MIME parts with Content-Disposition=attachment, or inlines
+# with filename parameter are consired attachments.
+# add-flags-on-save - Add the keywords when saving new mails.
+# content-type=type or !type - Include/exclude content type. Excluding will
+# never consider the matched MIME part as attachment. Including will only
+# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar).
+# exclude-inlined - Exclude any Content-Disposition=inline MIME part.
+#mail_attachment_detection_options =
--- /dev/null
+#default_process_limit = 100
+#default_client_limit = 1000
+
+# Default VSZ (virtual memory size) limit for service processes. This is mainly
+# intended to catch and kill processes that leak memory before they eat up
+# everything.
+#default_vsz_limit = 256M
+
+# Login user is internally used by login processes. This is the most untrusted
+# user in Dovecot system. It shouldn't have access to anything at all.
+#default_login_user = dovenull
+
+# Internal user is used by unprivileged processes. It should be separate from
+# login user, so that login processes can't disturb other processes.
+#default_internal_user = dovecot
+
+service imap-login {
+ inet_listener imap {
+ #port = 143
+ }
+ inet_listener imaps {
+ #port = 993
+ #ssl = yes
+ }
+
+ # Number of connections to handle before starting a new process. Typically
+ # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+ # is faster. <doc/wiki/LoginProcess.txt>
+ #service_count = 1
+
+ # Number of processes to always keep waiting for more connections.
+ #process_min_avail = 0
+
+ # If you set service_count=0, you probably need to grow this.
+ #vsz_limit = $default_vsz_limit
+}
+
+service pop3-login {
+ inet_listener pop3 {
+ #port = 110
+ }
+ inet_listener pop3s {
+ #port = 995
+ #ssl = yes
+ }
+}
+
+service submission-login {
+ inet_listener submission {
+ #port = 587
+ }
+}
+
+service lmtp {
+ unix_listener lmtp {
+ #mode = 0666
+ }
+
+ # Create inet listener only if you can't use the above UNIX socket
+ #inet_listener lmtp {
+ # Avoid making LMTP visible for the entire internet
+ #address =
+ #port =
+ #}
+}
+
+service imap {
+ # Most of the memory goes to mmap()ing files. You may need to increase this
+ # limit if you have huge mailboxes.
+ #vsz_limit = $default_vsz_limit
+
+ # Max. number of IMAP processes (connections)
+ #process_limit = 1024
+}
+
+service pop3 {
+ # Max. number of POP3 processes (connections)
+ #process_limit = 1024
+}
+
+service submission {
+ # Max. number of SMTP Submission processes (connections)
+ #process_limit = 1024
+}
+
+service auth {
+ # auth_socket_path points to this userdb socket by default. It's typically
+ # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
+ # full permissions to this socket are able to get a list of all usernames and
+ # get the results of everyone's userdb lookups.
+ #
+ # The default 0666 mode allows anyone to connect to the socket, but the
+ # userdb lookups will succeed only if the userdb returns an "uid" field that
+ # matches the caller process's UID. Also if caller's uid or gid matches the
+ # socket's uid or gid the lookup succeeds. Anything else causes a failure.
+ #
+ # To give the caller full permissions to lookup all users, set the mode to
+ # something else than 0666 and Dovecot lets the kernel enforce the
+ # permissions (e.g. 0777 allows everyone full permissions).
+ unix_listener auth-userdb {
+ #mode = 0666
+ #user =
+ #group =
+ }
+
+ # Postfix smtp-auth
+ #unix_listener /var/spool/postfix/private/auth {
+ # mode = 0666
+ #}
+
+ # Auth process is run as this user.
+ #user = $default_internal_user
+}
+
+service auth-worker {
+ # Auth worker process is run as root by default, so that it can access
+ # /etc/shadow. If this isn't necessary, the user should be changed to
+ # $default_internal_user.
+ #user = root
+}
+
+service dict {
+ # If dict proxy is used, mail processes should have access to its socket.
+ # For example: mode=0660, group=vmail and global mail_access_groups=vmail
+ unix_listener dict {
+ #mode = 0600
+ #user =
+ #group =
+ }
+}
--- /dev/null
+##
+## SSL settings
+##
+
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+ssl = yes
+
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+# dropping root privileges, so keep the key file unreadable by anyone but
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.key
+
+# If key file is password protected, give the password here. Alternatively
+# give it when starting dovecot with -p parameter. Since this file is often
+# world-readable, you may want to place this setting instead to a different
+# root owned 0600 file by using ssl_key_password = <path.
+#ssl_key_password =
+
+# PEM encoded trusted certificate authority. Set this only if you intend to use
+# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
+# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
+#ssl_ca =
+
+# Require that CRL check succeeds for client certificates.
+#ssl_require_crl = yes
+
+# Directory and/or file for trusted SSL CA certificates. These are used only
+# when Dovecot needs to act as an SSL client (e.g. imapc backend or
+# submission service). The directory is usually /etc/ssl/certs in
+# Debian-based systems and the file is /etc/pki/tls/cert.pem in
+# RedHat-based systems.
+ssl_client_ca_dir = /etc/ssl/certs
+#ssl_client_ca_file =
+
+# Request client to send a certificate. If you also want to require it, set
+# auth_ssl_require_client_cert=yes in auth section.
+#ssl_verify_client_cert = no
+
+# Which field from certificate to use for username. commonName and
+# x500UniqueIdentifier are the usual choices. You'll also need to set
+# auth_ssl_username_from_cert=yes.
+#ssl_cert_username_field = commonName
+
+# SSL DH parameters
+# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
+# Or migrate from old ssl-parameters.dat file with the command dovecot
+# gives on startup when ssl_dh is unset.
+ssl_dh = </usr/share/dovecot/dh.pem
+
+# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
+# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
+#ssl_min_protocol = TLSv1
+
+# SSL ciphers to use, the default is:
+#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+# To disable non-EC DH, use:
+#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+
+# Colon separated list of elliptic curves to use. Empty value (the default)
+# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
+# example of a valid value.
+#ssl_curve_list =
+
+# Prefer the server's order of ciphers over client's.
+#ssl_prefer_server_ciphers = no
+
+# SSL crypto device to use, for valid values run "openssl engine"
+#ssl_crypto_device =
+
+# SSL extra options. Currently supported options are:
+# compression - Enable compression.
+# no_ticket - Disable SSL session tickets.
+#ssl_options =
--- /dev/null
+# 10-tcpwrapper.conf
+#
+# service name for hosts.{allow|deny} are those defined as
+# inet_listener in master.conf
+#
+#login_access_sockets = tcpwrap
+#
+#service tcpwrap {
+# unix_listener login/tcpwrap {
+# group = $default_login_user
+# mode = 0600
+# user = $default_login_user
+# }
+#}
--- /dev/null
+##
+## LDA specific settings (also used by LMTP)
+##
+
+# Address to use when sending rejection mails.
+# Default is postmaster@%d. %d expands to recipient domain.
+#postmaster_address =
+
+# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
+# in LMTP replies. Default is the system's real hostname@domain.
+#hostname =
+
+# If user is over quota, return with temporary failure instead of
+# bouncing the mail.
+#quota_full_tempfail = no
+
+# Binary to use for sending mails.
+#sendmail_path = /usr/sbin/sendmail
+
+# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
+#submission_host =
+
+# Subject: header to use for rejection mails. You can use the same variables
+# as for rejection_reason below.
+#rejection_subject = Rejected: %s
+
+# Human readable error message for rejection mails. You can use variables:
+# %n = CRLF, %r = reason, %s = original subject, %t = recipient
+#rejection_reason = Your message to <%t> was automatically rejected:%n%r
+
+# Delimiter character between local-part and detail in email address.
+#recipient_delimiter = +
+
+# Header where the original recipient address (SMTP's RCPT TO: address) is taken
+# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
+# A commonly used header for this is X-Original-To.
+#lda_original_recipient_header =
+
+# Should saving a mail to a nonexistent mailbox automatically create it?
+#lda_mailbox_autocreate = no
+
+# Should automatically created mailboxes be also automatically subscribed?
+#lda_mailbox_autosubscribe = no
+
+protocol lda {
+ # Space separated list of plugins to load (default is global mail_plugins).
+ #mail_plugins = $mail_plugins
+}
--- /dev/null
+##
+## Mailbox definitions
+##
+
+# Each mailbox is specified in a separate mailbox section. The section name
+# specifies the mailbox name. If it has spaces, you can put the name
+# "in quotes". These sections can contain the following mailbox settings:
+#
+# auto:
+# Indicates whether the mailbox with this name is automatically created
+# implicitly when it is first accessed. The user can also be automatically
+# subscribed to the mailbox after creation. The following values are
+# defined for this setting:
+#
+# no - Never created automatically.
+# create - Automatically created, but no automatic subscription.
+# subscribe - Automatically created and subscribed.
+#
+# special_use:
+# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
+# mailbox. There are no validity checks, so you could specify anything
+# you want in here, but it's not a good idea to use flags other than the
+# standard ones specified in the RFC:
+#
+# \All - This (virtual) mailbox presents all messages in the
+# user's message store.
+# \Archive - This mailbox is used to archive messages.
+# \Drafts - This mailbox is used to hold draft messages.
+# \Flagged - This (virtual) mailbox presents all messages in the
+# user's message store marked with the IMAP \Flagged flag.
+# \Junk - This mailbox is where messages deemed to be junk mail
+# are held.
+# \Sent - This mailbox is used to hold copies of messages that
+# have been sent.
+# \Trash - This mailbox is used to hold messages that have been
+# deleted.
+#
+# comment:
+# Defines a default comment or note associated with the mailbox. This
+# value is accessible through the IMAP METADATA mailbox entries
+# "/shared/comment" and "/private/comment". Users with sufficient
+# privileges can override the default value for entries with a custom
+# value.
+
+# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
+namespace inbox {
+ # These mailboxes are widely used and could perhaps be created automatically:
+ mailbox Drafts {
+ special_use = \Drafts
+ }
+ mailbox Junk {
+ special_use = \Junk
+ }
+ mailbox Trash {
+ special_use = \Trash
+ }
+
+ # For \Sent mailboxes there are two widely used names. We'll mark both of
+ # them as \Sent. User typically deletes one of them if duplicates are created.
+ mailbox Sent {
+ special_use = \Sent
+ }
+ mailbox "Sent Messages" {
+ special_use = \Sent
+ }
+
+ # If you have a virtual "All messages" mailbox:
+ #mailbox virtual/All {
+ # special_use = \All
+ # comment = All my messages
+ #}
+
+ # If you have a virtual "Flagged" mailbox:
+ #mailbox virtual/Flagged {
+ # special_use = \Flagged
+ # comment = All my flagged messages
+ #}
+}
--- /dev/null
+##
+## IMAP specific settings
+##
+
+# If nothing happens for this long while client is IDLEing, move the connection
+# to imap-hibernate process and close the old imap process. This saves memory,
+# because connections use very little memory in imap-hibernate process. The
+# downside is that recreating the imap process back uses some resources.
+#imap_hibernate_timeout = 0
+
+# Maximum IMAP command line length. Some clients generate very long command
+# lines with huge mailboxes, so you may need to raise this if you get
+# "Too long argument" or "IMAP command line too large" errors often.
+#imap_max_line_length = 64k
+
+# IMAP logout format string:
+# %i - total number of bytes read from client
+# %o - total number of bytes sent to client
+# %{fetch_hdr_count} - Number of mails with mail header data sent to client
+# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
+# %{fetch_body_count} - Number of mails with mail body data sent to client
+# %{fetch_body_bytes} - Number of bytes with mail body data sent to client
+# %{deleted} - Number of mails where client added \Deleted flag
+# %{expunged} - Number of mails that client expunged, which does not
+# include automatically expunged mails
+# %{autoexpunged} - Number of mails that were automatically expunged after
+# client disconnected
+# %{trashed} - Number of mails that client copied/moved to the
+# special_use=\Trash mailbox.
+# %{appended} - Number of mails saved during the session
+#imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} \
+# trashed=%{trashed} hdr_count=%{fetch_hdr_count} \
+# hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} \
+# body_bytes=%{fetch_body_bytes}
+
+# Override the IMAP CAPABILITY response. If the value begins with '+',
+# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+#imap_capability =
+
+# How long to wait between "OK Still here" notifications when client is
+# IDLEing.
+#imap_idle_notify_interval = 2 mins
+
+# ID field names and values to send to clients. Using * as the value makes
+# Dovecot use the default value. The following fields have default values
+# currently: name, version, os, os-version, support-url, support-email.
+#imap_id_send =
+
+# ID fields sent by client to log. * means everything.
+#imap_id_log =
+
+# Workarounds for various client bugs:
+# delay-newmail:
+# Send EXISTS/RECENT new mail notifications only when replying to NOOP
+# and CHECK commands. Some clients ignore them otherwise, for example OSX
+# Mail (<v2.1). Outlook Express breaks more badly though, without this it
+# may show user "Message no longer in server" errors. Note that OE6 still
+# breaks even with this workaround if synchronization is set to
+# "Headers Only".
+# tb-extra-mailbox-sep:
+# Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+# adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+# ignore the extra '/' instead of treating it as invalid mailbox name.
+# tb-lsub-flags:
+# Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+# This makes Thunderbird realize they aren't selectable and show them
+# greyed out, instead of only later giving "not selectable" popup error.
+#
+# The list is space-separated.
+#imap_client_workarounds =
+
+# Host allowed in URLAUTH URLs sent by client. "*" allows all.
+#imap_urlauth_host =
+
+# Enable IMAP LITERAL- extension (replaces LITERAL+)
+#imap_literal_minus = no
+
+# What happens when FETCH fails due to some internal error:
+# disconnect-immediately:
+# The FETCH is aborted immediately and the IMAP client is disconnected.
+# disconnect-after:
+# The FETCH runs for all the requested mails returning as much data as
+# possible. The client is finally disconnected without a tagged reply.
+# no-after:
+# Same as disconnect-after, but tagged NO reply is sent instead of
+# disconnecting the client. If the client attempts to FETCH the same failed
+# mail more than once, the client is disconnected. This is to avoid clients
+# from going into infinite loops trying to FETCH a broken mail.
+#imap_fetch_failure = disconnect-immediately
+
+protocol imap {
+ # Space separated list of plugins to load (default is global mail_plugins).
+ #mail_plugins = $mail_plugins
+
+ # Maximum number of IMAP connections allowed for a user from each IP address.
+ # NOTE: The username is compared case-sensitively.
+ #mail_max_userip_connections = 10
+}
--- /dev/null
+##
+## LMTP specific settings
+##
+
+# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
+#lmtp_proxy = no
+
+# When recipient address includes the detail (e.g. user+detail), try to save
+# the mail to the detail mailbox. See also recipient_delimiter and
+# lda_mailbox_autocreate settings.
+#lmtp_save_to_detail_mailbox = no
+
+# Verify quota before replying to RCPT TO. This adds a small overhead.
+#lmtp_rcpt_check_quota = no
+
+# Which recipient address to use for Delivered-To: header and Received:
+# header. The default is "final", which is the same as the one given to
+# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
+# parameter, "none" uses nothing. Note that "none" is currently always used
+# when a mail has multiple recipients.
+#lmtp_hdr_delivery_address = final
+
+protocol lmtp {
+ # Space separated list of plugins to load (default is global mail_plugins).
+ #mail_plugins = $mail_plugins
+}
--- /dev/null
+##
+## ManageSieve specific settings
+##
+
+# Uncomment to enable managesieve protocol:
+#protocols = $protocols sieve
+
+# Service definitions
+
+#service managesieve-login {
+ #inet_listener sieve {
+ # port = 4190
+ #}
+
+ #inet_listener sieve_deprecated {
+ # port = 2000
+ #}
+
+ # Number of connections to handle before starting a new process. Typically
+ # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+ # is faster. <doc/wiki/LoginProcess.txt>
+ #service_count = 1
+
+ # Number of processes to always keep waiting for more connections.
+ #process_min_avail = 0
+
+ # If you set service_count=0, you probably need to grow this.
+ #vsz_limit = 64M
+#}
+
+#service managesieve {
+ # Max. number of ManageSieve processes (connections)
+ #process_limit = 1024
+#}
+
+# Service configuration
+
+protocol sieve {
+ # Maximum ManageSieve command line length in bytes. ManageSieve usually does
+ # not involve overly long command lines, so this setting will not normally
+ # need adjustment
+ #managesieve_max_line_length = 65536
+
+ # Maximum number of ManageSieve connections allowed for a user from each IP
+ # address.
+ # NOTE: The username is compared case-sensitively.
+ #mail_max_userip_connections = 10
+
+ # Space separated list of plugins to load (none known to be useful so far).
+ # Do NOT try to load IMAP plugins here.
+ #mail_plugins =
+
+ # MANAGESIEVE logout format string:
+ # %i - total number of bytes read from client
+ # %o - total number of bytes sent to client
+ # %{put_bytes} - Number of bytes saved using PUTSCRIPT command
+ # %{put_count} - Number of scripts saved using PUTSCRIPT command
+ # %{get_bytes} - Number of bytes read using GETCRIPT command
+ # %{get_count} - Number of scripts read using GETSCRIPT command
+ # %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
+ # %{get_count} - Number of scripts checked using CHECKSCRIPT command
+ # %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
+ # %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
+ #managesieve_logout_format = bytes=%i/%o
+
+ # To fool ManageSieve clients that are focused on CMU's timesieved you can
+ # specify the IMPLEMENTATION capability that Dovecot reports to clients.
+ # For example: 'Cyrus timsieved v2.2.13'
+ #managesieve_implementation_string = Dovecot Pigeonhole
+
+ # Explicitly specify the SIEVE and NOTIFY capability reported by the server
+ # before login. If left unassigned these will be reported dynamically
+ # according to what the Sieve interpreter supports by default (after login
+ # this may differ depending on the user).
+ #managesieve_sieve_capability =
+ #managesieve_notify_capability =
+
+ # The maximum number of compile errors that are returned to the client upon
+ # script upload or script verification.
+ #managesieve_max_compile_errors = 5
+
+ # Refer to 90-sieve.conf for script quota configuration and configuration of
+ # Sieve execution limits.
+}
--- /dev/null
+##
+## POP3 specific settings
+##
+
+# Don't try to set mails non-recent or seen with POP3 sessions. This is
+# mostly intended to reduce disk I/O. With maildir it doesn't move files
+# from new/ to cur/, with mbox it doesn't write Status-header.
+#pop3_no_flag_updates = no
+
+# Support LAST command which exists in old POP3 specs, but has been removed
+# from new ones. Some clients still wish to use this though. Enabling this
+# makes RSET command clear all \Seen flags from messages.
+#pop3_enable_last = no
+
+# If mail has X-UIDL header, use it as the mail's UIDL.
+#pop3_reuse_xuidl = no
+
+# Allow only one POP3 session to run simultaneously for the same user.
+#pop3_lock_session = no
+
+# POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
+# Many POP3 servers violate this by returning the sizes with LF linefeeds,
+# because it's faster to get. When this setting is enabled, Dovecot still
+# tries to do the right thing first, but if that requires opening the
+# message, it fallbacks to the easier (but incorrect) size.
+#pop3_fast_size_lookups = no
+
+# POP3 UIDL (unique mail identifier) format to use. You can use following
+# variables, along with the variable modifiers described in
+# doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
+#
+# %v - Mailbox's IMAP UIDVALIDITY
+# %u - Mail's IMAP UID
+# %m - MD5 sum of the mailbox headers in hex (mbox only)
+# %f - filename (maildir only)
+# %g - Mail's GUID
+#
+# If you want UIDL compatibility with other POP3 servers, use:
+# UW's ipop3d : %08Xv%08Xu
+# Courier : %f or %v-%u (both might be used simultaneously)
+# Cyrus (<= 2.1.3) : %u
+# Cyrus (>= 2.1.4) : %v.%u
+# Dovecot v0.99.x : %v.%u
+# tpop3d : %Mf
+#
+# Note that Outlook 2003 seems to have problems with %v.%u format which was
+# Dovecot's default, so if you're building a new server it would be a good
+# idea to change this. %08Xu%08Xv should be pretty fail-safe.
+#
+#pop3_uidl_format = %08Xu%08Xv
+
+# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
+# won't change those UIDLs. Currently this works only with Maildir.
+#pop3_save_uidl = no
+
+# What to do about duplicate UIDLs if they exist?
+# allow: Show duplicates to clients.
+# rename: Append a temporary -2, -3, etc. counter after the UIDL.
+#pop3_uidl_duplicates = allow
+
+# This option changes POP3 behavior so that it's not possible to actually
+# delete mails via POP3, only hide them from future POP3 sessions. The mails
+# will still be counted towards user's quota until actually deleted via IMAP.
+# Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword).
+# Make sure you can legally archive mails before enabling this setting.
+#pop3_deleted_flag =
+
+# POP3 logout format string:
+# %i - total number of bytes read from client
+# %o - total number of bytes sent to client
+# %t - number of TOP commands
+# %p - number of bytes sent to client as a result of TOP command
+# %r - number of RETR commands
+# %b - number of bytes sent to client as a result of RETR command
+# %d - number of deleted messages
+# %{deleted_bytes} - number of bytes in deleted messages
+# %m - number of messages (before deletion)
+# %s - mailbox size in bytes (before deletion)
+# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
+#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+
+# Workarounds for various client bugs:
+# outlook-no-nuls:
+# Outlook and Outlook Express hang if mails contain NUL characters.
+# This setting replaces them with 0x80 character.
+# oe-ns-eoh:
+# Outlook Express and Netscape Mail breaks if end of headers-line is
+# missing. This option simply sends it if it's missing.
+# The list is space-separated.
+#pop3_client_workarounds =
+
+protocol pop3 {
+ # Space separated list of plugins to load (default is global mail_plugins).
+ #mail_plugins = $mail_plugins
+
+ # Maximum number of POP3 connections allowed for a user from each IP address.
+ # NOTE: The username is compared case-sensitively.
+ #mail_max_userip_connections = 10
+}
--- /dev/null
+##
+## Mailbox access control lists.
+##
+
+# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
+# You can also optionally give a global ACL directory path where ACLs are
+# applied to all users' mailboxes. The global ACL directory contains
+# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
+# specifies how many seconds to wait between stat()ing dovecot-acl file
+# to see if it changed.
+plugin {
+ #acl = vfile:/etc/dovecot/global-acls:cache_secs=300
+}
+
+# To let users LIST mailboxes shared by other users, Dovecot needs a
+# shared mailbox dictionary. For example:
+plugin {
+ #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
+}
--- /dev/null
+##
+## Plugin settings
+##
+
+# All wanted plugins must be listed in mail_plugins setting before any of the
+# settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and
+# their configuration. Note that %variable expansion is done for all values.
+
+plugin {
+ #setting_name = value
+}
--- /dev/null
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+# Quota limits are set using "quota_rule" parameters. To get per-user quota
+# limits, you can set/override them by returning "quota_rule" extra field
+# from userdb. It's also possible to give mailbox-specific limits, for example
+# to give additional 100 MB when saving to Trash:
+
+plugin {
+ #quota_rule = *:storage=1G
+ #quota_rule2 = Trash:storage=+100M
+
+ # LDA/LMTP allows saving the last mail to bring user from under quota to
+ # over quota, if the quota doesn't grow too high. Default is to allow as
+ # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
+ #quota_grace = 10%%
+
+ # Quota plugin can also limit the maximum accepted mail size.
+ #quota_max_mail_size = 100M
+}
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is executed, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+ #quota_warning = storage=95%% quota-warning 95 %u
+ #quota_warning2 = storage=80%% quota-warning 80 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+#service quota-warning {
+# executable = script /usr/local/bin/quota-warning.sh
+# user = dovecot
+# unix_listener quota-warning {
+# user = vmail
+# }
+#}
+
+##
+## Quota backends
+##
+
+# Multiple backends are supported:
+# dirsize: Find and sum all the files found from mail directory.
+# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
+# dict: Keep quota stored in dictionary (eg. SQL)
+# maildir: Maildir++ quota
+# fs: Read-only support for filesystem quota
+
+plugin {
+ #quota = dirsize:User quota
+ #quota = maildir:User quota
+ #quota = dict:User quota::proxy::quota
+ #quota = fs:User quota
+}
+
+# Multiple quota roots are also possible, for example this gives each user
+# their own 100MB quota and one shared 1GB quota within the domain:
+plugin {
+ #quota = dict:user::proxy::quota
+ #quota2 = dict:domain:%d:proxy::quota_domain
+ #quota_rule = *:storage=102400
+ #quota2_rule = *:storage=1048576
+}
--- /dev/null
+# Sieve Extprograms plugin configuration
+
+# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
+# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
+# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
+# sieve_extensions or sieve_global_extensions settings. Restricting these
+# extensions to a global context using sieve_global_extensions is recommended.
+
+plugin {
+
+ # The directory where the program sockets are located for the
+ # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+ # respectively. The name of each unix socket contained in that directory
+ # directly maps to a program-name referenced from the Sieve script.
+ #sieve_pipe_socket_dir = sieve-pipe
+ #sieve_filter_socket_dir = sieve-filter
+ #sieve_execute_socket_dir = sieve-execute
+
+ # The directory where the scripts are located for direct execution by the
+ # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+ # respectively. The name of each script contained in that directory
+ # directly maps to a program-name referenced from the Sieve script.
+ #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
+ #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
+ #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
+}
+
+# An example program service called 'do-something' to pipe messages to
+#service do-something {
+ # Define the executed script as parameter to the sieve service
+ #executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
+
+ # Use some unprivileged user for executing the program
+ #user = dovenull
+
+ # The unix socket located in the sieve_pipe_socket_dir (as defined in the
+ # plugin {} section above)
+ #unix_listener sieve-pipe/do-something {
+ # LDA/LMTP must have access
+ # user = vmail
+ # mode = 0600
+ #}
+#}
+
--- /dev/null
+##
+## Settings for the Sieve interpreter
+##
+
+# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
+# by adding it to the respective mail_plugins= settings.
+
+# The Sieve interpreter can retrieve Sieve scripts from several types of
+# locations. The default `file' location type is a local filesystem path
+# pointing to a Sieve script file or a directory containing multiple Sieve
+# script files. More complex setups can use other location types such as
+# `ldap' or `dict' to fetch Sieve scripts from remote databases.
+#
+# All settings that specify the location of one ore more Sieve scripts accept
+# the following syntax:
+#
+# location = [<type>:]path[;<option>[=<value>][;...]]
+#
+# If the type prefix is omitted, the script location type is 'file' and the
+# location is interpreted as a local filesystem path pointing to a Sieve script
+# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+# information.
+
+plugin {
+ # The location of the user's main Sieve script or script storage. The LDA
+ # Sieve plugin uses this to find the active script for Sieve filtering at
+ # delivery. The "include" extension uses this location for retrieving
+ # :personal" scripts. This is also where the ManageSieve service will store
+ # the user's scripts, if supported.
+ #
+ # Currently only the 'file:' location type supports ManageSieve operation.
+ # Other location types like 'dict:' and 'ldap:' can currently only
+ # be used as a read-only script source ().
+ #
+ # For the 'file:' type: use the ';active=' parameter to specify where the
+ # active script symlink is located.
+ # For other types: use the ';name=' parameter to specify the name of the
+ # default/active script.
+ sieve = file:~/sieve;active=~/.dovecot.sieve
+
+ # The default Sieve script when the user has none. This is the location of a
+ # global sieve script file, which gets executed ONLY if user's personal Sieve
+ # script doesn't exist. Be sure to pre-compile this script manually using the
+ # sievec command line tool if the binary is not stored in a global location.
+ # --> See sieve_before for executing scripts before the user's personal
+ # script.
+ #sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+ # The name by which the default Sieve script (as configured by the
+ # sieve_default setting) is visible to the user through ManageSieve.
+ #sieve_default_name =
+
+ # Location for ":global" include scripts as used by the "include" extension.
+ #sieve_global =
+
+ # The location of a Sieve script that is run for any message that is about to
+ # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+ # execution. This only happens when the "implicit keep" is canceled, by e.g.
+ # the "discard" action, and no actions that deliver the message are executed.
+ # This "discard script" can prevent discarding the message, by executing
+ # alternative actions. If the discard script does nothing, the message is
+ # still discarded as it would be when no discard script is configured.
+ #sieve_discard =
+
+ # Location Sieve of scripts that need to be executed before the user's
+ # personal script. If a 'file' location path points to a directory, all the
+ # Sieve scripts contained therein (with the proper `.sieve' extension) are
+ # executed. The order of execution within that directory is determined by the
+ # file names, using a normal 8bit per-character comparison.
+ #
+ # Multiple script locations can be specified by appending an increasing number
+ # to the setting name. The Sieve scripts found from these locations are added
+ # to the script execution sequence in the specified order. Reading the
+ # numbered sieve_before settings stops at the first missing setting, so no
+ # numbers may be skipped.
+ #sieve_before = /var/lib/dovecot/sieve.d/
+ #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
+ #sieve_before3 = (etc...)
+
+ # Identical to sieve_before, only the specified scripts are executed after the
+ # user's script (only when keep is still in effect!). Multiple script
+ # locations can be specified by appending an increasing number.
+ #sieve_after =
+ #sieve_after2 =
+ #sieve_after2 = (etc...)
+
+ # Which Sieve language extensions are available to users. By default, all
+ # supported extensions are available, except for deprecated extensions or
+ # those that are still under development. Some system administrators may want
+ # to disable certain Sieve extensions or enable those that are not available
+ # by default. This setting can use '+' and '-' to specify differences relative
+ # to the default. For example `sieve_extensions = +imapflags' will enable the
+ # deprecated imapflags extension in addition to all extensions were already
+ # enabled by default.
+ #sieve_extensions = +notify +imapflags
+
+ # Which Sieve language extensions are ONLY available in global scripts. This
+ # can be used to restrict the use of certain Sieve extensions to administrator
+ # control, for instance when these extensions can cause security concerns.
+ # This setting has higher precedence than the `sieve_extensions' setting
+ # (above), meaning that the extensions enabled with this setting are never
+ # available to the user's personal script no matter what is specified for the
+ # `sieve_extensions' setting. The syntax of this setting is similar to the
+ # `sieve_extensions' setting, with the difference that extensions are
+ # enabled or disabled for exclusive use in global scripts. Currently, no
+ # extensions are marked as such by default.
+ #sieve_global_extensions =
+
+ # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
+ # setting, the used plugins can be specified. Check the Dovecot wiki
+ # (wiki2.dovecot.org) or the pigeonhole website
+ # (http://pigeonhole.dovecot.org) for available plugins.
+ # The sieve_extprograms plugin is included in this release.
+ #sieve_plugins =
+
+ # The separator that is expected between the :user and :detail
+ # address parts introduced by the subaddress extension. This may
+ # also be a sequence of characters (e.g. '--'). The current
+ # implementation looks for the separator from the left of the
+ # localpart and uses the first one encountered. The :user part is
+ # left of the separator and the :detail part is right. This setting
+ # is also used by Dovecot's LMTP service.
+ #recipient_delimiter = +
+
+ # The maximum size of a Sieve script. The compiler will refuse to compile any
+ # script larger than this limit. If set to 0, no limit on the script size is
+ # enforced.
+ #sieve_max_script_size = 1M
+
+ # The maximum number of actions that can be performed during a single script
+ # execution. If set to 0, no limit on the total number of actions is enforced.
+ #sieve_max_actions = 32
+
+ # The maximum number of redirect actions that can be performed during a single
+ # script execution. If set to 0, no redirect actions are allowed.
+ #sieve_max_redirects = 4
+
+ # The maximum number of personal Sieve scripts a single user can have. If set
+ # to 0, no limit on the number of scripts is enforced.
+ # (Currently only relevant for ManageSieve)
+ #sieve_quota_max_scripts = 0
+
+ # The maximum amount of disk storage a single user's scripts may occupy. If
+ # set to 0, no limit on the used amount of disk storage is enforced.
+ # (Currently only relevant for ManageSieve)
+ #sieve_quota_max_storage = 0
+
+ # The primary e-mail address for the user. This is used as a default when no
+ # other appropriate address is available for sending messages. If this setting
+ # is not configured, either the postmaster or null "<>" address is used as a
+ # sender, depending on the action involved. This setting is important when
+ # there is no message envelope to extract addresses from, such as when the
+ # script is executed in IMAP.
+ #sieve_user_email =
+
+ # The path to the file where the user log is written. If not configured, a
+ # default location is used. If the main user's personal Sieve (as configured
+ # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+ # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+ #sieve_user_log =
+
+ # Specifies what envelope sender address is used for redirected messages.
+ # The following values are supported for this setting:
+ #
+ # "sender" - The sender address is used (default).
+ # "recipient" - The final recipient address is used.
+ # "orig_recipient" - The original recipient is used.
+ # "user_email" - The user's primary address is used. This is
+ # configured with the "sieve_user_email" setting. If
+ # that setting is unconfigured, "user_mail" is equal to
+ # "recipient".
+ # "postmaster" - The postmaster_address configured for the LDA.
+ # "<user@domain>" - Redirected messages are always sent from user@domain.
+ # The angle brackets are mandatory. The null "<>" address
+ # is also supported.
+ #
+ # This setting is ignored when the envelope sender is "<>". In that case the
+ # sender of the redirected message is also always "<>".
+ #sieve_redirect_envelope_from = sender
+
+ ## TRACE DEBUGGING
+ # Trace debugging provides detailed insight in the operations performed by
+ # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+ # IMAPSIEVE plugin.
+ #
+ # WARNING: On a busy server, this functionality can quickly fill up the trace
+ # directory with a lot of trace files. Enable this only temporarily and as
+ # selective as possible.
+
+ # The directory where trace files are written. Trace debugging is disabled if
+ # this setting is not configured or if the directory does not exist. If the
+ # path is relative or it starts with "~/" it is interpreted relative to the
+ # current user's home directory.
+ #sieve_trace_dir =
+
+ # The verbosity level of the trace messages. Trace debugging is disabled if
+ # this setting is not configured. Possible values are:
+ #
+ # "actions" - Only print executed action commands, like keep,
+ # fileinto, reject and redirect.
+ # "commands" - Print any executed command, excluding test commands.
+ # "tests" - Print all executed commands and performed tests.
+ # "matching" - Print all executed commands, performed tests and the
+ # values matched in those tests.
+ #sieve_trace_level =
+
+ # Enables highly verbose debugging messages that are usually only useful for
+ # developers.
+ #sieve_trace_debug = no
+
+ # Enables showing byte code addresses in the trace output, rather than only
+ # the source line numbers.
+ #sieve_trace_addresses = no
+}
--- /dev/null
+# Authentication for checkpassword users. Included from 10-auth.conf.
+#
+# <doc/wiki/AuthDatabase.CheckPassword.txt>
+
+passdb {
+ driver = checkpassword
+ args = /usr/bin/checkpassword
+}
+
+# passdb lookup should return also userdb info
+userdb {
+ driver = prefetch
+}
+
+# Standard checkpassword doesn't support direct userdb lookups.
+# If you need checkpassword userdb, the checkpassword must support
+# Dovecot-specific extensions.
+#userdb {
+# driver = checkpassword
+# args = /usr/bin/checkpassword
+#}
--- /dev/null
+# Deny access for users. Included from 10-auth.conf.
+
+# Users can be (temporarily) disabled by adding a passdb with deny=yes.
+# If the user is found from that database, authentication will fail.
+# The deny passdb should always be specified before others, so it gets
+# checked first.
+
+# Example deny passdb using passwd-file. You can use any passdb though.
+passdb {
+ driver = passwd-file
+ deny = yes
+
+ # File contains a list of usernames, one per line
+ args = /etc/dovecot/deny-users
+}
--- /dev/null
+# Authentication via dict backend. Included from 10-auth.conf.
+#
+# <doc/wiki/AuthDatabase.Dict.txt>
+
+passdb {
+ driver = dict
+
+ # Path for dict configuration file, see
+ # example-config/dovecot-dict-auth.conf.ext
+ args = /etc/dovecot/dovecot-dict-auth.conf.ext
+}
+
+userdb {
+ driver = dict
+ args = /etc/dovecot/dovecot-dict-auth.conf.ext
+}
--- /dev/null
+# Authentication for master users. Included from 10-auth.conf.
+
+# By adding master=yes setting inside a passdb you make the passdb a list
+# of "master users", who can log in as anyone else.
+# <doc/wiki/Authentication.MasterUsers.txt>
+
+# Example master user passdb using passwd-file. You can use any passdb though.
+passdb {
+ driver = passwd-file
+ master = yes
+ args = /etc/dovecot/master-users
+
+ # Unless you're using PAM, you probably still want the destination user to
+ # be looked up from passdb that it really exists. pass=yes does that.
+ pass = yes
+}
--- /dev/null
+# Authentication for passwd-file users. Included from 10-auth.conf.
+#
+# passwd-like file with specified location.
+# <doc/wiki/AuthDatabase.PasswdFile.txt>
+
+passdb {
+ driver = passwd-file
+ args = scheme=CRYPT username_format=%u /etc/dovecot/users
+}
+
+userdb {
+ driver = passwd-file
+ args = username_format=%u /etc/dovecot/users
+
+ # Default fields that can be overridden by passwd-file
+ #default_fields = quota_rule=*:storage=1G
+
+ # Override fields from passwd-file
+ #override_fields = home=/home/virtual/%u
+}
--- /dev/null
+# Authentication for SQL users. Included from 10-auth.conf.
+#
+# <doc/wiki/AuthDatabase.SQL.txt>
+
+passdb {
+ driver = sql
+
+ # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
+ args = /etc/dovecot/dovecot-sql.conf.ext
+}
+
+# "prefetch" user database means that the passdb already provided the
+# needed information and there's no need to do a separate userdb lookup.
+# <doc/wiki/UserDatabase.Prefetch.txt>
+#userdb {
+# driver = prefetch
+#}
+
+userdb {
+ driver = sql
+ args = /etc/dovecot/dovecot-sql.conf.ext
+}
+
+# If you don't have any user-specific settings, you can avoid the user_query
+# by using userdb static instead of userdb sql, for example:
+# <doc/wiki/UserDatabase.Static.txt>
+#userdb {
+ #driver = static
+ #args = uid=vmail gid=vmail home=/var/vmail/%u
+#}
--- /dev/null
+# Static passdb. Included from 10-auth.conf.
+
+# This can be used for situations where Dovecot doesn't need to verify the
+# username or the password, or if there is a single password for all users:
+#
+# - proxy frontend, where the backend verifies the password
+# - proxy backend, where the frontend already verified the password
+# - authentication with SSL certificates
+# - simple testing
+
+#passdb {
+# driver = static
+# args = proxy=y host=%1Mu.example.com nopassword=y
+#}
+
+#passdb {
+# driver = static
+# args = password=test
+#}
+
+#userdb {
+# driver = static
+# args = uid=vmail gid=vmail home=/home/%u
+#}
--- /dev/null
+# Authentication for system users. Included from 10-auth.conf.
+#
+# <doc/wiki/PasswordDatabase.txt>
+# <doc/wiki/UserDatabase.txt>
+
+# PAM authentication. Preferred nowadays by most systems.
+# PAM is typically used with either userdb passwd or userdb static.
+# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
+# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
+passdb {
+ driver = pam
+ # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
+ # [cache_key=<key>] [<service name>]
+ #args = dovecot
+}
+
+# System users (NSS, /etc/passwd, or similar).
+# In many systems nowadays this uses Name Service Switch, which is
+# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
+#passdb {
+ #driver = passwd
+ # [blocking=no]
+ #args =
+#}
+
+# Shadow passwords for system users (NSS, /etc/shadow or similar).
+# Deprecated by PAM nowadays.
+# <doc/wiki/PasswordDatabase.Shadow.txt>
+#passdb {
+ #driver = shadow
+ # [blocking=no]
+ #args =
+#}
+
+# PAM-like authentication for OpenBSD.
+# <doc/wiki/PasswordDatabase.BSDAuth.txt>
+#passdb {
+ #driver = bsdauth
+ # [blocking=no] [cache_key=<key>]
+ #args =
+#}
+
+##
+## User databases
+##
+
+# System users (NSS, /etc/passwd, or similar). In many systems nowadays this
+# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
+userdb {
+ # <doc/wiki/AuthDatabase.Passwd.txt>
+ driver = passwd
+ # [blocking=no]
+ #args =
+
+ # Override fields from passwd
+ #override_fields = home=/home/virtual/%u
+}
+
+# Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
+#userdb {
+ #driver = static
+ # Can return anything a userdb could normally return. For example:
+ #
+ # args = uid=500 gid=500 home=/var/mail/%u
+ #
+ # LDA and LMTP needs to look up users only from the userdb. This of course
+ # doesn't work with static userdb because there is no list of users.
+ # Normally static userdb handles this by doing a passdb lookup. This works
+ # with most passdbs, with PAM being the most notable exception. If you do
+ # the user verification another way, you can add allow_all_users=yes to
+ # the args in which case the passdb lookup is skipped.
+ #
+ #args =
+#}
--- /dev/null
+# Authentication for vpopmail users. Included from 10-auth.conf.
+#
+# <doc/wiki/AuthDatabase.VPopMail.txt>
+
+passdb {
+ driver = vpopmail
+
+ # [cache_key=<key>] [webmail=<ip>]
+ args =
+}
+
+userdb {
+ driver = vpopmail
+
+ # [quota_template=<template>] - %q expands to Maildir++ quota
+ args = quota_template=quota_rule=*:backend=%q
+}
--- /dev/null
+# This file is commonly accessed via passdb {} or userdb {} section in
+# conf.d/auth-dict.conf.ext
+
+# Dictionary URI
+#uri =
+
+# Default password scheme
+default_pass_scheme = MD5
+
+# Username iteration prefix. Keys under this are assumed to contain usernames.
+iterate_prefix = userdb/
+
+# Should iteration be disabled for this userdb? If this userdb acts only as a
+# cache there's no reason to try to iterate the (partial & duplicate) users.
+#iterate_disable = no
+
+# The example here shows how to do multiple dict lookups and merge the replies.
+# The "passdb" and "userdb" keys are JSON objects containing key/value pairs,
+# for example: { "uid": 1000, "gid": 1000, "home": "/home/user" }
+
+key passdb {
+ key = passdb/%u
+ format = json
+}
+key userdb {
+ key = userdb/%u
+ format = json
+}
+key quota {
+ key = userdb/%u/quota
+ #format = value
+ # The default_value is used if the key isn't found. If default_value setting
+ # isn't specified at all (even as empty), the passdb/userdb lookup fails with
+ # "user doesn't exist".
+ default_value = 100M
+}
+
+# Space separated list of keys whose values contain key/value paired objects.
+# All the key/value pairs inside the object are added as passdb fields.
+passdb_objects = passdb
+
+#passdb_fields {
+#}
+
+# Userdb key/value object list.
+userdb_objects = userdb
+
+userdb_fields {
+ # dict:<key> refers to key names
+ quota_rule = *:storage=%{dict:quota}
+
+ # dict:<key>.<objkey> refers to the objkey inside (JSON) object
+ mail = maildir:%{dict:userdb.home}/Maildir
+}
--- /dev/null
+# This file is commonly accessed via dict {} section in dovecot.conf
+
+#connect = host=localhost dbname=mails user=testuser password=pass
+
+# CREATE TABLE quota (
+# username varchar(100) not null,
+# bytes bigint not null default 0,
+# messages integer not null default 0,
+# primary key (username)
+# );
+
+map {
+ pattern = priv/quota/storage
+ table = quota
+ username_field = username
+ value_field = bytes
+}
+map {
+ pattern = priv/quota/messages
+ table = quota
+ username_field = username
+ value_field = messages
+}
+
+# CREATE TABLE expires (
+# username varchar(100) not null,
+# mailbox varchar(255) not null,
+# expire_stamp integer not null,
+# primary key (username, mailbox)
+# );
+
+map {
+ pattern = shared/expire/$user/$mailbox
+ table = expires
+ value_field = expire_stamp
+
+ fields {
+ username = $user
+ mailbox = $mailbox
+ }
+}
--- /dev/null
+# This file is commonly accessed via passdb {} or userdb {} section in
+# conf.d/auth-sql.conf.ext
+
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki2.dovecot.org/AuthDatabase/SQL
+#
+# For the sql passdb module, you'll need a database with a table that
+# contains fields for at least the username and password. If you want to
+# use the user@domain syntax, you might want to have a separate domain
+# field as well.
+#
+# If your users all have the same uig/gid, and have predictable home
+# directories, you can use the static userdb module to generate the home
+# dir based on the username and domain. In this case, you won't need fields
+# for home, uid, or gid in the database.
+#
+# If you prefer to use the sql userdb module, you'll want to add fields
+# for home, uid, and gid. Here is an example table:
+#
+# CREATE TABLE users (
+# username VARCHAR(128) NOT NULL,
+# domain VARCHAR(128) NOT NULL,
+# password VARCHAR(64) NOT NULL,
+# home VARCHAR(255) NOT NULL,
+# uid INTEGER NOT NULL,
+# gid INTEGER NOT NULL,
+# active CHAR(1) DEFAULT 'Y' NOT NULL
+# );
+
+# Database driver: mysql, pgsql, sqlite
+#driver =
+
+# Database connection string. This is driver-specific setting.
+#
+# HA / round-robin load-balancing is supported by giving multiple host
+# settings, like: host=sql1.host.org host=sql2.host.org
+#
+# pgsql:
+# For available options, see the PostgreSQL documentation for the
+# PQconnectdb function of libpq.
+# Use maxconns=n (default 5) to change how many connections Dovecot can
+# create to pgsql.
+#
+# mysql:
+# Basic options emulate PostgreSQL option names:
+# host, port, user, password, dbname
+#
+# But also adds some new settings:
+# client_flags - See MySQL manual
+# connect_timeout - Connect timeout in seconds (default: 5)
+# read_timeout - Read timeout in seconds (default: 30)
+# write_timeout - Write timeout in seconds (default: 30)
+# ssl_ca, ssl_ca_path - Set either one or both to enable SSL
+# ssl_cert, ssl_key - For sending client-side certificates to server
+# ssl_cipher - Set minimum allowed cipher security (default: HIGH)
+# ssl_verify_server_cert - Verify that the name in the server SSL certificate
+# matches the host (default: no)
+# option_file - Read options from the given file instead of
+# the default my.cnf location
+# option_group - Read options from the given group (default: client)
+#
+# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
+# Note that currently you can't use spaces in parameters.
+#
+# sqlite:
+# The path to the database file.
+#
+# Examples:
+# connect = host=192.168.1.1 dbname=users
+# connect = host=sql.example.com dbname=virtual user=virtual password=blarg
+# connect = /etc/dovecot/authdb.sqlite
+#
+#connect =
+
+# Default password scheme.
+#
+# List of supported schemes is in
+# http://wiki2.dovecot.org/Authentication/PasswordSchemes
+#
+#default_pass_scheme = MD5
+
+# passdb query to retrieve the password. It can return fields:
+# password - The user's password. This field must be returned.
+# user - user@domain from the database. Needed with case-insensitive lookups.
+# username and domain - An alternative way to represent the "user" field.
+#
+# The "user" field is often necessary with case-insensitive lookups to avoid
+# e.g. "name" and "nAme" logins creating two different mail directories. If
+# your user and domain names are in separate fields, you can return "username"
+# and "domain" fields instead of "user".
+#
+# The query can also return other fields which have a special meaning, see
+# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
+#
+# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
+# for full list):
+# %u = entire user@domain
+# %n = user part of user@domain
+# %d = domain part of user@domain
+#
+# Note that these can be used only as input to SQL query. If the query outputs
+# any of these substitutions, they're not touched. Otherwise it would be
+# difficult to have eg. usernames containing '%' characters.
+#
+# Example:
+# password_query = SELECT userid AS user, pw AS password \
+# FROM users WHERE userid = '%u' AND active = 'Y'
+#
+#password_query = \
+# SELECT username, domain, password \
+# FROM users WHERE username = '%n' AND domain = '%d'
+
+# userdb query to retrieve the user information. It can return fields:
+# uid - System UID (overrides mail_uid setting)
+# gid - System GID (overrides mail_gid setting)
+# home - Home directory
+# mail - Mail location (overrides mail_location setting)
+#
+# None of these are strictly required. If you use a single UID and GID, and
+# home or mail directory fits to a template string, you could use userdb static
+# instead. For a list of all fields that can be returned, see
+# http://wiki2.dovecot.org/UserDatabase/ExtraFields
+#
+# Examples:
+# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
+# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
+# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
+#
+#user_query = \
+# SELECT home, uid, gid \
+# FROM users WHERE username = '%n' AND domain = '%d'
+
+# If you wish to avoid two SQL lookups (passdb + userdb), you can use
+# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
+# also have to return userdb fields in password_query prefixed with "userdb_"
+# string. For example:
+#password_query = \
+# SELECT userid AS user, password, \
+# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
+# FROM users WHERE userid = '%u'
+
+# Query to get a list of all usernames.
+#iterate_query = SELECT username AS user FROM users
--- /dev/null
+## Dovecot configuration file
+
+# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
+
+# "doveconf -n" command gives a clean output of the changed settings. Use it
+# instead of copy&pasting files when posting to the Dovecot mailing list.
+
+# '#' character and everything after it is treated as comments. Extra spaces
+# and tabs are ignored. If you want to use either of these explicitly, put the
+# value inside quotes, eg.: key = "# char and trailing whitespace "
+
+# Most (but not all) settings can be overridden by different protocols and/or
+# source/destination IPs by placing the settings inside sections, for example:
+# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
+
+# Default values are shown for each setting, it's not required to uncomment
+# those. These are exceptions to this though: No sections (e.g. namespace {})
+# or plugin settings are added by default, they're listed only as examples.
+# Paths are also just examples with the real defaults being based on configure
+# options. The paths listed here are for configure --prefix=/usr
+# --sysconfdir=/etc --localstatedir=/var
+
+# Enable installed protocols
+!include_try /usr/share/dovecot/protocols.d/*.protocol
+
+# A comma separated list of IPs or hosts where to listen in for connections.
+# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
+# If you want to specify non-default ports or anything more complex,
+# edit conf.d/master.conf.
+#listen = *, ::
+
+# Base directory where to store runtime data.
+#base_dir = /var/run/dovecot/
+
+# Name of this instance. In multi-instance setup doveadm and other commands
+# can use -i <instance_name> to select which instance is used (an alternative
+# to -c <config_path>). The instance name is also added to Dovecot processes
+# in ps output.
+#instance_name = dovecot
+
+# Greeting message for clients.
+#login_greeting = Dovecot ready.
+
+# Space separated list of trusted network ranges. Connections from these
+# IPs are allowed to override their IP addresses and ports (for logging and
+# for authentication checks). disable_plaintext_auth is also ignored for
+# these networks. Typically you'd specify your IMAP proxy servers here.
+#login_trusted_networks =
+
+# Space separated list of login access check sockets (e.g. tcpwrap)
+#login_access_sockets =
+
+# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
+# proxying. This isn't necessary normally, but may be useful if the destination
+# IP is e.g. a load balancer's IP.
+#auth_proxy_self =
+
+# Show more verbose process titles (in ps). Currently shows user name and
+# IP address. Useful for seeing who are actually using the IMAP processes
+# (eg. shared mailboxes or if same uid is used for multiple accounts).
+#verbose_proctitle = no
+
+# Should all processes be killed when Dovecot master process shuts down.
+# Setting this to "no" means that Dovecot can be upgraded without
+# forcing existing client connections to close (although that could also be
+# a problem if the upgrade is e.g. because of a security fix).
+#shutdown_clients = yes
+
+# If non-zero, run mail commands via this many connections to doveadm server,
+# instead of running them directly in the same process.
+#doveadm_worker_count = 0
+# UNIX socket or host:port used for connecting to doveadm server
+#doveadm_socket_path = doveadm-server
+
+# Space separated list of environment variables that are preserved on Dovecot
+# startup and passed down to all of its child processes. You can also give
+# key=value pairs to always set specific settings.
+#import_environment = TZ
+
+##
+## Dictionary server settings
+##
+
+# Dictionary can be used to store key=value lists. This is used by several
+# plugins. The dictionary can be accessed either directly or though a
+# dictionary server. The following dict block maps dictionary names to URIs
+# when the server is used. These can then be referenced using URIs in format
+# "proxy::<name>".
+
+dict {
+ #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
+ #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
+}
+
+# Most of the actual configuration gets included below. The filenames are
+# first sorted by their ASCII value and parsed in that order. The 00-prefixes
+# in filenames are intended to make it easier to understand the ordering.
+!include conf.d/*.conf
+
+# A config file can also tried to be included without giving an error if
+# it's not found:
+!include_try local.conf
--- /dev/null
+/etc/ssl/private/ssl-cert-snakeoil.key
\ No newline at end of file
--- /dev/null
+/etc/ssl/certs/ssl-cert-snakeoil.pem
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans-mono.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu LGC Sans Mono</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu LGC Sans</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-serif.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu LGC Serif</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-sans-mono.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu Sans Mono</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu Sans</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-serif.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu Serif</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/57-dejavu-sans-mono.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu Sans Mono.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bepa Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu LGC Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu Sans Mono</family>
+ <default>
+ <family>monospace</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>DejaVu Sans Mono</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/57-dejavu-sans.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu Sans.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Arev Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bepa</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu LGC Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Verajja</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <!-- In case VerajjaPDA stops declaring itself as Verajja -->
+ <alias binding="same">
+ <family>VerajjaPDA</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu Sans</family>
+ <default>
+ <family>sans-serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>DejaVu Sans</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/57-dejavu-serif.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu Serif.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bitstream Prima Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu LGC Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <!-- In case Verajja Serif stops declaring itself as DejaVu Serif -->
+ <alias binding="same">
+ <family>Verajja Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu Serif</family>
+ <default>
+ <family>serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>DejaVu Serif</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/58-dejavu-lgc-sans-mono.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu LGC Sans Mono.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bepa Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu LGC Sans Mono</family>
+ <default>
+ <family>monospace</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>DejaVu LGC Sans Mono</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/58-dejavu-lgc-sans.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu LGC Sans.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Arev Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bepa</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Verajja</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <!-- In case VerajjaPDA stops declaring itself as Verajja -->
+ <alias binding="same">
+ <family>VerajjaPDA</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu LGC Sans</family>
+ <default>
+ <family>sans-serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>DejaVu LGC Sans</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/58-dejavu-lgc-serif.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu LGC Serif.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bitstream Prima Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <!-- In case Verajja Serif stops declaring itself as DejaVu Serif -->
+ <alias binding="same">
+ <family>Verajja Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu LGC Serif</family>
+ <default>
+ <family>serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>DejaVu LGC Serif</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+/usr/share/fontconfig/conf.avail/10-hinting-slight.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/10-scale-bitmap-fonts.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-lgc-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-lgc-serif.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-serif.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/20-unhint-small-vera.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/30-metric-aliases.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/40-nonlatin.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/45-generic.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/45-latin.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/49-sansserif.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/50-user.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/51-local.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/57-dejavu-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/57-dejavu-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/57-dejavu-serif.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/58-dejavu-lgc-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/58-dejavu-lgc-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/58-dejavu-lgc-serif.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/60-generic.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/60-latin.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/65-fonts-persian.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/65-nonlatin.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/69-unifont.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/70-no-bitmaps.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/80-delicious.conf
\ No newline at end of file
--- /dev/null
+/usr/share/fontconfig/conf.avail/90-synthetic.conf
\ No newline at end of file
--- /dev/null
+conf.d/README
+
+Each file in this directory is a fontconfig configuration file. Fontconfig
+scans this directory, loading all files of the form [0-9][0-9]*.conf.
+These files are normally installed in /usr/share/fontconfig/conf.avail
+and then symlinked here, allowing them to be easily installed and then
+enabled/disabled by adjusting the symlinks.
+
+The files are loaded in numeric order, the structure of the configuration
+has led to the following conventions in usage:
+
+ Files begining with: Contain:
+
+ 00 through 09 Font directories
+ 10 through 19 system rendering defaults (AA, etc)
+ 20 through 29 font rendering options
+ 30 through 39 family substitution
+ 40 through 49 generic identification, map family->generic
+ 50 through 59 alternate config file loading
+ 60 through 69 generic aliases, map generic->family
+ 70 through 79 select font (adjust which fonts are available)
+ 80 through 89 match target="scan" (modify scanned patterns)
+ 90 through 99 font synthesis
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<!-- /etc/fonts/fonts.conf file to configure system font access -->
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Default configuration file</description>
+
+<!--
+ DO NOT EDIT THIS FILE.
+ IT WILL BE REPLACED WHEN FONTCONFIG IS UPDATED.
+ LOCAL CHANGES BELONG IN 'local.conf'.
+
+ The intent of this standard configuration file is to be adequate for
+ most environments. If you have a reasonably normal environment and
+ have found problems with this configuration, they are probably
+ things that others will also want fixed. Please submit any
+ problems to the fontconfig bugzilla system located at fontconfig.org
+
+ Note that the normal 'make install' procedure for fontconfig is to
+ replace any existing fonts.conf file with the new version. Place
+ any local customizations in local.conf which this file references.
+
+ Keith Packard
+-->
+
+<!-- Font directory list -->
+
+ <dir>/usr/share/fonts</dir>
+ <dir>/usr/X11R6/lib/X11/fonts</dir> <dir>/usr/local/share/fonts</dir>
+ <dir prefix="xdg">fonts</dir>
+ <!-- the following element will be removed in the future -->
+ <dir>~/.fonts</dir>
+
+<!--
+ Accept deprecated 'mono' alias, replacing it with 'monospace'
+-->
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>mono</string>
+ </test>
+ <edit name="family" mode="assign" binding="same">
+ <string>monospace</string>
+ </edit>
+ </match>
+
+<!--
+ Accept alternate 'sans serif' spelling, replacing it with 'sans-serif'
+-->
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans serif</string>
+ </test>
+ <edit name="family" mode="assign" binding="same">
+ <string>sans-serif</string>
+ </edit>
+ </match>
+
+<!--
+ Accept deprecated 'sans' alias, replacing it with 'sans-serif'
+-->
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans</string>
+ </test>
+ <edit name="family" mode="assign" binding="same">
+ <string>sans-serif</string>
+ </edit>
+ </match>
+
+<!--
+ Ignore dpkg temporary files created in fonts directories
+-->
+ <selectfont>
+ <rejectfont>
+ <glob>*.dpkg-tmp</glob>
+ </rejectfont>
+ </selectfont>
+ <selectfont>
+ <rejectfont>
+ <glob>*.dpkg-new</glob>
+ </rejectfont>
+ </selectfont>
+
+<!--
+ Load local system customization file
+-->
+ <include ignore_missing="yes">conf.d</include>
+
+<!-- Font cache directory list -->
+
+ <cachedir>/var/cache/fontconfig</cachedir>
+ <cachedir prefix="xdg">fontconfig</cachedir>
+ <!-- the following element will be removed in the future -->
+ <cachedir>~/.fontconfig</cachedir>
+
+ <config>
+<!--
+ Rescan configuration every 30 seconds when FcFontSetList is called
+ -->
+ <rescan>
+ <int>30</int>
+ </rescan>
+ </config>
+
+</fontconfig>
ssl-cert:x:116:
postfix:x:117:
postdrop:x:118:
+clamav:x:119:
+dovecot:x:120:
+dovenull:x:121:
+debian-spamd:x:122:
+amavis:x:123:
mysql:x:115:
ssl-cert:x:116:
postfix:x:117:
+postdrop:x:118:
+clamav:x:119:
+dovecot:x:120:
+dovenull:x:121:
+debian-spamd:x:122:
ssl-cert:!::
postfix:!::
postdrop:!::
+clamav:!::
+dovecot:!::
+dovenull:!::
+debian-spamd:!::
+amavis:!::
mysql:!::
ssl-cert:!::
postfix:!::
+postdrop:!::
+clamav:!::
+dovecot:!::
+dovenull:!::
+debian-spamd:!::
--- /dev/null
+#! /bin/sh
+#
+# amavisd /etc/init.d/ initscript for amavisd-new
+# $Id: amavisd-new.init 800 2006-01-31 00:07:45Z hmh $
+#
+# Copyright (c) 2003 by Brian May <bam@debian.org>
+# and Henrique M. Holschuh <hmh@debian.org>
+# Distributed under the GPL version 2
+#
+#
+# How this thing works:
+# ${START} must be only what is needed for start-stop-daemon, DO NOT
+# ADD ANY PARAMETERS HERE! we might use it for --test, for example.
+# ${STOP} works just like ${START}, --signal is used with it.
+#
+# ${PARAMS} are the parameters to give the daemon when really starting
+# it.
+### BEGIN INIT INFO
+# Provides: amavisd-new
+# Required-Start: $syslog $network $local_fs $remote_fs
+# Required-Stop: $syslog $network $local_fs $remote_fs
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Starts amavisd-new mailfilter
+# Description: Launches the amavisd-new mailfilter
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/amavisd-new
+DAEMON2=/usr/bin/perl
+NAME=amavisd
+DAEMONNAME=amavisd-new
+DESC=amavisd
+PIDFILE=/var/run/amavis/${NAME}.pid
+
+. /lib/lsb/init-functions
+
+test -f ${DAEMON} || exit 0
+
+set -e
+
+START="--start --quiet --pidfile $PIDFILE --startas ${DAEMON} --user amavis"
+STOP="--stop --quiet --pidfile $PIDFILE --user amavis"
+PARAMS=
+
+check_noncompatible_upgrade() {
+ for i in /etc/amavisd.conf /etc/amavis/amavisd.conf ; do
+ if [ -e "${i}.disabled" ] ; then
+ echo "Found incompatible config file flag!" >&2
+ echo "Due to safety concerns, amavisd-new will not be started." >&2
+ echo "Refer to /usr/share/doc/amavisd-new/README.Debian for instructions." >&2
+ exit 1
+ fi
+ done
+}
+
+createdir() {
+# $1 = user
+# $2 = group
+# $3 = permissions (octal)
+# $4 = path to directory
+ [ -d "$4" ] || mkdir -p "$4"
+ chown -c -h "$1:$2" "$4"
+ chmod -c "$3" "$4"
+}
+
+fixdirs() {
+ dir=$(dpkg-statoverride --list /var/run/amavis) || {
+ echo "You are missing a dpkg-statoverride on /var/run/amavis. Fix it, otherwise you risk silent breakage on upgrades." >&2
+ exit 1
+ }
+ [ -z "$dir" ] || createdir $dir
+ :
+}
+
+cleanup() {
+ [ -d /var/lib/amavis ] &&
+ find /var/lib/amavis -maxdepth 1 -name 'amavis-*' -type d \
+ -exec rm -rf "{}" \; >/dev/null 2>&1 || true
+ [ -d /var/lib/amavis/tmp ] &&
+ find /var/lib/amavis/tmp -maxdepth 1 -name 'amavis-*' -type d \
+ -exec rm -rf "{}" \; >/dev/null 2>&1 || true
+ :
+}
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ fixdirs
+ check_noncompatible_upgrade
+ export LC_ALL; LC_ALL=C
+ if start-stop-daemon ${START} -- ${PARAMS} start >/dev/null ; then
+ echo "amavisd-new."
+ else
+ if start-stop-daemon --test ${START} >/dev/null 2>&1; then
+ echo "(failed)."
+ exit 1
+ else
+ echo "(already running)."
+ exit 0
+ fi
+ fi
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ if start-stop-daemon ${STOP} --retry 10 >/dev/null ; then
+ cleanup
+ echo "amavisd-new."
+ else
+ if start-stop-daemon --test ${START} >/dev/null 2>&1; then
+ echo "(not running)."
+ exit 0
+ else
+ echo "(failed)."
+ exit 1
+ fi
+ fi
+ ;;
+# reload)
+# echo "Reloading $DESC configuration files."
+# start-stop-daemon ${STOP} --signal 1
+# ;;
+ restart|force-reload)
+ $0 stop
+ exec $0 start
+ ;;
+ debug|debug-sa)
+ mode="$1"
+ echo "Trying to run amavisd-new in ${mode} mode..."
+ fixdirs
+ check_noncompatible_upgrade
+ exec ${DAEMON} ${PARAMS} "${mode}"
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+ ;;
+ *)
+ N=/etc/init.d/amavis
+ #echo "Usage: $N {start|stop|restart|reload|force-reload|debug}" >&2
+ echo "Usage: $N {start|stop|restart|force-reload|status|debug}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: amavis-mc
+# Required-Start: $remote_fs $syslog amavisd-new
+# Should-Start:
+# Should-Stop:
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Startup script for amavis master supervisor
+# Description: This script starts the amavis supervisor for amavis
+# service processes.
+### END INIT INFO
+
+# Do NOT "set -e"
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="amavis services supervisor"
+NAME=amavis-mc
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS="-P /var/run/amavis/$NAME.pid"
+PIDFILE=/var/run/amavis/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ if [ -e $PIDFILE ]
+ then
+ if [ -d /proc/`cat $PIDFILE`/ ]
+ then
+ echo "$NAME (${AGENT_BACKEND} version) already running."
+ exit 0;
+ else
+ rm -f $PIDFILE
+ fi
+ fi
+ export LC_ALL; LC_ALL=C
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --user amavis -- \
+ $DAEMON_ARGS \
+ || return 2
+ # Add code here, if necessary, that waits for the process to be ready
+ # to handle requests from services started subsequently which depend
+ # on this one. As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user amavis
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --pidfile $PIDFILE --user amavis
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --user amavis
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC ($AGENT_BACKEND version)" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC ($AGENT_BACKEND version)" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC ($AGENT_BACKEND version)" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: amavis-snmp-subagent
+# Required-Start: $remote_fs $syslog amavisd-new
+# Should-Start: snmpd amavis-mc
+# Should-Stop: snmpd
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Startup script for amavis snmp subagent
+# Description: This script starts the daemon used to connect amavis with the
+# snmpd daemon
+### END INIT INFO
+
+# Do NOT "set -e"
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="amavis snmp subagent"
+NAME=amavisd-snmp-subagent
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS="-P /var/run/$NAME.pid"
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+AGENT_BACKEND="bdb"
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+case "$AGENT_BACKEND" in
+ bdb)
+ DAEMON=/usr/sbin/amavisd-snmp-subagent
+ ;;
+ zeromq)
+ DAEMON=/usr/sbin/amavisd-snmp-subagent-zmq
+ ;;
+esac
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ if [ -e $PIDFILE ]
+ then
+ if [ -d /proc/`cat $PIDFILE`/ ]
+ then
+ echo "$NAME (${AGENT_BACKEND} version) already running."
+ exit 0;
+ else
+ rm -f $PIDFILE
+ fi
+ fi
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --user amavis -- \
+ $DAEMON_ARGS \
+ || return 2
+ # Add code here, if necessary, that waits for the process to be ready
+ # to handle requests from services started subsequently which depend
+ # on this one. As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user amavis
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --pidfile $PIDFILE --user amavis
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --user amavis
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC ($AGENT_BACKEND version)" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC ($AGENT_BACKEND version)" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC ($AGENT_BACKEND version)" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- /dev/null
+#! /bin/sh
+# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+# Modified for Debian GNU/Linux
+# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Clamav version by Magnus Ekdahl <magnus@debian.org>
+# Heavily reworked by Stephen Gran <sgran@debian.org>
+#
+### BEGIN INIT INFO
+# Provides: clamav-daemon
+# Required-Start: $remote_fs $syslog
+# Should-Start:
+# Required-Stop: $remote_fs $syslog
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: ClamAV daemon
+# Description: Clam AntiVirus userspace daemon
+### END INIT INFO
+
+# The exit status codes should comply with LSB.
+# https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/clamd
+NAME="clamd"
+DESC="ClamAV daemon"
+CLAMAVCONF=/etc/clamav/clamd.conf
+SUPERVISOR=/usr/bin/daemon
+SUPERVISORNAME=daemon
+SUPERVISORPIDFILE="/var/run/clamav/daemon-clamd.pid"
+SUPERVISORARGS="--name=$NAME --respawn $DAEMON -F $SUPERVISORPIDFILE"
+DATABASEDIR="/var/lib/clamav"
+
+# required by Debian policy 9.3.2
+[ -x "$DAEMON" ] || exit 0
+[ -r /etc/default/clamav-daemon ] && . /etc/default/clamav-daemon
+
+to_lower()
+{
+ word="$1"
+ lcword=$(echo "$word" | tr A-Z a-z)
+ echo "$lcword"
+}
+
+is_true()
+{
+ var="$1"
+ lcvar=$(to_lower "$var")
+ [ 'true' = "$lcvar" ] || [ 'yes' = "$lcvar" ] || [ 1 = "$lcvar" ]
+ return $?
+}
+
+is_false()
+{
+ var="$1"
+ lcvar=$(to_lower "$var")
+ [ 'false' = "$lcvar" ] || [ 'no' = "$lcvar" ] || [ 0 = "$lcvar" ]
+ return $?
+}
+
+ucf_cleanup()
+{
+ # This only does something if I've fucked up before
+ # Not entirely impossible :(
+
+ configfile=$1
+
+ if [ `grep "$configfile" /var/lib/ucf/hashfile | wc -l` -gt 1 ]; then
+ grep -v "$configfile" /var/lib/ucf/hashfile > /var/lib/ucf/hashfile.tmp
+ grep "$configfile" /var/lib/ucf/hashfile | tail -n 1 >> /var/lib/ucf/hashfile.tmp
+ mv /var/lib/ucf/hashfile.tmp /var/lib/ucf/hashfile
+ fi
+}
+
+add_to_ucf()
+{
+ configfile=$1
+ ucffile=$2
+
+ if ! grep -q "$configfile" /var/lib/ucf/hashfile; then
+ md5sum $configfile >> /var/lib/ucf/hashfile
+ cp $configfile $ucffile
+ fi
+}
+
+ucf_upgrade_check()
+{
+ configfile=$1
+ sourcefile=$2
+ ucffile=$3
+
+ if [ -f "$configfile" ]; then
+ add_to_ucf $configfile $ucffile
+ ucf --three-way --debconf-ok "$sourcefile" "$configfile"
+ else
+ [ -d /var/lib/ucf/cache ] || mkdir -p /var/lib/ucf/cache
+ pathfind restorecon && restorecon /var/lib/ucf/cache
+ cp $sourcefile $configfile
+ add_to_ucf $configfile $ucffile
+ fi
+}
+
+slurp_config()
+{
+ CLAMAVCONF="$1"
+
+ if [ -e "$CLAMAVCONF" ]; then
+ for variable in `egrep -a -v '^[[:space:]]*(#|$)' "$CLAMAVCONF" | awk '{print $1}'`; do
+ case "$variable" in
+ DatabaseMirror)
+ if [ -z "$DatabaseMirror" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$value $i"
+ done
+ else
+ continue
+ fi
+ ;;
+ DatabaseCustomURL)
+ if [ -z "$DatabaseCustomURL" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$value $i"
+ done
+ else
+ continue
+ fi
+ ;;
+ IncludePUA)
+ if [ -z "$IncludePUA" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$i $value"
+ done
+ else
+ continue
+ fi
+ ;;
+ ExcludePUA)
+ if [ -z "$ExcludePUA" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$i $value"
+ done
+ else
+ continue
+ fi
+ ;;
+ ExtraDatabase)
+ if [ -z "$ExtraDatabase" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$value $i"
+ done
+ else
+ continue
+ fi
+ ;;
+ VirusEvent|OnUpdateExecute|OnErrorExecute|RejectMsg)
+ value=`grep -a ^$variable $CLAMAVCONF | head -n1 | sed -e s/$variable\ //`
+ ;;
+ *)
+ value=`grep -a "^$variable[[:space:]]" $CLAMAVCONF | head -n1 | awk '{print $2}'`
+ ;;
+ esac
+ if [ -z "$value" ]; then
+ export "$variable"="true"
+ elif [ "$value" != "$variable" ]; then
+ export "$variable"="$value"
+ else
+ export "$variable"="true"
+ fi
+ unset value
+ done
+ fi
+}
+
+pathfind() {
+ OLDIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if [ -x "$p/$*" ]; then
+ IFS="$OLDIFS"
+ return 0
+ fi
+ done
+ IFS="$OLDIFS"
+ return 1
+}
+
+set_debconf_value()
+{
+prog=$1
+name=$2
+eval variable="\$${name}"
+if [ -n "$variable" ]; then
+ db_set clamav-$prog/$name "$variable" || true
+fi
+}
+
+make_dir()
+{
+ DIR=$1
+ if [ -d "$DIR" ]; then
+ return 0;
+ fi
+ [ -n "$User" ] || User=clamav
+ mkdir -p -m 0755 "$DIR"
+ chown "$User" "$DIR"
+ pathfind restorecon && restorecon "$DIR"
+}
+
+# Debconf Functions
+
+isdigit ()
+{
+ case $1 in
+ [[:digit:]]*)
+ ISDIGIT=1
+ ;;
+ *)
+ ISDIGIT=0
+ ;;
+ esac
+}
+
+inputdigit ()
+{
+ ISDIGIT=0
+ while [ "$ISDIGIT" = '0' ]; do
+ db_input "$1" "$2" || true
+ if ! db_go; then
+ return 30
+ fi
+ db_get $2 || true
+ isdigit $RET
+ if [ "$ISDIGIT" = '0' ]; then
+ db_input critical clamav-base/numinfo || true
+ db_go
+ fi
+ done
+ return 0
+}
+
+StateGeneric()
+{
+ PRIO=$1
+ QUESTION=$2
+ NEXT=$3
+ LAST=$4
+
+ db_input $PRIO $QUESTION || true
+ if db_go; then
+ STATE=$NEXT
+ else
+ STATE=$LAST
+ fi
+}
+
+StateGenericDigit()
+{
+ PRIO=$1
+ QUESTION=$2
+ NEXT=$3
+ LAST=$4
+
+ inputdigit $PRIO $QUESTION || true
+ if db_go; then
+ STATE=$NEXT
+ else
+ STATE=$LAST
+ fi
+}
+
+
+. /lib/lsb/init-functions
+
+if [ ! -f "$CLAMAVCONF" ]; then
+ log_failure_msg "There is no configuration file for Clamav."
+ log_failure_msg "Please either dpkg-reconfigure $DESC, or copy the example from"
+ log_failure_msg "/usr/share/doc/clamav-base/examples/ to $CLAMAVCONF and run"
+ log_failure_msg "'invoke-rc.d clamav-daemon start'"
+ if [ "$1" = "status" ]; then
+ # program or service status is unknown
+ exit 4;
+ else
+ # program is not configured
+ exit 6;
+ fi
+fi
+
+slurp_config "$CLAMAVCONF"
+
+if [ -n "$Example" ]; then
+ log_failure_msg "Clamav is not configured."
+ log_failure_msg "Please edit $CLAMAVCONF and run 'invoke-rc.d clamav-daemon start'"
+ if [ "$1" = "status" ]; then
+ # program or service status is unknown
+ exit 4;
+ else
+ # program is not configured
+ exit 6;
+ fi
+fi
+
+if is_true "$Foreground"; then
+ if [ ! -x "$SUPERVISOR" ] ; then
+ log_failure_msg "Foreground specified, but $SUPERVISORNAME not found"
+ if [ "$1" = "status" ]; then
+ # program or service status is unknown
+ exit 4;
+ else
+ # program is not configured correctly
+ exit 6;
+ fi
+ else
+ RUN_SUPERVISED=1
+ fi
+fi
+
+[ -n "$User" ] || User=clamav
+[ -n "$DataBaseDirectory" ] || DataBaseDirectory=/var/run/clamav
+
+make_dir "$DataBaseDirectory"
+make_dir $(dirname "$SUPERVISORPIDFILE")
+
+if [ -z "$RUN_SUPERVISED" ]; then
+ THEPIDFILE="$PidFile"
+ THEDAEMON="$NAME"
+ RELOAD="1"
+else
+ THEPIDFILE="$SUPERVISORPIDFILE"
+ THEDAEMON="$SUPERVISORNAME"
+ RELOAD="0"
+fi
+
+if [ -z "$THEPIDFILE" ]
+then
+ # Set the default PidFile.
+ THEPIDFILE='/run/clamav/clamd.pid'
+fi
+
+make_dir $(dirname "$THEPIDFILE")
+chown $User $(dirname "$THEPIDFILE")
+
+
+case "$1" in
+ start)
+ # Check for database existence (start will fail if it's missing)
+ for db in main daily; do
+ if [ ! -e "$DATABASEDIR"/"$db".cvd ] && [ ! -d "$DATABASEDIR"/"$db".inc ] && [ ! -e "$DATABASEDIR"/"$db".cld ]; then
+ log_failure_msg "Clamav signatures not found in $DATABASEDIR"
+ log_failure_msg "Please retrieve them using freshclam"
+ log_failure_msg "Then run 'invoke-rc.d clamav-daemon start'"
+ # this is expected on a fresh installation
+ exit 0
+ fi
+ done
+ if [ -z "$RUN_SUPERVISED" ] ; then
+ log_daemon_msg "Starting $DESC" "$NAME "
+ start-stop-daemon --start --oknodo -c $User --exec $DAEMON --pidfile $THEPIDFILE --quiet -- -c $CLAMAVCONF --pid=$THEPIDFILE
+ ret=$?
+ else
+ log_daemon_msg "Starting $DESC" "$NAME (supervised) "
+ $SUPERVISOR $SUPERVISORARGS
+ ret=$?
+ fi
+ log_end_msg $ret
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ start-stop-daemon --stop --oknodo --name $THEDAEMON --pidfile $THEPIDFILE --quiet --retry TERM/30/KILL/5
+ log_end_msg $?
+ ;;
+ status)
+ start-stop-daemon --status --name $THEDAEMON --pidfile $THEPIDFILE
+ # start-stop-daemon returns LSB compliant exit status codes
+ ret=$?
+ if [ "$ret" = 0 ]; then
+ log_success_msg "$NAME is running"
+ else
+ log_failure_msg "$NAME is not running"
+ exit "$ret"
+ fi
+ ;;
+ restart|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ reload-database)
+ if [ "$RELOAD" = "1" ]; then
+ log_daemon_msg "Reloading database for $DESC" "$NAME"
+ pkill -USR2 -F $THEPIDFILE $THEDAEMON 2>/dev/null
+ log_end_msg $?
+ else
+ log_failure_msg "reload-database does not work in supervised mode."
+ # unimplemented feature
+ exit 3
+ fi
+ ;;
+ reload-log)
+ if [ "$RELOAD" = "1" ]; then
+ log_daemon_msg "Reloading log file for $DESC" "$NAME"
+ pkill -HUP -F $THEPIDFILE $THEDAEMON 2>/dev/null
+ else
+ log_failure_msg "reload-log does not work in supervised mode."
+ # unimplemented feature
+ exit 3
+ fi
+ log_end_msg $?
+ ;;
+ *)
+ log_action_msg "Usage: $0 {start|stop|restart|force-reload|reload-log|reload-database|status}" >&2
+ # invalid arguments
+ exit 2
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: clamav-freshclam
+# Required-Start: $remote_fs $syslog
+# Should-Start: clamav-daemon
+# Required-Stop: $remote_fs $syslog
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: ClamAV virus database updater
+# Description: Clam AntiVirus virus database updater
+### END INIT INFO
+
+# The exit status codes should comply with LSB.
+# https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
+
+DAEMON=/usr/bin/freshclam
+NAME=freshclam
+DESC="ClamAV virus database updater"
+
+# required by Debian policy 9.3.2
+[ -x $DAEMON ] || exit 0
+
+CLAMAV_CONF_FILE=/etc/clamav/clamd.conf
+FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf
+
+to_lower()
+{
+ word="$1"
+ lcword=$(echo "$word" | tr A-Z a-z)
+ echo "$lcword"
+}
+
+is_true()
+{
+ var="$1"
+ lcvar=$(to_lower "$var")
+ [ 'true' = "$lcvar" ] || [ 'yes' = "$lcvar" ] || [ 1 = "$lcvar" ]
+ return $?
+}
+
+is_false()
+{
+ var="$1"
+ lcvar=$(to_lower "$var")
+ [ 'false' = "$lcvar" ] || [ 'no' = "$lcvar" ] || [ 0 = "$lcvar" ]
+ return $?
+}
+
+ucf_cleanup()
+{
+ # This only does something if I've fucked up before
+ # Not entirely impossible :(
+
+ configfile=$1
+
+ if [ `grep "$configfile" /var/lib/ucf/hashfile | wc -l` -gt 1 ]; then
+ grep -v "$configfile" /var/lib/ucf/hashfile > /var/lib/ucf/hashfile.tmp
+ grep "$configfile" /var/lib/ucf/hashfile | tail -n 1 >> /var/lib/ucf/hashfile.tmp
+ mv /var/lib/ucf/hashfile.tmp /var/lib/ucf/hashfile
+ fi
+}
+
+add_to_ucf()
+{
+ configfile=$1
+ ucffile=$2
+
+ if ! grep -q "$configfile" /var/lib/ucf/hashfile; then
+ md5sum $configfile >> /var/lib/ucf/hashfile
+ cp $configfile $ucffile
+ fi
+}
+
+ucf_upgrade_check()
+{
+ configfile=$1
+ sourcefile=$2
+ ucffile=$3
+
+ if [ -f "$configfile" ]; then
+ add_to_ucf $configfile $ucffile
+ ucf --three-way --debconf-ok "$sourcefile" "$configfile"
+ else
+ [ -d /var/lib/ucf/cache ] || mkdir -p /var/lib/ucf/cache
+ pathfind restorecon && restorecon /var/lib/ucf/cache
+ cp $sourcefile $configfile
+ add_to_ucf $configfile $ucffile
+ fi
+}
+
+slurp_config()
+{
+ CLAMAVCONF="$1"
+
+ if [ -e "$CLAMAVCONF" ]; then
+ for variable in `egrep -a -v '^[[:space:]]*(#|$)' "$CLAMAVCONF" | awk '{print $1}'`; do
+ case "$variable" in
+ DatabaseMirror)
+ if [ -z "$DatabaseMirror" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$value $i"
+ done
+ else
+ continue
+ fi
+ ;;
+ DatabaseCustomURL)
+ if [ -z "$DatabaseCustomURL" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$value $i"
+ done
+ else
+ continue
+ fi
+ ;;
+ IncludePUA)
+ if [ -z "$IncludePUA" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$i $value"
+ done
+ else
+ continue
+ fi
+ ;;
+ ExcludePUA)
+ if [ -z "$ExcludePUA" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$i $value"
+ done
+ else
+ continue
+ fi
+ ;;
+ ExtraDatabase)
+ if [ -z "$ExtraDatabase" ]; then
+ for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
+ value="$value $i"
+ done
+ else
+ continue
+ fi
+ ;;
+ VirusEvent|OnUpdateExecute|OnErrorExecute|RejectMsg)
+ value=`grep -a ^$variable $CLAMAVCONF | head -n1 | sed -e s/$variable\ //`
+ ;;
+ *)
+ value=`grep -a "^$variable[[:space:]]" $CLAMAVCONF | head -n1 | awk '{print $2}'`
+ ;;
+ esac
+ if [ -z "$value" ]; then
+ export "$variable"="true"
+ elif [ "$value" != "$variable" ]; then
+ export "$variable"="$value"
+ else
+ export "$variable"="true"
+ fi
+ unset value
+ done
+ fi
+}
+
+pathfind() {
+ OLDIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if [ -x "$p/$*" ]; then
+ IFS="$OLDIFS"
+ return 0
+ fi
+ done
+ IFS="$OLDIFS"
+ return 1
+}
+
+set_debconf_value()
+{
+prog=$1
+name=$2
+eval variable="\$${name}"
+if [ -n "$variable" ]; then
+ db_set clamav-$prog/$name "$variable" || true
+fi
+}
+
+make_dir()
+{
+ DIR=$1
+ if [ -d "$DIR" ]; then
+ return 0;
+ fi
+ [ -n "$User" ] || User=clamav
+ mkdir -p -m 0755 "$DIR"
+ chown "$User" "$DIR"
+ pathfind restorecon && restorecon "$DIR"
+}
+
+# Debconf Functions
+
+isdigit ()
+{
+ case $1 in
+ [[:digit:]]*)
+ ISDIGIT=1
+ ;;
+ *)
+ ISDIGIT=0
+ ;;
+ esac
+}
+
+inputdigit ()
+{
+ ISDIGIT=0
+ while [ "$ISDIGIT" = '0' ]; do
+ db_input "$1" "$2" || true
+ if ! db_go; then
+ return 30
+ fi
+ db_get $2 || true
+ isdigit $RET
+ if [ "$ISDIGIT" = '0' ]; then
+ db_input critical clamav-base/numinfo || true
+ db_go
+ fi
+ done
+ return 0
+}
+
+StateGeneric()
+{
+ PRIO=$1
+ QUESTION=$2
+ NEXT=$3
+ LAST=$4
+
+ db_input $PRIO $QUESTION || true
+ if db_go; then
+ STATE=$NEXT
+ else
+ STATE=$LAST
+ fi
+}
+
+StateGenericDigit()
+{
+ PRIO=$1
+ QUESTION=$2
+ NEXT=$3
+ LAST=$4
+
+ inputdigit $PRIO $QUESTION || true
+ if db_go; then
+ STATE=$NEXT
+ else
+ STATE=$LAST
+ fi
+}
+
+
+. /lib/lsb/init-functions
+
+slurp_config "$FRESHCLAM_CONF_FILE"
+
+if [ -z "$PidFile" ]
+then
+ # Set the default PidFile.
+ PidFile='/run/clamav/freshclam.pid'
+fi
+[ -n "$DataBaseDirectory" ] || DataBaseDirectory=/var/run/clamav
+
+make_dir "$DataBaseDirectory"
+make_dir $(dirname "$PidFile")
+
+[ -z "$UpdateLogFile" ] && UpdateLogFile=/var/log/clamav/freshclam.log
+[ -z "$DatabaseDirectory" ] && DatabaseDirectory=/var/lib/clamav/
+[ -n "$DatabaseOwner" ] || DatabaseOwner=clamav
+
+case "$1" in
+ no-daemon)
+ su "$DatabaseOwner" -p -s /bin/sh -c "freshclam -l $UpdateLogFile --datadir $DatabaseDirectory"
+ ;;
+ start)
+ if [ ! -f "$PidFile" ]; then
+ # If clamd is run under a different UID than freshclam then we need
+ # to make sure the PidFile can be written or else we won't be able to
+ # kill it.
+ touch $PidFile
+ chown $DatabaseOwner $PidFile
+ fi
+ # If user wants it run from cron, we only accept no-daemon and stop
+ if [ -f /etc/cron.d/clamav-freshclam ]; then
+ log_warning_msg "Not starting $NAME - cron option selected"
+ log_warning_msg "Run the init script with the 'no-daemon' option"
+ # this is similar to the daemon already running
+ exit 0
+ fi
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start-stop-daemon --start --oknodo -c "$DatabaseOwner" --exec $DAEMON --pidfile $PidFile --quiet -- -d --quiet --config-file=$FRESHCLAM_CONF_FILE --pid=$PidFile
+ log_end_msg $?
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ start-stop-daemon --stop --oknodo --name $NAME --pidfile $PidFile --quiet --retry TERM/30/KILL/5
+ log_end_msg $?
+ ;;
+ restart|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ reload-log)
+ # If user wants it run from cron, we only accept no-daemon and stop
+ if [ -f /etc/cron.d/clamav-freshclam ]; then
+ log_warning_msg "Not reloading log for $NAME - cron option selected"
+ # log-reloading is not needed, because freshclam is not run as daemon
+ exit 0
+ fi
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ pkill -HUP -F $PidFile $NAME
+ log_end_msg $?
+ ;;
+ skip)
+ ;;
+ status)
+ start-stop-daemon --status --name $NAME --pidfile $PidFile
+ ret="$?"
+ if [ "$ret" = 0 ]; then
+ log_success_msg "$NAME is running"
+ exit 0
+ else
+ log_failure_msg "$NAME is not running"
+ exit "$ret"
+ fi
+ ;;
+ *)
+ log_action_msg "Usage: $0 {no-daemon|start|stop|restart|force-reload|reload-log|skip|status}" >&2
+ # invalid arguments
+ exit 2
+ ;;
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: dovecot
+# Required-Start: $local_fs $remote_fs $network $syslog $time
+# Required-Stop: $local_fs $remote_fs $network $syslog
+# Should-Start: postgresql mysql slapd winbind nslcd
+# Should-Stop: postgresql mysql slapd winbind nslcd
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Dovecot init script
+# Description: Init script for dovecot services
+### END INIT INFO
+
+# Author: Miquel van Smoorenburg <miquels@cistron.nl>.
+# Modified for Debian GNU/Linux
+# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+#
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DESC="IMAP/POP3 mail server"
+NAME=dovecot
+DAEMON=/usr/sbin/dovecot
+DAEMON_ARGS=""
+SCRIPTNAME=/etc/init.d/$NAME
+CONF=/etc/dovecot/${NAME}.conf
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Exit if the configuration file doesn't exist
+[ -f "$CONF" ] || exit 0
+
+# Exit if explicitly told to
+[ "$ENABLED" != "0" ] || exit 0
+
+# Allow core dumps if requested
+[ "$ALLOW_COREDUMPS" != "1" ] || ulimit -c unlimited
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+# conf file readable?
+if [ ! -r ${CONF} ]; then
+ log_daemon_msg "${CONF}: not readable" "$NAME" && log_end_msg 1;
+ exit 1;
+fi
+
+# dont check for inetd.conf if its not installed
+if [ -f /etc/inetd.conf ]; then
+ # The init script should do nothing if dovecot or another imap/pop3 server
+ # is being run from inetd, and dovecot is configured to run as an imap or
+ # pop3 service
+ for p in `sed -r "s/^ *(([^:]+|\[[^]]+]|\*):)?(pop3s?|imaps?)[ \t].*/\3/;t;d" \
+ /etc/inetd.conf`
+ do
+ for q in `doveconf -n -h protocols`
+ do
+ if [ $p = $q ]; then
+ log_daemon_msg "protocol ${p} configured both in inetd and in dovecot" "$NAME" && log_end_msg 1
+ exit 0
+ fi
+ done
+ done
+fi
+
+# determine the location of the PID file
+# overide by setting base_dir in conf file or PIDBASE in /etc/defaults/$NAME
+PIDBASE=${PIDBASE:-`doveconf -n -c ${CONF} -h base_dir`}
+PIDFILE=${PIDBASE:-/var/run/dovecot}/master.pid
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test -- -c ${CONF} > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- -c ${CONF} \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name ${DAEMON##*/}
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --pidfile $PIDFILE --name ${DAEMON##*/}
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME
+ return 0
+}
+
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2
+ exit 3
+ ;;
+esac
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: lm-sensors
+# Required-Start: $remote_fs
+# Required-Stop:
+# Default-Start: S
+# Default-Stop:
+# Short-Description: lm-sensors
+# Description: hardware health monitoring
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+PROGRAM=/usr/bin/sensors
+
+test -x $PROGRAM || exit 0
+
+case "$1" in
+ start)
+ log_action_begin_msg "Setting sensors limits"
+ if [ "$VERBOSE" = "no" ]; then
+ /usr/bin/sensors -s 1> /dev/null 2> /dev/null
+ /usr/bin/sensors 1> /dev/null 2> /dev/null
+ else
+ /usr/bin/sensors -s
+ /usr/bin/sensors > /dev/null
+ fi
+ log_action_end_msg 0
+ ;;
+ stop)
+ ;;
+ force-reload|restart)
+ $0 start
+ ;;
+ status)
+ exit 0
+ ;;
+ *)
+ log_success_msg "Usage: /etc/init.d/lm-sensors {start|stop|restart|force-reload|status}"
+ exit 1
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: nginx
+# Required-Start: $local_fs $remote_fs $network $syslog $named
+# Required-Stop: $local_fs $remote_fs $network $syslog $named
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: starts the nginx web server
+# Description: starts nginx using start-stop-daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nginx
+NAME=nginx
+DESC=nginx
+
+# Include nginx defaults if available
+if [ -r /etc/default/nginx ]; then
+ . /etc/default/nginx
+fi
+
+STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
+
+test -x $DAEMON || exit 0
+
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+# Try to extract nginx pidfile
+PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
+if [ -z "$PID" ]; then
+ PID=/run/nginx.pid
+fi
+
+if [ -n "$ULIMIT" ]; then
+ # Set ulimit if it is set in /etc/default/nginx
+ ulimit $ULIMIT
+fi
+
+start_nginx() {
+ # Start the daemon/service
+ #
+ # Returns:
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
+ $DAEMON_OPTS 2>/dev/null \
+ || return 2
+}
+
+test_config() {
+ # Test the nginx configuration
+ $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
+}
+
+stop_nginx() {
+ # Stops the daemon/service
+ #
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
+ RETVAL="$?"
+ sleep 1
+ return "$RETVAL"
+}
+
+reload_nginx() {
+ # Function that sends a SIGHUP to the daemon/service
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
+ return 0
+}
+
+rotate_logs() {
+ # Rotate log files
+ start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
+ return 0
+}
+
+upgrade_nginx() {
+ # Online upgrade nginx executable
+ # http://nginx.org/en/docs/control.html
+ #
+ # Return
+ # 0 if nginx has been successfully upgraded
+ # 1 if nginx is not running
+ # 2 if the pid files were not created on time
+ # 3 if the old master could not be killed
+ if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
+ # Wait for both old and new master to write their pid file
+ while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
+ cnt=`expr $cnt + 1`
+ if [ $cnt -gt 10 ]; then
+ return 2
+ fi
+ sleep 1
+ done
+ # Everything is ready, gracefully stop the old master
+ if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
+ return 0
+ else
+ return 3
+ fi
+ else
+ return 1
+ fi
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start_nginx
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ stop_nginx
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+
+ # Check configuration before stopping nginx
+ if ! test_config; then
+ log_end_msg 1 # Configuration error
+ exit $?
+ fi
+
+ stop_nginx
+ case "$?" in
+ 0|1)
+ start_nginx
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC configuration" "$NAME"
+
+ # Check configuration before stopping nginx
+ #
+ # This is not entirely correct since the on-disk nginx binary
+ # may differ from the in-memory one, but that's not common.
+ # We prefer to check the configuration and return an error
+ # to the administrator.
+ if ! test_config; then
+ log_end_msg 1 # Configuration error
+ exit $?
+ fi
+
+ reload_nginx
+ log_end_msg $?
+ ;;
+ configtest|testconfig)
+ log_daemon_msg "Testing $DESC configuration"
+ test_config
+ log_end_msg $?
+ ;;
+ status)
+ status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ upgrade)
+ log_daemon_msg "Upgrading binary" "$NAME"
+ upgrade_nginx
+ log_end_msg $?
+ ;;
+ rotate)
+ log_daemon_msg "Re-opening $DESC log files" "$NAME"
+ rotate_logs
+ log_end_msg $?
+ ;;
+ *)
+ echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
+ exit 3
+ ;;
+esac
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: php7.3-fpm
+# Required-Start: $remote_fs $network
+# Required-Stop: $remote_fs $network
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: starts php7.3-fpm
+# Description: Starts The PHP FastCGI Process Manager Daemon
+### END INIT INFO
+
+# Author: Ondrej Sury <ondrej@debian.org>
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="PHP 7.3 FastCGI Process Manager"
+NAME=php-fpm7.3
+CONFFILE=/etc/php/7.3/fpm/php-fpm.conf
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS="--daemonize --fpm-config $CONFFILE"
+CONF_PIDFILE=$(sed -n 's/^pid[ =]*//p' $CONFFILE)
+PIDFILE=${CONF_PIDFILE:-/run/php/php7.3-fpm.pid}
+TIMEOUT=30
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS 2>/dev/null \
+ || return 2
+ # Add code here, if necessary, that waits for the process to be ready
+ # to handle requests from services started subsequently which depend
+ # on this one. As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/TERM/5/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME
+ return 0
+}
+
+do_tmpfiles() {
+ local type path mode user group
+
+ [ "$1" != no ] && V=-v
+
+ TMPFILES=/usr/lib/tmpfiles.d/php7.3-fpm.conf
+
+ if [ -r "$TMPFILES" ]; then
+ while read type path mode user group age argument; do
+ if [ "$type" = "d" ]; then
+ mkdir $V -p "$path"
+ chmod $V "$mode" "$path"
+ chown $V "$user:$group" "$path"
+ fi
+ done < "$TMPFILES"
+ fi
+}
+
+case "$1" in
+ start)
+ if init_is_upstart; then
+ exit 1
+ fi
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_tmpfiles $VERBOSE
+ case "$?" in
+ 0)
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ 1) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ if init_is_upstart; then
+ exit 0
+ fi
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ reload|force-reload)
+ if init_is_upstart; then
+ exit 1
+ fi
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ reopen-logs)
+ log_daemon_msg "Reopening $DESC logs" $NAME
+ if start-stop-daemon --stop --signal USR1 --oknodo --quiet \
+ --pidfile $PIDFILE --exec $DAEMON
+ then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+ restart)
+ if init_is_upstart; then
+ exit 1
+ fi
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+:
--- /dev/null
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: spamassassin
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Should-Start: $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+### END INIT INFO
+
+# Spamd init script
+# June 2002
+# Duncan Findlay
+
+# Based on skeleton by Miquel van Smoorenburg and Ian Murdock
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/spamd
+NAME=spamd
+SNAME=spamassassin
+DESC="SpamAssassin Mail Filter Daemon"
+PIDFILE="/var/run/$NAME.pid"
+
+export TMPDIR=/tmp
+# Apparently people have trouble if this isn't explicitly set...
+
+# Defaults - don't touch, edit /etc/default/spamassassin
+OPTIONS=""
+NICE=
+
+. /lib/lsb/init-functions
+
+test -f /etc/default/spamassassin && . /etc/default/spamassassin
+
+DOPTIONS="-d --pidfile=$PIDFILE"
+
+# Note: check_enabled should go away as soon as possible after the
+# next stable release to complete the transition away from using
+# ENABLED=1 in /etc/default/spamassassin
+check_enabled() {
+ if [ "$ENABLED" = "0" ]; then
+ echo "$DESC: disabled, see /etc/default/spamassassin"
+ exit 0
+ fi
+}
+
+test -f $DAEMON || exit 0
+
+set -e
+
+case "$1" in
+ start)
+ check_enabled
+ echo -n "Starting $DESC: "
+ start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
+ $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
+ echo "$NAME."
+ ;;
+
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --pidfile $PIDFILE --name $NAME --oknodo
+ echo "$NAME."
+ ;;
+
+ reload|force-reload)
+ check_enabled
+ echo -n "Reloading $DESC: "
+ start-stop-daemon --stop --pidfile $PIDFILE --signal HUP --name $NAME
+ echo "$NAME."
+ ;;
+
+ restart)
+ check_enabled
+ echo -n "Restarting $DESC: "
+ start-stop-daemon --stop --pidfile $PIDFILE --name $NAME \
+ --retry 5 --oknodo
+ start-stop-daemon --start --pidfile $PIDFILE --name $NAME \
+ $NICE --oknodo --startas $DAEMON -- $OPTIONS $DOPTIONS
+
+ echo "$NAME."
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+ ;;
+ *)
+ N=/etc/init.d/$SNAME
+ echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/bash
+### BEGIN INIT INFO
+# Provides: uwsgi
+# Required-Start: $local_fs $remote_fs $network
+# Required-Stop: $local_fs $remote_fs $network
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start/stop uWSGI server instance(s)
+# Description: This script manages uWSGI server instance(s).
+# You could control specific instance(s) by issuing:
+#
+# service uwsgi <command> <confname> <confname> ...
+#
+# You can issue to init.d script following commands:
+# * start | starts daemon
+# * stop | stops daemon
+# * reload | sends to daemon SIGHUP signal
+# * force-reload | sends to daemon SIGTERM signal
+# * restart | issues 'stop', then 'start' commands
+# * status | shows status of daemon instance
+#
+# 'status' command must be issued with exactly one
+# argument: '<confname>'.
+#
+# In init.d script output:
+# * . -- command was executed without problems or instance
+# is already in needed state
+# * ! -- command failed (or executed with some problems)
+# * ? -- configuration file for this instance isn't found
+# and this instance is ignored
+#
+# For more details see /usr/share/doc/uwsgi/README.Debian.
+### END INIT INFO
+
+# Author: Leonid Borisenko <leo.borisenko@gmail.com>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="app server(s)"
+NAME="uwsgi"
+DAEMON="/usr/bin/uwsgi"
+SCRIPTNAME="/etc/init.d/${NAME}"
+
+UWSGI_CONFDIR="/etc/uwsgi"
+UWSGI_APPS_CONFDIR_SUFFIX="s-enabled"
+UWSGI_APPS_CONFDIR_GLOB="${UWSGI_CONFDIR}/app${UWSGI_APPS_CONFDIR_SUFFIX}"
+
+UWSGI_RUNDIR="/run/uwsgi"
+
+# Configuration namespace is used as name of runtime and log subdirectory.
+# uWSGI instances sharing the same app configuration directory also shares
+# the same runtime and log subdirectory.
+#
+# When init.d script cannot detect namespace for configuration file, default
+# namespace will be used.
+UWSGI_DEFAULT_CONFNAMESPACE=app
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Read configuration variable file if it is present
+[ -r "/etc/default/${NAME}" ] && . "/etc/default/${NAME}"
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+# Define supplementary functions
+. /usr/share/uwsgi/init/snippets
+. /usr/share/uwsgi/init/do_command
+
+WHAT=$1
+shift
+case "$WHAT" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_command "$WHAT" "$@"
+ RETVAL="$?"
+ [ "$VERBOSE" != no ] && log_end_msg "$RETVAL"
+ ;;
+
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_command "$WHAT" "$@"
+ RETVAL="$?"
+ [ "$VERBOSE" != no ] && log_end_msg "$RETVAL"
+ ;;
+
+ status)
+ if [ -z "$1" ]; then
+ [ "$VERBOSE" != no ] && log_failure_msg "which one?"
+ else
+ PIDFILE="$(
+ find_specific_pidfile "$(relative_path_to_conffile_with_spec "$1")"
+ )"
+ status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" \
+ && exit 0 \
+ || exit $?
+ fi
+ ;;
+
+ reload)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Reloading $DESC" "$NAME"
+ do_command "$WHAT" "$@"
+ RETVAL="$?"
+ [ "$VERBOSE" != no ] && log_end_msg "$RETVAL"
+ ;;
+
+ force-reload)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Forced reloading $DESC" "$NAME"
+ do_command "$WHAT" "$@"
+ RETVAL="$?"
+ [ "$VERBOSE" != no ] && log_end_msg "$RETVAL"
+ ;;
+
+ restart)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
+ CURRENT_VERBOSE=$VERBOSE
+ VERBOSE=no
+ do_command stop "$@"
+ VERBOSE=$CURRENT_VERBOSE
+ case "$?" in
+ 0)
+ do_command start "$@"
+ RETVAL="$?"
+ [ "$VERBOSE" != no ] && log_end_msg "$RETVAL"
+ ;;
+ *)
+ # Failed to stop
+ [ "$VERBOSE" != no ] && log_end_msg 1
+ ;;
+ esac
+ ;;
+
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 3
+ ;;
+esac
--- /dev/null
+# php7.3-fpm - The PHP FastCGI Process Manager
+
+description "The PHP 7.3 FastCGI Process Manager"
+author "Ondřej Surý <ondrej@debian.org>"
+
+start on runlevel [2345]
+stop on runlevel [016]
+
+# you can uncomment this with recent upstart
+# reload signal USR2
+
+pre-start script
+mkdir -p /run/php
+chmod 0755 /run/php
+chown www-data:www-data /run/php
+end script
+
+respawn
+exec /usr/sbin/php-fpm7.3 --nodaemonize --fpm-config /etc/php/7.3/fpm/php-fpm.conf
\ No newline at end of file
--- /dev/null
+#--------------------------------------------------------------------------
+# LDAP Schema for amavisd-new Jacques Supcik, PhD
+#----------------------------- IP-Plus Internet Services
+# Release 1.2.2 Swisscom Enterprise Solutions Ltd
+# 30 May 2004 3050 Bern - Switzerland
+#--------------------------------------------------------------------------
+# Copyright (c) 2004 Jacques Supcik, Swisscom Enterprise Solutions Ltd.
+# Permission is granted to copy, distribute and/or modify this document
+# under the terms of the GNU Free Documentation License, Version 1.2
+# or any later version published by the Free Software Foundation;
+# with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
+# A copy of the license is included in the section entitled "GNU
+# Free Documentation License".
+#--------------------------------------------------------------------------
+# Changes made to LDAP Schema to make it import and play nicely with
+# Novell NDS - Michael Tracey, SONOPRESS USA, LLC April 07 2005
+# ( uncomment each dn:, changetype:, add:, add X-NDS-NAME attribute, replace
+# "attributetype" by "attributetypes:" and "objectclasse" by "objectclasses:"
+# (plural,colon), and unwrap each attributetypes: and objectclasses: )
+#--------------------------------------------------------------------------
+# 1.3.6.1.4.1.15312 Jozef Stefan Institute's OID
+# 1.3.6.1.4.1.15312.2 amavisd-new
+# 1.3.6.1.4.1.15312.2.2 amavisd-new LDAP Elements
+# 1.3.6.1.4.1.15312.2.2.1 AttributeTypes
+# 1.3.6.1.4.1.15312.2.2.2 ObjectClasses
+# 1.3.6.1.4.1.15312.2.2.3 Syntax Definitions
+#--------------------------------------------------------------------------
+
+# Attribute Types
+#-----------------
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.1
+ NAME 'amavisVirusLover'
+ DESC 'Virus Lover'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.2
+ NAME 'amavisBannedFilesLover'
+ DESC 'Banned Files Lover'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.3
+ NAME 'amavisBypassVirusChecks'
+ DESC 'Bypass Virus Check'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.4
+ NAME 'amavisBypassSpamChecks'
+ DESC 'Bypass Spam Check'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.5
+ NAME 'amavisSpamTagLevel'
+ DESC 'Spam Tag Level'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.6
+ NAME 'amavisSpamTag2Level'
+ DESC 'Spam Tag2 Level'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.7
+ NAME 'amavisSpamKillLevel'
+ DESC 'Spam Kill Level'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.8
+ NAME 'amavisSpamModifiesSubj'
+ DESC 'Modifies Subject on spam - no longer in use since 2.7.0'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.9
+ NAME 'amavisWhitelistSender'
+ DESC 'White List Sender'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.10
+ NAME 'amavisBlacklistSender'
+ DESC 'Black List Sender'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.11
+ NAME 'amavisSpamQuarantineTo'
+ DESC 'Spam Quarantine to'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.12
+ NAME 'amavisSpamLover'
+ DESC 'Spam Lover'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.13
+ NAME 'amavisBadHeaderLover'
+ DESC 'Bad Header Lover'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.14
+ NAME 'amavisBypassBannedChecks'
+ DESC 'Bypass Banned Files Check'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.15
+ NAME 'amavisBypassHeaderChecks'
+ DESC 'Bypass Header Check'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.16
+ NAME 'amavisVirusQuarantineTo'
+ DESC 'Virus quarantine location'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.17
+ NAME 'amavisBannedQuarantineTo'
+ DESC 'Banned Files quarantine location'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.18
+ NAME 'amavisBadHeaderQuarantineTo'
+ DESC 'Bad Header quarantine location'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.19
+ NAME 'amavisLocal'
+ DESC 'Is user considered local'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.20
+ NAME 'amavisMessageSizeLimit'
+ DESC 'Message size limit'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.21
+ NAME 'amavisWarnVirusRecip'
+ DESC 'Notify virus recipients'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.22
+ NAME 'amavisWarnBannedRecip'
+ DESC 'Notify banned file recipients'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.23
+ NAME 'amavisWarnBadHeaderRecip'
+ DESC 'Notify bad header recipients'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.24
+ NAME 'amavisVirusAdmin'
+ DESC 'Virus admin'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.25
+ NAME 'amavisNewVirusAdmin'
+ DESC 'New virus admin'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.26
+ NAME 'amavisSpamAdmin'
+ DESC 'Spam admin'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.27
+ NAME 'amavisBannedAdmin'
+ DESC 'Banned file admin'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.28
+ NAME 'amavisBadHeaderAdmin'
+ DESC 'Bad header admin'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.29
+ NAME 'amavisBannedRuleNames'
+ DESC 'Banned rule names'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.30
+ NAME 'amavisSpamDsnCutoffLevel'
+ DESC 'Spam DSN Cutoff Level'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.31
+ NAME 'amavisSpamQuarantineCutoffLevel'
+ DESC 'Spam Quarantine Cutoff Level'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.32
+ NAME 'amavisSpamSubjectTag'
+ DESC 'Spam Subject Tag'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.33
+ NAME 'amavisSpamSubjectTag2'
+ DESC 'Spam Subject Tag2'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.34
+ NAME 'amavisArchiveQuarantineTo'
+ DESC 'Archive quarantine location'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.35
+ NAME 'amavisAddrExtensionVirus'
+ DESC 'Address Extension for Virus'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.36
+ NAME 'amavisAddrExtensionSpam'
+ DESC 'Address Extension for Spam'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.37
+ NAME 'amavisAddrExtensionBanned'
+ DESC 'Address Extension for Banned'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.38
+ NAME 'amavisAddrExtensionBadHeader'
+ DESC 'Address Extension for Bad Header'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+# NEW since 2.7.0:
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.39
+ NAME 'amavisSpamTag3Level'
+ DESC 'Spam Tag3 Level'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.40
+ NAME 'amavisSpamSubjectTag3'
+ DESC 'Spam Subject Tag3'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.41
+ NAME 'amavisUncheckedQuarantineTo'
+ DESC 'Virus quarantine location'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.42
+ NAME 'amavisCleanQuarantineTo'
+ DESC 'Clean quarantine location'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.43
+ NAME 'amavisUncheckedLover'
+ DESC 'Unchecked Files Lover'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.44
+ NAME 'amavisForwardMethod'
+ DESC 'Forward / next hop destination'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.45
+ NAME 'amavisSaUserConf'
+ DESC 'SpamAssassin user preferences configuration filename'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.46
+ NAME 'amavisSaUserName'
+ DESC 'SpamAssassin username (for Bayes and AWL lookups)'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.47
+ NAME 'amavisDisclaimerOptions'
+ DESC 'Altermime disclaimer map data'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+
+# Classes
+#---------
+
+# amavisAccount
+# This class is an auxiliary class, this mean that the class will be added
+# to a structural class. Usually, the structural class is the class that
+# represent the mail account itself (e.g. an inetOrgPerson)
+
+#dn: cn=schema
+#changetype: modify
+#add: objectclasses
+objectclass ( 1.3.6.1.4.1.15312.2.2.2.1
+ NAME 'amavisAccount' AUXILIARY
+ DESC 'Amavisd Account'
+ SUP top
+ MAY ( amavisVirusLover $ amavisBypassVirusChecks $
+ amavisSpamLover $ amavisBypassSpamChecks $
+ amavisBannedFilesLover $ amavisBypassBannedChecks $
+ amavisBadHeaderLover $ amavisBypassHeaderChecks $
+ amavisSpamTagLevel $ amavisSpamTag2Level $ amavisSpamKillLevel $
+ amavisWhitelistSender $ amavisBlacklistSender $
+ amavisSpamQuarantineTo $ amavisVirusQuarantineTo $
+ amavisBannedQuarantineTo $ amavisBadHeaderQuarantineTo $
+ amavisArchiveQuarantineTo $
+ amavisSpamModifiesSubj $ amavisLocal $ amavisMessageSizeLimit $
+ amavisWarnVirusRecip $ amavisWarnBannedRecip $
+ amavisWarnBadHeaderRecip $ amavisVirusAdmin $ amavisNewVirusAdmin $
+ amavisSpamAdmin $ amavisBannedAdmin $ amavisBadHeaderAdmin $
+ amavisBannedRuleNames $
+ amavisSpamDsnCutoffLevel $ amavisSpamQuarantineCutoffLevel $
+ amavisSpamSubjectTag $ amavisSpamSubjectTag2 $
+ amavisAddrExtensionVirus $ amavisAddrExtensionSpam $
+ amavisAddrExtensionBanned $ amavisAddrExtensionBadHeader $
+ amavisSpamTag3Level $ amavisSpamSubjectTag3 $
+ amavisUncheckedQuarantineTo $ amavisCleanQuarantineTo $
+ amavisUncheckedLover $ amavisForwardMethod $
+ amavisSaUserConf $ amavisSaUserName $ amavisDisclaimerOptions $
+ cn $ description ) )
+
+#--------------------------------------------------------------------------
+#
+# GNU Free Documentation License
+# Version 1.2, November 2002
+#
+#
+# Copyright (C) 2000,2001,2002 Free Software Foundation, Inc.
+# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# Everyone is permitted to copy and distribute verbatim copies
+# of this license document, but changing it is not allowed.
+#
+#
+# 0. PREAMBLE
+#
+# The purpose of this License is to make a manual, textbook, or other
+# functional and useful document "free" in the sense of freedom: to
+# assure everyone the effective freedom to copy and redistribute it,
+# with or without modifying it, either commercially or noncommercially.
+# Secondarily, this License preserves for the author and publisher a way
+# to get credit for their work, while not being considered responsible
+# for modifications made by others.
+#
+# This License is a kind of "copyleft", which means that derivative
+# works of the document must themselves be free in the same sense. It
+# complements the GNU General Public License, which is a copyleft
+# license designed for free software.
+#
+# We have designed this License in order to use it for manuals for free
+# software, because free software needs free documentation: a free
+# program should come with manuals providing the same freedoms that the
+# software does. But this License is not limited to software manuals;
+# it can be used for any textual work, regardless of subject matter or
+# whether it is published as a printed book. We recommend this License
+# principally for works whose purpose is instruction or reference.
+#
+#
+# 1. APPLICABILITY AND DEFINITIONS
+#
+# This License applies to any manual or other work, in any medium, that
+# contains a notice placed by the copyright holder saying it can be
+# distributed under the terms of this License. Such a notice grants a
+# world-wide, royalty-free license, unlimited in duration, to use that
+# work under the conditions stated herein. The "Document", below,
+# refers to any such manual or work. Any member of the public is a
+# licensee, and is addressed as "you". You accept the license if you
+# copy, modify or distribute the work in a way requiring permission
+# under copyright law.
+#
+# A "Modified Version" of the Document means any work containing the
+# Document or a portion of it, either copied verbatim, or with
+# modifications and/or translated into another language.
+#
+# A "Secondary Section" is a named appendix or a front-matter section of
+# the Document that deals exclusively with the relationship of the
+# publishers or authors of the Document to the Document's overall subject
+# (or to related matters) and contains nothing that could fall directly
+# within that overall subject. (Thus, if the Document is in part a
+# textbook of mathematics, a Secondary Section may not explain any
+# mathematics.) The relationship could be a matter of historical
+# connection with the subject or with related matters, or of legal,
+# commercial, philosophical, ethical or political position regarding
+# them.
+#
+# The "Invariant Sections" are certain Secondary Sections whose titles
+# are designated, as being those of Invariant Sections, in the notice
+# that says that the Document is released under this License. If a
+# section does not fit the above definition of Secondary then it is not
+# allowed to be designated as Invariant. The Document may contain zero
+# Invariant Sections. If the Document does not identify any Invariant
+# Sections then there are none.
+#
+# The "Cover Texts" are certain short passages of text that are listed,
+# as Front-Cover Texts or Back-Cover Texts, in the notice that says that
+# the Document is released under this License. A Front-Cover Text may
+# be at most 5 words, and a Back-Cover Text may be at most 25 words.
+#
+# A "Transparent" copy of the Document means a machine-readable copy,
+# represented in a format whose specification is available to the
+# general public, that is suitable for revising the document
+# straightforwardly with generic text editors or (for images composed of
+# pixels) generic paint programs or (for drawings) some widely available
+# drawing editor, and that is suitable for input to text formatters or
+# for automatic translation to a variety of formats suitable for input
+# to text formatters. A copy made in an otherwise Transparent file
+# format whose markup, or absence of markup, has been arranged to thwart
+# or discourage subsequent modification by readers is not Transparent.
+# An image format is not Transparent if used for any substantial amount
+# of text. A copy that is not "Transparent" is called "Opaque".
+#
+# Examples of suitable formats for Transparent copies include plain
+# ASCII without markup, Texinfo input format, LaTeX input format, SGML
+# or XML using a publicly available DTD, and standard-conforming simple
+# HTML, PostScript or PDF designed for human modification. Examples of
+# transparent image formats include PNG, XCF and JPG. Opaque formats
+# include proprietary formats that can be read and edited only by
+# proprietary word processors, SGML or XML for which the DTD and/or
+# processing tools are not generally available, and the
+# machine-generated HTML, PostScript or PDF produced by some word
+# processors for output purposes only.
+#
+# The "Title Page" means, for a printed book, the title page itself,
+# plus such following pages as are needed to hold, legibly, the material
+# this License requires to appear in the title page. For works in
+# formats which do not have any title page as such, "Title Page" means
+# the text near the most prominent appearance of the work's title,
+# preceding the beginning of the body of the text.
+#
+# A section "Entitled XYZ" means a named subunit of the Document whose
+# title either is precisely XYZ or contains XYZ in parentheses following
+# text that translates XYZ in another language. (Here XYZ stands for a
+# specific section name mentioned below, such as "Acknowledgements",
+# "Dedications", "Endorsements", or "History".) To "Preserve the Title"
+# of such a section when you modify the Document means that it remains a
+# section "Entitled XYZ" according to this definition.
+#
+# The Document may include Warranty Disclaimers next to the notice which
+# states that this License applies to the Document. These Warranty
+# Disclaimers are considered to be included by reference in this
+# License, but only as regards disclaiming warranties: any other
+# implication that these Warranty Disclaimers may have is void and has
+# no effect on the meaning of this License.
+#
+#
+# 2. VERBATIM COPYING
+#
+# You may copy and distribute the Document in any medium, either
+# commercially or noncommercially, provided that this License, the
+# copyright notices, and the license notice saying this License applies
+# to the Document are reproduced in all copies, and that you add no other
+# conditions whatsoever to those of this License. You may not use
+# technical measures to obstruct or control the reading or further
+# copying of the copies you make or distribute. However, you may accept
+# compensation in exchange for copies. If you distribute a large enough
+# number of copies you must also follow the conditions in section 3.
+#
+# You may also lend copies, under the same conditions stated above, and
+# you may publicly display copies.
+#
+#
+# 3. COPYING IN QUANTITY
+#
+# If you publish printed copies (or copies in media that commonly have
+# printed covers) of the Document, numbering more than 100, and the
+# Document's license notice requires Cover Texts, you must enclose the
+# copies in covers that carry, clearly and legibly, all these Cover
+# Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on
+# the back cover. Both covers must also clearly and legibly identify
+# you as the publisher of these copies. The front cover must present
+# the full title with all words of the title equally prominent and
+# visible. You may add other material on the covers in addition.
+# Copying with changes limited to the covers, as long as they preserve
+# the title of the Document and satisfy these conditions, can be treated
+# as verbatim copying in other respects.
+#
+# If the required texts for either cover are too voluminous to fit
+# legibly, you should put the first ones listed (as many as fit
+# reasonably) on the actual cover, and continue the rest onto adjacent
+# pages.
+#
+# If you publish or distribute Opaque copies of the Document numbering
+# more than 100, you must either include a machine-readable Transparent
+# copy along with each Opaque copy, or state in or with each Opaque copy
+# a computer-network location from which the general network-using
+# public has access to download using public-standard network protocols
+# a complete Transparent copy of the Document, free of added material.
+# If you use the latter option, you must take reasonably prudent steps,
+# when you begin distribution of Opaque copies in quantity, to ensure
+# that this Transparent copy will remain thus accessible at the stated
+# location until at least one year after the last time you distribute an
+# Opaque copy (directly or through your agents or retailers) of that
+# edition to the public.
+#
+# It is requested, but not required, that you contact the authors of the
+# Document well before redistributing any large number of copies, to give
+# them a chance to provide you with an updated version of the Document.
+#
+#
+# 4. MODIFICATIONS
+#
+# You may copy and distribute a Modified Version of the Document under
+# the conditions of sections 2 and 3 above, provided that you release
+# the Modified Version under precisely this License, with the Modified
+# Version filling the role of the Document, thus licensing distribution
+# and modification of the Modified Version to whoever possesses a copy
+# of it. In addition, you must do these things in the Modified Version:
+#
+# A. Use in the Title Page (and on the covers, if any) a title distinct
+# from that of the Document, and from those of previous versions
+# (which should, if there were any, be listed in the History section
+# of the Document). You may use the same title as a previous version
+# if the original publisher of that version gives permission.
+# B. List on the Title Page, as authors, one or more persons or entities
+# responsible for authorship of the modifications in the Modified
+# Version, together with at least five of the principal authors of the
+# Document (all of its principal authors, if it has fewer than five),
+# unless they release you from this requirement.
+# C. State on the Title page the name of the publisher of the
+# Modified Version, as the publisher.
+# D. Preserve all the copyright notices of the Document.
+# E. Add an appropriate copyright notice for your modifications
+# adjacent to the other copyright notices.
+# F. Include, immediately after the copyright notices, a license notice
+# giving the public permission to use the Modified Version under the
+# terms of this License, in the form shown in the Addendum below.
+# G. Preserve in that license notice the full lists of Invariant Sections
+# and required Cover Texts given in the Document's license notice.
+# H. Include an unaltered copy of this License.
+# I. Preserve the section Entitled "History", Preserve its Title, and add
+# to it an item stating at least the title, year, new authors, and
+# publisher of the Modified Version as given on the Title Page. If
+# there is no section Entitled "History" in the Document, create one
+# stating the title, year, authors, and publisher of the Document as
+# given on its Title Page, then add an item describing the Modified
+# Version as stated in the previous sentence.
+# J. Preserve the network location, if any, given in the Document for
+# public access to a Transparent copy of the Document, and likewise
+# the network locations given in the Document for previous versions
+# it was based on. These may be placed in the "History" section.
+# You may omit a network location for a work that was published at
+# least four years before the Document itself, or if the original
+# publisher of the version it refers to gives permission.
+# K. For any section Entitled "Acknowledgements" or "Dedications",
+# Preserve the Title of the section, and preserve in the section all
+# the substance and tone of each of the contributor acknowledgements
+# and/or dedications given therein.
+# L. Preserve all the Invariant Sections of the Document,
+# unaltered in their text and in their titles. Section numbers
+# or the equivalent are not considered part of the section titles.
+# M. Delete any section Entitled "Endorsements". Such a section
+# may not be included in the Modified Version.
+# N. Do not retitle any existing section to be Entitled "Endorsements"
+# or to conflict in title with any Invariant Section.
+# O. Preserve any Warranty Disclaimers.
+#
+# If the Modified Version includes new front-matter sections or
+# appendices that qualify as Secondary Sections and contain no material
+# copied from the Document, you may at your option designate some or all
+# of these sections as invariant. To do this, add their titles to the
+# list of Invariant Sections in the Modified Version's license notice.
+# These titles must be distinct from any other section titles.
+#
+# You may add a section Entitled "Endorsements", provided it contains
+# nothing but endorsements of your Modified Version by various
+# parties--for example, statements of peer review or that the text has
+# been approved by an organization as the authoritative definition of a
+# standard.
+#
+# You may add a passage of up to five words as a Front-Cover Text, and a
+# passage of up to 25 words as a Back-Cover Text, to the end of the list
+# of Cover Texts in the Modified Version. Only one passage of
+# Front-Cover Text and one of Back-Cover Text may be added by (or
+# through arrangements made by) any one entity. If the Document already
+# includes a cover text for the same cover, previously added by you or
+# by arrangement made by the same entity you are acting on behalf of,
+# you may not add another; but you may replace the old one, on explicit
+# permission from the previous publisher that added the old one.
+#
+# The author(s) and publisher(s) of the Document do not by this License
+# give permission to use their names for publicity for or to assert or
+# imply endorsement of any Modified Version.
+#
+#
+# 5. COMBINING DOCUMENTS
+#
+# You may combine the Document with other documents released under this
+# License, under the terms defined in section 4 above for modified
+# versions, provided that you include in the combination all of the
+# Invariant Sections of all of the original documents, unmodified, and
+# list them all as Invariant Sections of your combined work in its
+# license notice, and that you preserve all their Warranty Disclaimers.
+#
+# The combined work need only contain one copy of this License, and
+# multiple identical Invariant Sections may be replaced with a single
+# copy. If there are multiple Invariant Sections with the same name but
+# different contents, make the title of each such section unique by
+# adding at the end of it, in parentheses, the name of the original
+# author or publisher of that section if known, or else a unique number.
+# Make the same adjustment to the section titles in the list of
+# Invariant Sections in the license notice of the combined work.
+#
+# In the combination, you must combine any sections Entitled "History"
+# in the various original documents, forming one section Entitled
+# "History"; likewise combine any sections Entitled "Acknowledgements",
+# and any sections Entitled "Dedications". You must delete all sections
+# Entitled "Endorsements".
+#
+#
+# 6. COLLECTIONS OF DOCUMENTS
+#
+# You may make a collection consisting of the Document and other documents
+# released under this License, and replace the individual copies of this
+# License in the various documents with a single copy that is included in
+# the collection, provided that you follow the rules of this License for
+# verbatim copying of each of the documents in all other respects.
+#
+# You may extract a single document from such a collection, and distribute
+# it individually under this License, provided you insert a copy of this
+# License into the extracted document, and follow this License in all
+# other respects regarding verbatim copying of that document.
+#
+#
+# 7. AGGREGATION WITH INDEPENDENT WORKS
+#
+# A compilation of the Document or its derivatives with other separate
+# and independent documents or works, in or on a volume of a storage or
+# distribution medium, is called an "aggregate" if the copyright
+# resulting from the compilation is not used to limit the legal rights
+# of the compilation's users beyond what the individual works permit.
+# When the Document is included in an aggregate, this License does not
+# apply to the other works in the aggregate which are not themselves
+# derivative works of the Document.
+#
+# If the Cover Text requirement of section 3 is applicable to these
+# copies of the Document, then if the Document is less than one half of
+# the entire aggregate, the Document's Cover Texts may be placed on
+# covers that bracket the Document within the aggregate, or the
+# electronic equivalent of covers if the Document is in electronic form.
+# Otherwise they must appear on printed covers that bracket the whole
+# aggregate.
+#
+#
+# 8. TRANSLATION
+#
+# Translation is considered a kind of modification, so you may
+# distribute translations of the Document under the terms of section 4.
+# Replacing Invariant Sections with translations requires special
+# permission from their copyright holders, but you may include
+# translations of some or all Invariant Sections in addition to the
+# original versions of these Invariant Sections. You may include a
+# translation of this License, and all the license notices in the
+# Document, and any Warranty Disclaimers, provided that you also include
+# the original English version of this License and the original versions
+# of those notices and disclaimers. In case of a disagreement between
+# the translation and the original version of this License or a notice
+# or disclaimer, the original version will prevail.
+#
+# If a section in the Document is Entitled "Acknowledgements",
+# "Dedications", or "History", the requirement (section 4) to Preserve
+# its Title (section 1) will typically require changing the actual
+# title.
+#
+#
+# 9. TERMINATION
+#
+# You may not copy, modify, sublicense, or distribute the Document except
+# as expressly provided for under this License. Any other attempt to
+# copy, modify, sublicense or distribute the Document is void, and will
+# automatically terminate your rights under this License. However,
+# parties who have received copies, or rights, from you under this
+# License will not have their licenses terminated so long as such
+# parties remain in full compliance.
+#
+#
+# 10. FUTURE REVISIONS OF THIS LICENSE
+#
+# The Free Software Foundation may publish new, revised versions
+# of the GNU Free Documentation License from time to time. Such new
+# versions will be similar in spirit to the present version, but may
+# differ in detail to address new problems or concerns. See
+# http://www.gnu.org/copyleft/.
+#
+# Each version of the License is given a distinguishing version number.
+# If the Document specifies that a particular numbered version of this
+# License "or any later version" applies to it, you have the option of
+# following the terms and conditions either of that specified version or
+# of any later version that has been published (not as a draft) by the
+# Free Software Foundation. If the Document does not specify a version
+# number of this License, you may choose any version ever published (not
+# as a draft) by the Free Software Foundation.
--- /dev/null
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: SelfCheck: Database status OK\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: Reading databases from .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: Database correctly reloaded \([0-9]+ signatures\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: SIGHUP caught: re-opening log file\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: No stats for Database check - forcing reload$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: SelfCheck: Database modification detected\. Forcing reload\.$
--- /dev/null
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: .* (FOUND|OK)$
--- /dev/null
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: ClamAV update process started at .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Received signal: (wake up|re-opening log file)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (bytecode|daily|main)\.c(l|v)d (is up to date|updated) \(version: [0-9]+, sigs: [0-9]+, f-level: [0-9]+, builder: \w+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Clamd successfully notified about the update\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: --------------------------------------$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Database updated \([0-9]+ signatures\) from .* \(IP: [0-9.]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Downloading daily-[0-9]+.cdiff \[100%\] ?$
--- /dev/null
+/var/log/clamav/clamav.log {
+ rotate 12
+ weekly
+ compress
+ delaycompress
+ create 640 clamav adm
+ postrotate
+ if [ -d /run/systemd/system ]; then
+ systemctl -q is-active clamav-daemon && systemctl kill --signal=SIGHUP clamav-daemon || true
+ else
+ invoke-rc.d clamav-daemon reload-log > /dev/null || true
+ fi
+ endscript
+ }
--- /dev/null
+/var/log/clamav/freshclam.log {
+ rotate 12
+ weekly
+ compress
+ delaycompress
+ missingok
+ create 640 clamav adm
+ postrotate
+ if [ -d /run/systemd/system ]; then
+ systemctl -q is-active clamav-freshclam && systemctl kill --signal=SIGHUP clamav-freshclam || true
+ else
+ invoke-rc.d clamav-freshclam reload-log > /dev/null || true
+ fi
+ endscript
+ }
--- /dev/null
+/var/log/nginx/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 0640 www-data adm
+ sharedscripts
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+ run-parts /etc/logrotate.d/httpd-prerotate; \
+ fi \
+ endscript
+ postrotate
+ invoke-rc.d nginx rotate >/dev/null 2>&1
+ endscript
+}
--- /dev/null
+/var/log/php7.3-fpm.log {
+ rotate 12
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ postrotate
+ /usr/lib/php/php7.3-fpm-reopenlogs
+ endscript
+}
--- /dev/null
+"/var/log/uwsgi/*.log" "/var/log/uwsgi/app/*.log" {
+ copytruncate
+ daily
+ rotate 5
+ compress
+ delaycompress
+ missingok
+ notifempty
+}
--- /dev/null
+../spamassassin
\ No newline at end of file
text/x-c; vim %s; needsterminal
text/x-c++; vim %s; needsterminal
text/plain; view %s; edit=vim %s; compose=vim %s; test=test -x /usr/bin/vim; needsterminal
+application/zip; unzip -l %s; nametemplate=%s.zip; copiousoutput
text/plain; view %s; edit=vi %s; compose=vi %s; needsterminal
application/x-troff-man; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page
text/troff; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page
|_| |_|\___|_|\__, |\__,_|
|___/
-Manche Menschen macht man durch die größten Wohltaten nicht so warm
-als durch das kleinste Lob.
- -- Jean Paul
+Mathematik, die auf Konviktion, Überführung ausgeht, weshalb
+gute Köpfe sich an ihr ärgern.
+ -- Goethe, Maximen und Reflektionen, Nr. 1339
Today is Pungenday, the 25th day of Discord in the YOLD 3187
--- /dev/null
+#!/bin/sh
+# 2004-01-25, Thomas Lamy <thomas.lamy@in-online.net>
+# From Magnus Ekdahl's <magnus@debian.org> clamav-freshclam-handledaemon(8)
+
+set -e
+
+[ -e /var/lib/clamav/interface ] || exit 0
+
+INIT=invoke-rc.d clamav-freshclam
+CLAMAV_CONF_FILE=/etc/clamav/clamd.conf
+FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf
+
+INTERNETIFACE=`cat /var/lib/clamav/interface`
+
+if grep -q freshclam /proc/*/stat 2>/dev/null; then
+ IS_RUNNING=true
+else
+ IS_RUNNING=false
+fi
+
+# $IFACE is set by ifup/down, $PPP_IFACE by pppd
+[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE
+
+# This is sloppy - woody's pppd exports variables, while sid's passes them as
+# arguments and exports them.
+
+if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd
+ shift 6 # and we already know the interface
+fi # Dump the arguments passed.
+
+if [ -z "$1" ]; then
+ case $(dirname "$0") in
+ */if-up.d|*/ip-up.d)
+ # Short circuit and exit early if freshclam is already running
+ [ "$IS_RUNNING" = 'true' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=start
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ */if-down.d|*/ip-down.d)
+ # Short circuit and exit early if freshclam is not already running
+ [ "$IS_RUNNING" = 'false' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=stop
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ *)
+ FMODE=skip
+ ;;
+ esac
+else
+ FMODE="$1"
+fi
+
+case "$FMODE" in
+ start|stop)
+ IFACE="$IFACE" $INIT $FMODE
+ ;;
+ skip)
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|skip}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
--- /dev/null
+#!/bin/sh
+# 2004-01-25, Thomas Lamy <thomas.lamy@in-online.net>
+# From Magnus Ekdahl's <magnus@debian.org> clamav-freshclam-handledaemon(8)
+
+set -e
+
+[ -e /var/lib/clamav/interface ] || exit 0
+
+INIT=invoke-rc.d clamav-freshclam
+CLAMAV_CONF_FILE=/etc/clamav/clamd.conf
+FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf
+
+INTERNETIFACE=`cat /var/lib/clamav/interface`
+
+if grep -q freshclam /proc/*/stat 2>/dev/null; then
+ IS_RUNNING=true
+else
+ IS_RUNNING=false
+fi
+
+# $IFACE is set by ifup/down, $PPP_IFACE by pppd
+[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE
+
+# This is sloppy - woody's pppd exports variables, while sid's passes them as
+# arguments and exports them.
+
+if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd
+ shift 6 # and we already know the interface
+fi # Dump the arguments passed.
+
+if [ -z "$1" ]; then
+ case $(dirname "$0") in
+ */if-up.d|*/ip-up.d)
+ # Short circuit and exit early if freshclam is already running
+ [ "$IS_RUNNING" = 'true' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=start
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ */if-down.d|*/ip-down.d)
+ # Short circuit and exit early if freshclam is not already running
+ [ "$IS_RUNNING" = 'false' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=stop
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ *)
+ FMODE=skip
+ ;;
+ esac
+else
+ FMODE="$1"
+fi
+
+case "$FMODE" in
+ start|stop)
+ IFACE="$IFACE" $INIT $FMODE
+ ;;
+ skip)
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|skip}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
--- /dev/null
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0;
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ }
+ chain output {
+ type filter hook output priority 0;
+ }
+}
--- /dev/null
+
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
--- /dev/null
+
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
--- /dev/null
+
+# This map is not a full koi8-r <> utf8 map: it does not contain
+# box-drawing and some other characters. Besides this map contains
+# several koi8-u and Byelorussian letters which are not in koi8-r.
+# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
+# map instead.
+
+charset_map koi8-r utf-8 {
+
+ 80 E282AC ; # euro
+
+ 95 E280A2 ; # bullet
+
+ 9A C2A0 ; #
+
+ 9E C2B7 ; # ·
+
+ A3 D191 ; # small yo
+ A4 D194 ; # small Ukrainian ye
+
+ A6 D196 ; # small Ukrainian i
+ A7 D197 ; # small Ukrainian yi
+
+ AD D291 ; # small Ukrainian soft g
+ AE D19E ; # small Byelorussian short u
+
+ B0 C2B0 ; # °
+
+ B3 D081 ; # capital YO
+ B4 D084 ; # capital Ukrainian YE
+
+ B6 D086 ; # capital Ukrainian I
+ B7 D087 ; # capital Ukrainian YI
+
+ B9 E28496 ; # numero sign
+
+ BD D290 ; # capital Ukrainian soft G
+ BE D18E ; # capital Byelorussian short U
+
+ BF C2A9 ; # (C)
+
+ C0 D18E ; # small yu
+ C1 D0B0 ; # small a
+ C2 D0B1 ; # small b
+ C3 D186 ; # small ts
+ C4 D0B4 ; # small d
+ C5 D0B5 ; # small ye
+ C6 D184 ; # small f
+ C7 D0B3 ; # small g
+ C8 D185 ; # small kh
+ C9 D0B8 ; # small i
+ CA D0B9 ; # small j
+ CB D0BA ; # small k
+ CC D0BB ; # small l
+ CD D0BC ; # small m
+ CE D0BD ; # small n
+ CF D0BE ; # small o
+
+ D0 D0BF ; # small p
+ D1 D18F ; # small ya
+ D2 D180 ; # small r
+ D3 D181 ; # small s
+ D4 D182 ; # small t
+ D5 D183 ; # small u
+ D6 D0B6 ; # small zh
+ D7 D0B2 ; # small v
+ D8 D18C ; # small soft sign
+ D9 D18B ; # small y
+ DA D0B7 ; # small z
+ DB D188 ; # small sh
+ DC D18D ; # small e
+ DD D189 ; # small shch
+ DE D187 ; # small ch
+ DF D18A ; # small hard sign
+
+ E0 D0AE ; # capital YU
+ E1 D090 ; # capital A
+ E2 D091 ; # capital B
+ E3 D0A6 ; # capital TS
+ E4 D094 ; # capital D
+ E5 D095 ; # capital YE
+ E6 D0A4 ; # capital F
+ E7 D093 ; # capital G
+ E8 D0A5 ; # capital KH
+ E9 D098 ; # capital I
+ EA D099 ; # capital J
+ EB D09A ; # capital K
+ EC D09B ; # capital L
+ ED D09C ; # capital M
+ EE D09D ; # capital N
+ EF D09E ; # capital O
+
+ F0 D09F ; # capital P
+ F1 D0AF ; # capital YA
+ F2 D0A0 ; # capital R
+ F3 D0A1 ; # capital S
+ F4 D0A2 ; # capital T
+ F5 D0A3 ; # capital U
+ F6 D096 ; # capital ZH
+ F7 D092 ; # capital V
+ F8 D0AC ; # capital soft sign
+ F9 D0AB ; # capital Y
+ FA D097 ; # capital Z
+ FB D0A8 ; # capital SH
+ FC D0AD ; # capital E
+ FD D0A9 ; # capital SHCH
+ FE D0A7 ; # capital CH
+ FF D0AA ; # capital hard sign
+}
--- /dev/null
+
+charset_map koi8-r windows-1251 {
+
+ 80 88 ; # euro
+
+ 95 95 ; # bullet
+
+ 9A A0 ; #
+
+ 9E B7 ; # ·
+
+ A3 B8 ; # small yo
+ A4 BA ; # small Ukrainian ye
+
+ A6 B3 ; # small Ukrainian i
+ A7 BF ; # small Ukrainian yi
+
+ AD B4 ; # small Ukrainian soft g
+ AE A2 ; # small Byelorussian short u
+
+ B0 B0 ; # °
+
+ B3 A8 ; # capital YO
+ B4 AA ; # capital Ukrainian YE
+
+ B6 B2 ; # capital Ukrainian I
+ B7 AF ; # capital Ukrainian YI
+
+ B9 B9 ; # numero sign
+
+ BD A5 ; # capital Ukrainian soft G
+ BE A1 ; # capital Byelorussian short U
+
+ BF A9 ; # (C)
+
+ C0 FE ; # small yu
+ C1 E0 ; # small a
+ C2 E1 ; # small b
+ C3 F6 ; # small ts
+ C4 E4 ; # small d
+ C5 E5 ; # small ye
+ C6 F4 ; # small f
+ C7 E3 ; # small g
+ C8 F5 ; # small kh
+ C9 E8 ; # small i
+ CA E9 ; # small j
+ CB EA ; # small k
+ CC EB ; # small l
+ CD EC ; # small m
+ CE ED ; # small n
+ CF EE ; # small o
+
+ D0 EF ; # small p
+ D1 FF ; # small ya
+ D2 F0 ; # small r
+ D3 F1 ; # small s
+ D4 F2 ; # small t
+ D5 F3 ; # small u
+ D6 E6 ; # small zh
+ D7 E2 ; # small v
+ D8 FC ; # small soft sign
+ D9 FB ; # small y
+ DA E7 ; # small z
+ DB F8 ; # small sh
+ DC FD ; # small e
+ DD F9 ; # small shch
+ DE F7 ; # small ch
+ DF FA ; # small hard sign
+
+ E0 DE ; # capital YU
+ E1 C0 ; # capital A
+ E2 C1 ; # capital B
+ E3 D6 ; # capital TS
+ E4 C4 ; # capital D
+ E5 C5 ; # capital YE
+ E6 D4 ; # capital F
+ E7 C3 ; # capital G
+ E8 D5 ; # capital KH
+ E9 C8 ; # capital I
+ EA C9 ; # capital J
+ EB CA ; # capital K
+ EC CB ; # capital L
+ ED CC ; # capital M
+ EE CD ; # capital N
+ EF CE ; # capital O
+
+ F0 CF ; # capital P
+ F1 DF ; # capital YA
+ F2 D0 ; # capital R
+ F3 D1 ; # capital S
+ F4 D2 ; # capital T
+ F5 D3 ; # capital U
+ F6 C6 ; # capital ZH
+ F7 C2 ; # capital V
+ F8 DC ; # capital soft sign
+ F9 DB ; # capital Y
+ FA C7 ; # capital Z
+ FB D8 ; # capital SH
+ FC DD ; # capital E
+ FD D9 ; # capital SHCH
+ FE D7 ; # capital CH
+ FF DA ; # capital hard sign
+}
--- /dev/null
+
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+ image/svg+xml svg svgz;
+ image/webp webp;
+
+ application/font-woff woff;
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.wap.wmlc wmlc;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-auth-pam.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-dav-ext.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-echo.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-geoip.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-image-filter.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-subs-filter.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-upstream-fair.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-xslt-filter.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-mail.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-stream.conf
\ No newline at end of file
--- /dev/null
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ # server_tokens off;
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ ##
+ # SSL Settings
+ ##
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ ssl_prefer_server_ciphers on;
+
+ ##
+ # Logging Settings
+ ##
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ ##
+ # Gzip Settings
+ ##
+
+ gzip on;
+
+ # gzip_vary on;
+ # gzip_proxied any;
+ # gzip_comp_level 6;
+ # gzip_buffers 16 8k;
+ # gzip_http_version 1.1;
+ # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
--- /dev/null
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
--- /dev/null
+
+scgi_param REQUEST_METHOD $request_method;
+scgi_param REQUEST_URI $request_uri;
+scgi_param QUERY_STRING $query_string;
+scgi_param CONTENT_TYPE $content_type;
+
+scgi_param DOCUMENT_URI $document_uri;
+scgi_param DOCUMENT_ROOT $document_root;
+scgi_param SCGI 1;
+scgi_param SERVER_PROTOCOL $server_protocol;
+scgi_param REQUEST_SCHEME $scheme;
+scgi_param HTTPS $https if_not_empty;
+
+scgi_param REMOTE_ADDR $remote_addr;
+scgi_param REMOTE_PORT $remote_port;
+scgi_param SERVER_PORT $server_port;
+scgi_param SERVER_NAME $server_name;
--- /dev/null
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ # SSL configuration
+ #
+ # listen 443 ssl default_server;
+ # listen [::]:443 ssl default_server;
+ #
+ # Note: You should disable gzip for SSL traffic.
+ # See: https://bugs.debian.org/773332
+ #
+ # Read up on ssl_ciphers to ensure a secure configuration.
+ # See: https://bugs.debian.org/765782
+ #
+ # Self signed certs generated by the ssl-cert package
+ # Don't use them in a production server!
+ #
+ # include snippets/snakeoil.conf;
+
+ root /var/www/html;
+
+ # Add index.php to the list if you are using PHP
+ index index.html index.htm index.nginx-debian.html;
+
+ server_name _;
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ }
+
+ # pass PHP scripts to FastCGI server
+ #
+ #location ~ \.php$ {
+ # include snippets/fastcgi-php.conf;
+ #
+ # # With php-fpm (or other unix sockets):
+ # fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+ # # With php-cgi (or other tcp sockets):
+ # fastcgi_pass 127.0.0.1:9000;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+# listen 80;
+# listen [::]:80;
+#
+# server_name example.com;
+#
+# root /var/www/example.com;
+# index index.html;
+#
+# location / {
+# try_files $uri $uri/ =404;
+# }
+#}
--- /dev/null
+/etc/nginx/sites-available/default
\ No newline at end of file
--- /dev/null
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+# Check that the PHP script exists before passing it
+try_files $fastcgi_script_name =404;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: http://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+fastcgi_index index.php;
+include fastcgi.conf;
--- /dev/null
+# Self signed certificates generated by the ssl-cert package
+# Don't use them in a production server!
+
+ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
--- /dev/null
+
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
--- /dev/null
+# This map is not a full windows-1251 <> utf8 map: it does not
+# contain Serbian and Macedonian letters. If you need a full map,
+# use contrib/unicode2nginx/win-utf map instead.
+
+charset_map windows-1251 utf-8 {
+
+ 82 E2809A; # single low-9 quotation mark
+
+ 84 E2809E; # double low-9 quotation mark
+ 85 E280A6; # ellipsis
+ 86 E280A0; # dagger
+ 87 E280A1; # double dagger
+ 88 E282AC; # euro
+ 89 E280B0; # per mille
+
+ 91 E28098; # left single quotation mark
+ 92 E28099; # right single quotation mark
+ 93 E2809C; # left double quotation mark
+ 94 E2809D; # right double quotation mark
+ 95 E280A2; # bullet
+ 96 E28093; # en dash
+ 97 E28094; # em dash
+
+ 99 E284A2; # trade mark sign
+
+ A0 C2A0; #
+ A1 D18E; # capital Byelorussian short U
+ A2 D19E; # small Byelorussian short u
+
+ A4 C2A4; # currency sign
+ A5 D290; # capital Ukrainian soft G
+ A6 C2A6; # borken bar
+ A7 C2A7; # section sign
+ A8 D081; # capital YO
+ A9 C2A9; # (C)
+ AA D084; # capital Ukrainian YE
+ AB C2AB; # left-pointing double angle quotation mark
+ AC C2AC; # not sign
+ AD C2AD; # soft hypen
+ AE C2AE; # (R)
+ AF D087; # capital Ukrainian YI
+
+ B0 C2B0; # °
+ B1 C2B1; # plus-minus sign
+ B2 D086; # capital Ukrainian I
+ B3 D196; # small Ukrainian i
+ B4 D291; # small Ukrainian soft g
+ B5 C2B5; # micro sign
+ B6 C2B6; # pilcrow sign
+ B7 C2B7; # ·
+ B8 D191; # small yo
+ B9 E28496; # numero sign
+ BA D194; # small Ukrainian ye
+ BB C2BB; # right-pointing double angle quotation mark
+
+ BF D197; # small Ukrainian yi
+
+ C0 D090; # capital A
+ C1 D091; # capital B
+ C2 D092; # capital V
+ C3 D093; # capital G
+ C4 D094; # capital D
+ C5 D095; # capital YE
+ C6 D096; # capital ZH
+ C7 D097; # capital Z
+ C8 D098; # capital I
+ C9 D099; # capital J
+ CA D09A; # capital K
+ CB D09B; # capital L
+ CC D09C; # capital M
+ CD D09D; # capital N
+ CE D09E; # capital O
+ CF D09F; # capital P
+
+ D0 D0A0; # capital R
+ D1 D0A1; # capital S
+ D2 D0A2; # capital T
+ D3 D0A3; # capital U
+ D4 D0A4; # capital F
+ D5 D0A5; # capital KH
+ D6 D0A6; # capital TS
+ D7 D0A7; # capital CH
+ D8 D0A8; # capital SH
+ D9 D0A9; # capital SHCH
+ DA D0AA; # capital hard sign
+ DB D0AB; # capital Y
+ DC D0AC; # capital soft sign
+ DD D0AD; # capital E
+ DE D0AE; # capital YU
+ DF D0AF; # capital YA
+
+ E0 D0B0; # small a
+ E1 D0B1; # small b
+ E2 D0B2; # small v
+ E3 D0B3; # small g
+ E4 D0B4; # small d
+ E5 D0B5; # small ye
+ E6 D0B6; # small zh
+ E7 D0B7; # small z
+ E8 D0B8; # small i
+ E9 D0B9; # small j
+ EA D0BA; # small k
+ EB D0BB; # small l
+ EC D0BC; # small m
+ ED D0BD; # small n
+ EE D0BE; # small o
+ EF D0BF; # small p
+
+ F0 D180; # small r
+ F1 D181; # small s
+ F2 D182; # small t
+ F3 D183; # small u
+ F4 D184; # small f
+ F5 D185; # small kh
+ F6 D186; # small ts
+ F7 D187; # small ch
+ F8 D188; # small sh
+ F9 D189; # small shch
+ FA D18A; # small hard sign
+ FB D18B; # small y
+ FC D18C; # small soft sign
+ FD D18D; # small e
+ FE D18E; # small yu
+ FF D18F; # small ya
+}
--- /dev/null
+#%PAM-1.0
+
+@include common-auth
+@include common-account
+@include common-session
+
frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash
mysql:x:108:115:MySQL Server,,,:/nonexistent:/bin/false
postfix:x:109:117::/var/spool/postfix:/usr/sbin/nologin
+clamav:x:110:119::/var/lib/clamav:/bin/false
+dovecot:x:111:120:Dovecot mail server,,,:/usr/lib/dovecot:/usr/sbin/nologin
+dovenull:x:112:121:Dovecot login user,,,:/nonexistent:/usr/sbin/nologin
+debian-spamd:x:113:122::/var/lib/spamassassin:/bin/sh
+amavis:x:114:123:AMaViS system user,,,:/var/lib/amavis:/bin/sh
frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash
mysql:x:108:115:MySQL Server,,,:/nonexistent:/bin/false
postfix:x:109:117::/var/spool/postfix:/usr/sbin/nologin
+clamav:x:110:119::/var/lib/clamav:/bin/false
+dovecot:x:111:120:Dovecot mail server,,,:/usr/lib/dovecot:/usr/sbin/nologin
+dovenull:x:112:121:Dovecot login user,,,:/nonexistent:/usr/sbin/nologin
+debian-spamd:x:113:122::/var/lib/spamassassin:/bin/sh
+amavis:x:114:123::/var/lib/amavis:/bin/sh
--- /dev/null
+/etc/php/7.3/mods-available/mysqlnd.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/opcache.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/pdo.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xml.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/calendar.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/ctype.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/curl.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/dom.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/exif.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/fileinfo.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/ftp.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/gd.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/gettext.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/iconv.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/intl.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/json.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/mbstring.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/mysqli.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/pdo_mysql.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/phar.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/posix.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/readline.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/shmop.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/simplexml.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sockets.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sysvmsg.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sysvsem.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sysvshm.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/tokenizer.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/wddx.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xmlreader.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xmlwriter.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xsl.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/zip.ini
\ No newline at end of file
--- /dev/null
+[PHP]
+
+;;;;;;;;;;;;;;;;;;;
+; About php.ini ;
+;;;;;;;;;;;;;;;;;;;
+; PHP's initialization file, generally called php.ini, is responsible for
+; configuring many of the aspects of PHP's behavior.
+
+; PHP attempts to find and load this configuration from a number of locations.
+; The following is a summary of its search order:
+; 1. SAPI module specific location.
+; 2. The PHPRC environment variable. (As of PHP 5.2.0)
+; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
+; 4. Current working directory (except CLI)
+; 5. The web server's directory (for SAPI modules), or directory of PHP
+; (otherwise in Windows)
+; 6. The directory from the --with-config-file-path compile time option, or the
+; Windows directory (usually C:\windows)
+; See the PHP docs for more specific information.
+; http://php.net/configuration.file
+
+; The syntax of the file is extremely simple. Whitespace and lines
+; beginning with a semicolon are silently ignored (as you probably guessed).
+; Section headers (e.g. [Foo]) are also silently ignored, even though
+; they might mean something in the future.
+
+; Directives following the section heading [PATH=/www/mysite] only
+; apply to PHP files in the /www/mysite directory. Directives
+; following the section heading [HOST=www.example.com] only apply to
+; PHP files served from www.example.com. Directives set in these
+; special sections cannot be overridden by user-defined INI files or
+; at runtime. Currently, [PATH=] and [HOST=] sections only work under
+; CGI/FastCGI.
+; http://php.net/ini.sections
+
+; Directives are specified using the following syntax:
+; directive = value
+; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
+; Directives are variables used to configure PHP or PHP extensions.
+; There is no name validation. If PHP can't find an expected
+; directive because it is not set or is mistyped, a default value will be used.
+
+; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
+; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
+; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
+; previously set variable or directive (e.g. ${foo})
+
+; Expressions in the INI file are limited to bitwise operators and parentheses:
+; | bitwise OR
+; ^ bitwise XOR
+; & bitwise AND
+; ~ bitwise NOT
+; ! boolean NOT
+
+; Boolean flags can be turned on using the values 1, On, True or Yes.
+; They can be turned off using the values 0, Off, False or No.
+
+; An empty string can be denoted by simply not writing anything after the equal
+; sign, or by using the None keyword:
+
+; foo = ; sets foo to an empty string
+; foo = None ; sets foo to an empty string
+; foo = "None" ; sets foo to the string 'None'
+
+; If you use constants in your value, and these constants belong to a
+; dynamically loaded extension (either a PHP extension or a Zend extension),
+; you may only use these constants *after* the line that loads the extension.
+
+;;;;;;;;;;;;;;;;;;;
+; About this file ;
+;;;;;;;;;;;;;;;;;;;
+; PHP comes packaged with two INI files. One that is recommended to be used
+; in production environments and one that is recommended to be used in
+; development environments.
+
+; php.ini-production contains settings which hold security, performance and
+; best practices at its core. But please be aware, these settings may break
+; compatibility with older or less security conscience applications. We
+; recommending using the production ini in production and testing environments.
+
+; php.ini-development is very similar to its production variant, except it is
+; much more verbose when it comes to errors. We recommend using the
+; development version only in development environments, as errors shown to
+; application users can inadvertently leak otherwise secure information.
+
+; This is the php.ini-production INI file.
+
+;;;;;;;;;;;;;;;;;;;
+; Quick Reference ;
+;;;;;;;;;;;;;;;;;;;
+; The following are all the settings which are different in either the production
+; or development versions of the INIs with respect to PHP's default behavior.
+; Please see the actual settings later in the document for more details as to why
+; we recommend these changes in PHP's behavior.
+
+; display_errors
+; Default Value: On
+; Development Value: On
+; Production Value: Off
+
+; display_startup_errors
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+
+; error_reporting
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+
+; html_errors
+; Default Value: On
+; Development Value: On
+; Production value: On
+
+; log_errors
+; Default Value: Off
+; Development Value: On
+; Production Value: On
+
+; max_input_time
+; Default Value: -1 (Unlimited)
+; Development Value: 60 (60 seconds)
+; Production Value: 60 (60 seconds)
+
+; output_buffering
+; Default Value: Off
+; Development Value: 4096
+; Production Value: 4096
+
+; register_argc_argv
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+
+; request_order
+; Default Value: None
+; Development Value: "GP"
+; Production Value: "GP"
+
+; session.gc_divisor
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+
+; session.sid_bits_per_character
+; Default Value: 4
+; Development Value: 5
+; Production Value: 5
+
+; short_open_tag
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+
+; variables_order
+; Default Value: "EGPCS"
+; Development Value: "GPCS"
+; Production Value: "GPCS"
+
+;;;;;;;;;;;;;;;;;;;;
+; php.ini Options ;
+;;;;;;;;;;;;;;;;;;;;
+; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
+;user_ini.filename = ".user.ini"
+
+; To disable this feature set this option to an empty value
+;user_ini.filename =
+
+; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
+;user_ini.cache_ttl = 300
+
+;;;;;;;;;;;;;;;;;;;;
+; Language Options ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Enable the PHP scripting language engine under Apache.
+; http://php.net/engine
+engine = On
+
+; This directive determines whether or not PHP will recognize code between
+; <? and ?> tags as PHP source which should be processed as such. It is
+; generally recommended that <?php and ?> should be used and that this feature
+; should be disabled, as enabling it may result in issues when generating XML
+; documents, however this remains supported for backward compatibility reasons.
+; Note that this directive does not control the <?= shorthand tag, which can be
+; used regardless of this directive.
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+; http://php.net/short-open-tag
+short_open_tag = Off
+
+; The number of significant digits displayed in floating point numbers.
+; http://php.net/precision
+precision = 14
+
+; Output buffering is a mechanism for controlling how much output data
+; (excluding headers and cookies) PHP should keep internally before pushing that
+; data to the client. If your application's output exceeds this setting, PHP
+; will send that data in chunks of roughly the size you specify.
+; Turning on this setting and managing its maximum buffer size can yield some
+; interesting side-effects depending on your application and web server.
+; You may be able to send headers and cookies after you've already sent output
+; through print or echo. You also may see performance benefits if your server is
+; emitting less packets due to buffered output versus PHP streaming the output
+; as it gets it. On production servers, 4096 bytes is a good setting for performance
+; reasons.
+; Note: Output buffering can also be controlled via Output Buffering Control
+; functions.
+; Possible Values:
+; On = Enabled and buffer is unlimited. (Use with caution)
+; Off = Disabled
+; Integer = Enables the buffer and sets its maximum size in bytes.
+; Note: This directive is hardcoded to Off for the CLI SAPI
+; Default Value: Off
+; Development Value: 4096
+; Production Value: 4096
+; http://php.net/output-buffering
+output_buffering = 4096
+
+; You can redirect all of the output of your scripts to a function. For
+; example, if you set output_handler to "mb_output_handler", character
+; encoding will be transparently converted to the specified encoding.
+; Setting any output handler automatically turns on output buffering.
+; Note: People who wrote portable scripts should not depend on this ini
+; directive. Instead, explicitly set the output handler using ob_start().
+; Using this ini directive may cause problems unless you know what script
+; is doing.
+; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
+; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
+; Note: output_handler must be empty if this is set 'On' !!!!
+; Instead you must use zlib.output_handler.
+; http://php.net/output-handler
+;output_handler =
+
+; URL rewriter function rewrites URL on the fly by using
+; output buffer. You can set target tags by this configuration.
+; "form" tag is special tag. It will add hidden input tag to pass values.
+; Refer to session.trans_sid_tags for usage.
+; Default Value: "form="
+; Development Value: "form="
+; Production Value: "form="
+;url_rewriter.tags
+
+; URL rewriter will not rewrite absolute URL nor form by default. To enable
+; absolute URL rewrite, allowed hosts must be defined at RUNTIME.
+; Refer to session.trans_sid_hosts for more details.
+; Default Value: ""
+; Development Value: ""
+; Production Value: ""
+;url_rewriter.hosts
+
+; Transparent output compression using the zlib library
+; Valid values for this option are 'off', 'on', or a specific buffer size
+; to be used for compression (default is 4KB)
+; Note: Resulting chunk size may vary due to nature of compression. PHP
+; outputs chunks that are few hundreds bytes each as a result of
+; compression. If you prefer a larger chunk size for better
+; performance, enable output_buffering in addition.
+; Note: You need to use zlib.output_handler instead of the standard
+; output_handler, or otherwise the output will be corrupted.
+; http://php.net/zlib.output-compression
+zlib.output_compression = Off
+
+; http://php.net/zlib.output-compression-level
+;zlib.output_compression_level = -1
+
+; You cannot specify additional output handlers if zlib.output_compression
+; is activated here. This setting does the same as output_handler but in
+; a different order.
+; http://php.net/zlib.output-handler
+;zlib.output_handler =
+
+; Implicit flush tells PHP to tell the output layer to flush itself
+; automatically after every output block. This is equivalent to calling the
+; PHP function flush() after each and every call to print() or echo() and each
+; and every HTML block. Turning this option on has serious performance
+; implications and is generally recommended for debugging purposes only.
+; http://php.net/implicit-flush
+; Note: This directive is hardcoded to On for the CLI SAPI
+implicit_flush = Off
+
+; The unserialize callback function will be called (with the undefined class'
+; name as parameter), if the unserializer finds an undefined class
+; which should be instantiated. A warning appears if the specified function is
+; not defined, or if the function doesn't include/implement the missing class.
+; So only set this entry, if you really want to implement such a
+; callback-function.
+unserialize_callback_func =
+
+; When floats & doubles are serialized, store serialize_precision significant
+; digits after the floating point. The default value ensures that when floats
+; are decoded with unserialize, the data will remain the same.
+; The value is also used for json_encode when encoding double values.
+; If -1 is used, then dtoa mode 0 is used which automatically select the best
+; precision.
+serialize_precision = -1
+
+; open_basedir, if set, limits all file operations to the defined directory
+; and below. This directive makes most sense if used in a per-directory
+; or per-virtualhost web server configuration file.
+; Note: disables the realpath cache
+; http://php.net/open-basedir
+;open_basedir =
+
+; This directive allows you to disable certain functions for security reasons.
+; It receives a comma-delimited list of function names.
+; http://php.net/disable-functions
+disable_functions =
+
+; This directive allows you to disable certain classes for security reasons.
+; It receives a comma-delimited list of class names.
+; http://php.net/disable-classes
+disable_classes =
+
+; Colors for Syntax Highlighting mode. Anything that's acceptable in
+; <span style="color: ???????"> would work.
+; http://php.net/syntax-highlighting
+;highlight.string = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html = #000000
+
+; If enabled, the request will be allowed to complete even if the user aborts
+; the request. Consider enabling it if executing long requests, which may end up
+; being interrupted by the user or a browser timing out. PHP's default behavior
+; is to disable this feature.
+; http://php.net/ignore-user-abort
+;ignore_user_abort = On
+
+; Determines the size of the realpath cache to be used by PHP. This value should
+; be increased on systems where PHP opens many files to reflect the quantity of
+; the file operations performed.
+; Note: if open_basedir is set, the cache is disabled
+; http://php.net/realpath-cache-size
+;realpath_cache_size = 4096k
+
+; Duration of time, in seconds for which to cache realpath information for a given
+; file or directory. For systems with rarely changing files, consider increasing this
+; value.
+; http://php.net/realpath-cache-ttl
+;realpath_cache_ttl = 120
+
+; Enables or disables the circular reference collector.
+; http://php.net/zend.enable-gc
+zend.enable_gc = On
+
+; If enabled, scripts may be written in encodings that are incompatible with
+; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
+; encodings. To use this feature, mbstring extension must be enabled.
+; Default: Off
+;zend.multibyte = Off
+
+; Allows to set the default encoding for the scripts. This value will be used
+; unless "declare(encoding=...)" directive appears at the top of the script.
+; Only affects if zend.multibyte is set.
+; Default: ""
+;zend.script_encoding =
+
+;;;;;;;;;;;;;;;;;
+; Miscellaneous ;
+;;;;;;;;;;;;;;;;;
+
+; Decides whether PHP may expose the fact that it is installed on the server
+; (e.g. by adding its signature to the Web server header). It is no security
+; threat in any way, but it makes it possible to determine whether you use PHP
+; on your server or not.
+; http://php.net/expose-php
+expose_php = On
+
+;;;;;;;;;;;;;;;;;;;
+; Resource Limits ;
+;;;;;;;;;;;;;;;;;;;
+
+; Maximum execution time of each script, in seconds
+; http://php.net/max-execution-time
+; Note: This directive is hardcoded to 0 for the CLI SAPI
+max_execution_time = 30
+
+; Maximum amount of time each script may spend parsing request data. It's a good
+; idea to limit this time on productions servers in order to eliminate unexpectedly
+; long running scripts.
+; Note: This directive is hardcoded to -1 for the CLI SAPI
+; Default Value: -1 (Unlimited)
+; Development Value: 60 (60 seconds)
+; Production Value: 60 (60 seconds)
+; http://php.net/max-input-time
+max_input_time = 60
+
+; Maximum input variable nesting level
+; http://php.net/max-input-nesting-level
+;max_input_nesting_level = 64
+
+; How many GET/POST/COOKIE input variables may be accepted
+;max_input_vars = 1000
+
+; Maximum amount of memory a script may consume (128MB)
+; http://php.net/memory-limit
+memory_limit = -1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Error handling and logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; This directive informs PHP of which errors, warnings and notices you would like
+; it to take action for. The recommended way of setting values for this
+; directive is through the use of the error level constants and bitwise
+; operators. The error level constants are below here for convenience as well as
+; some common settings and their meanings.
+; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
+; those related to E_NOTICE and E_STRICT, which together cover best practices and
+; recommended coding standards in PHP. For performance reasons, this is the
+; recommend error reporting setting. Your production server shouldn't be wasting
+; resources complaining about best practices and coding standards. That's what
+; development servers and development settings are for.
+; Note: The php.ini-development file has this setting as E_ALL. This
+; means it pretty much reports everything which is exactly what you want during
+; development and early testing.
+;
+; Error Level Constants:
+; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
+; E_ERROR - fatal run-time errors
+; E_RECOVERABLE_ERROR - almost fatal run-time errors
+; E_WARNING - run-time warnings (non-fatal errors)
+; E_PARSE - compile-time parse errors
+; E_NOTICE - run-time notices (these are warnings which often result
+; from a bug in your code, but it's possible that it was
+; intentional (e.g., using an uninitialized variable and
+; relying on the fact it is automatically initialized to an
+; empty string)
+; E_STRICT - run-time notices, enable to have PHP suggest changes
+; to your code which will ensure the best interoperability
+; and forward compatibility of your code
+; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
+; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
+; initial startup
+; E_COMPILE_ERROR - fatal compile-time errors
+; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
+; E_USER_ERROR - user-generated error message
+; E_USER_WARNING - user-generated warning message
+; E_USER_NOTICE - user-generated notice message
+; E_DEPRECATED - warn about code that will not work in future versions
+; of PHP
+; E_USER_DEPRECATED - user-generated deprecation warnings
+;
+; Common Values:
+; E_ALL (Show all errors, warnings and notices including coding standards.)
+; E_ALL & ~E_NOTICE (Show all errors, except for notices)
+; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
+; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+; http://php.net/error-reporting
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+
+; This directive controls whether or not and where PHP will output errors,
+; notices and warnings too. Error output is very useful during development, but
+; it could be very dangerous in production environments. Depending on the code
+; which is triggering the error, sensitive information could potentially leak
+; out of your application such as database usernames and passwords or worse.
+; For production environments, we recommend logging errors rather than
+; sending them to STDOUT.
+; Possible Values:
+; Off = Do not display any errors
+; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
+; On or stdout = Display errors to STDOUT
+; Default Value: On
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-errors
+display_errors = Off
+
+; The display of errors which occur during PHP's startup sequence are handled
+; separately from display_errors. PHP's default behavior is to suppress those
+; errors from clients. Turning the display of startup errors on can be useful in
+; debugging configuration problems. We strongly recommend you
+; set this to 'off' for production servers.
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-startup-errors
+display_startup_errors = Off
+
+; Besides displaying errors, PHP can also log errors to locations such as a
+; server-specific log, STDERR, or a location specified by the error_log
+; directive found below. While errors should not be displayed on productions
+; servers they should still be monitored and logging is a great way to do that.
+; Default Value: Off
+; Development Value: On
+; Production Value: On
+; http://php.net/log-errors
+log_errors = On
+
+; Set maximum length of log_errors. In error_log information about the source is
+; added. The default is 1024 and 0 allows to not apply any maximum length at all.
+; http://php.net/log-errors-max-len
+log_errors_max_len = 1024
+
+; Do not log repeated messages. Repeated errors must occur in same file on same
+; line unless ignore_repeated_source is set true.
+; http://php.net/ignore-repeated-errors
+ignore_repeated_errors = Off
+
+; Ignore source of message when ignoring repeated messages. When this setting
+; is On you will not log errors with repeated messages from different files or
+; source lines.
+; http://php.net/ignore-repeated-source
+ignore_repeated_source = Off
+
+; If this parameter is set to Off, then memory leaks will not be shown (on
+; stdout or in the log). This has only effect in a debug compile, and if
+; error reporting includes E_WARNING in the allowed list
+; http://php.net/report-memleaks
+report_memleaks = On
+
+; This setting is on by default.
+;report_zend_debug = 0
+
+; Store the last error/warning message in $php_errormsg (boolean). Setting this value
+; to On can assist in debugging and is appropriate for development servers. It should
+; however be disabled on production servers.
+; This directive is DEPRECATED.
+; Default Value: Off
+; Development Value: Off
+; Production Value: Off
+; http://php.net/track-errors
+;track_errors = Off
+
+; Turn off normal error reporting and emit XML-RPC error XML
+; http://php.net/xmlrpc-errors
+;xmlrpc_errors = 0
+
+; An XML-RPC faultCode
+;xmlrpc_error_number = 0
+
+; When PHP displays or logs an error, it has the capability of formatting the
+; error message as HTML for easier reading. This directive controls whether
+; the error message is formatted as HTML or not.
+; Note: This directive is hardcoded to Off for the CLI SAPI
+; Default Value: On
+; Development Value: On
+; Production value: On
+; http://php.net/html-errors
+html_errors = On
+
+; If html_errors is set to On *and* docref_root is not empty, then PHP
+; produces clickable error messages that direct to a page describing the error
+; or function causing the error in detail.
+; You can download a copy of the PHP manual from http://php.net/docs
+; and change docref_root to the base URL of your local copy including the
+; leading '/'. You must also specify the file extension being used including
+; the dot. PHP's default behavior is to leave these settings empty, in which
+; case no links to documentation are generated.
+; Note: Never use this feature for production boxes.
+; http://php.net/docref-root
+; Examples
+;docref_root = "/phpmanual/"
+
+; http://php.net/docref-ext
+;docref_ext = .html
+
+; String to output before an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-prepend-string
+; Example:
+;error_prepend_string = "<span style='color: #ff0000'>"
+
+; String to output after an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-append-string
+; Example:
+;error_append_string = "</span>"
+
+; Log errors to specified file. PHP's default behavior is to leave this value
+; empty.
+; http://php.net/error-log
+; Example:
+;error_log = php_errors.log
+; Log errors to syslog (Event Log on Windows).
+;error_log = syslog
+
+; The syslog ident is a string which is prepended to every message logged
+; to syslog. Only used when error_log is set to syslog.
+;syslog.ident = php
+
+; The syslog facility is used to specify what type of program is logging
+; the message. Only used when error_log is set to syslog.
+;syslog.facility = user
+
+; Set this to disable filtering control characters (the default).
+; Some loggers only accept NVT-ASCII, others accept anything that's not
+; control characters. If your logger accepts everything, then no filtering
+; is needed at all.
+; Allowed values are:
+; ascii (all printable ASCII characters and NL)
+; no-ctrl (all characters except control characters)
+; all (all characters)
+; raw (like "all", but messages are not split at newlines)
+; http://php.net/syslog.filter
+;syslog.filter = ascii
+
+;windows.show_crt_warning
+; Default value: 0
+; Development value: 0
+; Production value: 0
+
+;;;;;;;;;;;;;;;;;
+; Data Handling ;
+;;;;;;;;;;;;;;;;;
+
+; The separator used in PHP generated URLs to separate arguments.
+; PHP's default setting is "&".
+; http://php.net/arg-separator.output
+; Example:
+;arg_separator.output = "&"
+
+; List of separator(s) used by PHP to parse input URLs into variables.
+; PHP's default setting is "&".
+; NOTE: Every character in this directive is considered as separator!
+; http://php.net/arg-separator.input
+; Example:
+;arg_separator.input = ";&"
+
+; This directive determines which super global arrays are registered when PHP
+; starts up. G,P,C,E & S are abbreviations for the following respective super
+; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
+; paid for the registration of these arrays and because ENV is not as commonly
+; used as the others, ENV is not recommended on productions servers. You
+; can still get access to the environment variables through getenv() should you
+; need to.
+; Default Value: "EGPCS"
+; Development Value: "GPCS"
+; Production Value: "GPCS";
+; http://php.net/variables-order
+variables_order = "GPCS"
+
+; This directive determines which super global data (G,P & C) should be
+; registered into the super global array REQUEST. If so, it also determines
+; the order in which that data is registered. The values for this directive
+; are specified in the same manner as the variables_order directive,
+; EXCEPT one. Leaving this value empty will cause PHP to use the value set
+; in the variables_order directive. It does not mean it will leave the super
+; globals array REQUEST empty.
+; Default Value: None
+; Development Value: "GP"
+; Production Value: "GP"
+; http://php.net/request-order
+request_order = "GP"
+
+; This directive determines whether PHP registers $argv & $argc each time it
+; runs. $argv contains an array of all the arguments passed to PHP when a script
+; is invoked. $argc contains an integer representing the number of arguments
+; that were passed when the script was invoked. These arrays are extremely
+; useful when running scripts from the command line. When this directive is
+; enabled, registering these variables consumes CPU cycles and memory each time
+; a script is executed. For performance reasons, this feature should be disabled
+; on production servers.
+; Note: This directive is hardcoded to On for the CLI SAPI
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+; http://php.net/register-argc-argv
+register_argc_argv = Off
+
+; When enabled, the ENV, REQUEST and SERVER variables are created when they're
+; first used (Just In Time) instead of when the script starts. If these
+; variables are not used within a script, having this directive on will result
+; in a performance gain. The PHP directive register_argc_argv must be disabled
+; for this directive to have any affect.
+; http://php.net/auto-globals-jit
+auto_globals_jit = On
+
+; Whether PHP will read the POST data.
+; This option is enabled by default.
+; Most likely, you won't want to disable this option globally. It causes $_POST
+; and $_FILES to always be empty; the only way you will be able to read the
+; POST data will be through the php://input stream wrapper. This can be useful
+; to proxy requests or to process the POST data in a memory efficient fashion.
+; http://php.net/enable-post-data-reading
+;enable_post_data_reading = Off
+
+; Maximum size of POST data that PHP will accept.
+; Its value may be 0 to disable the limit. It is ignored if POST data reading
+; is disabled through enable_post_data_reading.
+; http://php.net/post-max-size
+post_max_size = 8M
+
+; Automatically add files before PHP document.
+; http://php.net/auto-prepend-file
+auto_prepend_file =
+
+; Automatically add files after PHP document.
+; http://php.net/auto-append-file
+auto_append_file =
+
+; By default, PHP will output a media type using the Content-Type header. To
+; disable this, simply set it to be empty.
+;
+; PHP's built-in default media type is set to text/html.
+; http://php.net/default-mimetype
+default_mimetype = "text/html"
+
+; PHP's default character set is set to UTF-8.
+; http://php.net/default-charset
+default_charset = "UTF-8"
+
+; PHP internal character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/internal-encoding
+;internal_encoding =
+
+; PHP input character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/input-encoding
+;input_encoding =
+
+; PHP output character encoding is set to empty.
+; If empty, default_charset is used.
+; See also output_buffer.
+; http://php.net/output-encoding
+;output_encoding =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;
+; Paths and Directories ;
+;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; UNIX: "/path1:/path2"
+;include_path = ".:/usr/share/php"
+;
+; Windows: "\path1;\path2"
+;include_path = ".;c:\php\includes"
+;
+; PHP's default setting for include_path is ".;/path/to/php/pear"
+; http://php.net/include-path
+
+; The root of the PHP pages, used only if nonempty.
+; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
+; if you are running php as a CGI under any web server (other than IIS)
+; see documentation for security issues. The alternate is to use the
+; cgi.force_redirect configuration below
+; http://php.net/doc-root
+doc_root =
+
+; The directory under which PHP opens the script using /~username used only
+; if nonempty.
+; http://php.net/user-dir
+user_dir =
+
+; Directory in which the loadable extensions (modules) reside.
+; http://php.net/extension-dir
+;extension_dir = "./"
+; On windows:
+;extension_dir = "ext"
+
+; Directory where the temporary files should be placed.
+; Defaults to the system default (see sys_get_temp_dir)
+;sys_temp_dir = "/tmp"
+
+; Whether or not to enable the dl() function. The dl() function does NOT work
+; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+; disabled on them.
+; http://php.net/enable-dl
+enable_dl = Off
+
+; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+; most web servers. Left undefined, PHP turns this on by default. You can
+; turn it off here AT YOUR OWN RISK
+; **You CAN safely turn this off for IIS, in fact, you MUST.**
+; http://php.net/cgi.force-redirect
+;cgi.force_redirect = 1
+
+; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
+; every request. PHP's default behavior is to disable this feature.
+;cgi.nph = 1
+
+; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
+; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+; will look for to know it is OK to continue execution. Setting this variable MAY
+; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+; http://php.net/cgi.redirect-status-env
+;cgi.redirect_status_env =
+
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
+; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
+; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; http://php.net/cgi.fix-pathinfo
+;cgi.fix_pathinfo=1
+
+; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
+; of the web tree and people will not be able to circumvent .htaccess security.
+;cgi.discard_path=1
+
+; FastCGI under IIS supports the ability to impersonate
+; security tokens of the calling client. This allows IIS to define the
+; security context that the request runs under. mod_fastcgi under Apache
+; does not currently support this feature (03/17/2002)
+; Set to 1 if running under IIS. Default is zero.
+; http://php.net/fastcgi.impersonate
+;fastcgi.impersonate = 1
+
+; Disable logging through FastCGI connection. PHP's default behavior is to enable
+; this feature.
+;fastcgi.logging = 0
+
+; cgi.rfc2616_headers configuration option tells PHP what type of headers to
+; use when sending HTTP response code. If set to 0, PHP sends Status: header that
+; is supported by Apache. When this option is set to 1, PHP will send
+; RFC2616 compliant header.
+; Default is zero.
+; http://php.net/cgi.rfc2616-headers
+;cgi.rfc2616_headers = 0
+
+; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
+; (shebang) at the top of the running script. This line might be needed if the
+; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
+; mode skips this line and ignores its content if this directive is turned on.
+; http://php.net/cgi.check-shebang-line
+;cgi.check_shebang_line=1
+
+;;;;;;;;;;;;;;;;
+; File Uploads ;
+;;;;;;;;;;;;;;;;
+
+; Whether to allow HTTP file uploads.
+; http://php.net/file-uploads
+file_uploads = On
+
+; Temporary directory for HTTP uploaded files (will use system default if not
+; specified).
+; http://php.net/upload-tmp-dir
+;upload_tmp_dir =
+
+; Maximum allowed size for uploaded files.
+; http://php.net/upload-max-filesize
+upload_max_filesize = 2M
+
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 20
+
+;;;;;;;;;;;;;;;;;;
+; Fopen wrappers ;
+;;;;;;;;;;;;;;;;;;
+
+; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-fopen
+allow_url_fopen = On
+
+; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-include
+allow_url_include = Off
+
+; Define the anonymous ftp password (your email address). PHP's default setting
+; for this is empty.
+; http://php.net/from
+;from="john@doe.com"
+
+; Define the User-Agent string. PHP's default setting for this is empty.
+; http://php.net/user-agent
+;user_agent="PHP"
+
+; Default timeout for socket based streams (seconds)
+; http://php.net/default-socket-timeout
+default_socket_timeout = 60
+
+; If your scripts have to deal with files from Macintosh systems,
+; or you are running on a Mac and need to deal with files from
+; unix or win32 systems, setting this flag will cause PHP to
+; automatically detect the EOL character in those files so that
+; fgets() and file() will work regardless of the source of the file.
+; http://php.net/auto-detect-line-endings
+;auto_detect_line_endings = Off
+
+;;;;;;;;;;;;;;;;;;;;;;
+; Dynamic Extensions ;
+;;;;;;;;;;;;;;;;;;;;;;
+
+; If you wish to have an extension loaded automatically, use the following
+; syntax:
+;
+; extension=modulename
+;
+; For example:
+;
+; extension=mysqli
+;
+; When the extension library to load is not located in the default extension
+; directory, You may specify an absolute path to the library file:
+;
+; extension=/path/to/extension/mysqli.so
+;
+; Note : The syntax used in previous PHP versions ('extension=<ext>.so' and
+; 'extension='php_<ext>.dll') is supported for legacy reasons and may be
+; deprecated in a future PHP major version. So, when it is possible, please
+; move to the new ('extension=<ext>) syntax.
+;
+; Notes for Windows environments :
+;
+; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+)
+; extension folders as well as the separate PECL DLL download (PHP 5+).
+; Be sure to appropriately set the extension_dir directive.
+;
+;extension=bz2
+;extension=curl
+;extension=fileinfo
+;extension=gd2
+;extension=gettext
+;extension=gmp
+;extension=intl
+;extension=imap
+;extension=interbase
+;extension=ldap
+;extension=mbstring
+;extension=exif ; Must be after mbstring as it depends on it
+;extension=mysqli
+;extension=oci8_12c ; Use with Oracle Database 12c Instant Client
+;extension=odbc
+;extension=openssl
+;extension=pdo_firebird
+;extension=pdo_mysql
+;extension=pdo_oci
+;extension=pdo_odbc
+;extension=pdo_pgsql
+;extension=pdo_sqlite
+;extension=pgsql
+;extension=shmop
+
+; The MIBS data available in the PHP distribution must be installed.
+; See http://www.php.net/manual/en/snmp.installation.php
+;extension=snmp
+
+;extension=soap
+;extension=sockets
+;extension=sodium
+;extension=sqlite3
+;extension=tidy
+;extension=xmlrpc
+;extension=xsl
+
+;;;;;;;;;;;;;;;;;;;
+; Module Settings ;
+;;;;;;;;;;;;;;;;;;;
+
+[CLI Server]
+; Whether the CLI web server uses ANSI color coding in its terminal output.
+cli_server.color = On
+
+[Date]
+; Defines the default timezone used by the date functions
+; http://php.net/date.timezone
+;date.timezone =
+
+; http://php.net/date.default-latitude
+;date.default_latitude = 31.7667
+
+; http://php.net/date.default-longitude
+;date.default_longitude = 35.2333
+
+; http://php.net/date.sunrise-zenith
+;date.sunrise_zenith = 90.583333
+
+; http://php.net/date.sunset-zenith
+;date.sunset_zenith = 90.583333
+
+[filter]
+; http://php.net/filter.default
+;filter.default = unsafe_raw
+
+; http://php.net/filter.default-flags
+;filter.default_flags =
+
+[iconv]
+; Use of this INI entry is deprecated, use global input_encoding instead.
+; If empty, default_charset or input_encoding or iconv.input_encoding is used.
+; The precedence is: default_charset < input_encoding < iconv.input_encoding
+;iconv.input_encoding =
+
+; Use of this INI entry is deprecated, use global internal_encoding instead.
+; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
+; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
+;iconv.internal_encoding =
+
+; Use of this INI entry is deprecated, use global output_encoding instead.
+; If empty, default_charset or output_encoding or iconv.output_encoding is used.
+; The precedence is: default_charset < output_encoding < iconv.output_encoding
+; To use an output encoding conversion, iconv's output handler must be set
+; otherwise output encoding conversion cannot be performed.
+;iconv.output_encoding =
+
+[imap]
+; rsh/ssh logins are disabled by default. Use this INI entry if you want to
+; enable them. Note that the IMAP library does not filter mailbox names before
+; passing them to rsh/ssh command, thus passing untrusted data to this function
+; with rsh/ssh enabled is insecure.
+;imap.enable_insecure_rsh=0
+
+[intl]
+;intl.default_locale =
+; This directive allows you to produce PHP errors when some error
+; happens within intl functions. The value is the level of the error produced.
+; Default is 0, which does not produce any errors.
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
+
+[sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
+;sqlite3.extension_dir =
+
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+;sqlite3.defensive = 1
+
+[Pcre]
+; PCRE library backtracking limit.
+; http://php.net/pcre.backtrack-limit
+;pcre.backtrack_limit=100000
+
+; PCRE library recursion limit.
+; Please note that if you set this value to a high number you may consume all
+; the available process stack and eventually crash PHP (due to reaching the
+; stack size limit imposed by the Operating System).
+; http://php.net/pcre.recursion-limit
+;pcre.recursion_limit=100000
+
+; Enables or disables JIT compilation of patterns. This requires the PCRE
+; library to be compiled with JIT support.
+;pcre.jit=1
+
+[Pdo]
+; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
+; http://php.net/pdo-odbc.connection-pooling
+;pdo_odbc.connection_pooling=strict
+
+;pdo_odbc.db2_instance_name
+
+[Pdo_mysql]
+; Default socket name for local MySQL connects. If empty, uses the built-in
+; MySQL defaults.
+pdo_mysql.default_socket=
+
+[Phar]
+; http://php.net/phar.readonly
+;phar.readonly = On
+
+; http://php.net/phar.require-hash
+;phar.require_hash = On
+
+;phar.cache_list =
+
+[mail function]
+; For Win32 only.
+; http://php.net/smtp
+SMTP = localhost
+; http://php.net/smtp-port
+smtp_port = 25
+
+; For Win32 only.
+; http://php.net/sendmail-from
+;sendmail_from = me@example.com
+
+; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
+; http://php.net/sendmail-path
+;sendmail_path =
+
+; Force the addition of the specified parameters to be passed as extra parameters
+; to the sendmail binary. These parameters will always replace the value of
+; the 5th parameter to mail().
+;mail.force_extra_parameters =
+
+; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
+mail.add_x_header = Off
+
+; The path to a log file that will log all mail() calls. Log entries include
+; the full path of the script, line number, To address and headers.
+;mail.log =
+; Log mail to syslog (Event Log on Windows).
+;mail.log = syslog
+
+[ODBC]
+; http://php.net/odbc.default-db
+;odbc.default_db = Not yet implemented
+
+; http://php.net/odbc.default-user
+;odbc.default_user = Not yet implemented
+
+; http://php.net/odbc.default-pw
+;odbc.default_pw = Not yet implemented
+
+; Controls the ODBC cursor model.
+; Default: SQL_CURSOR_STATIC (default).
+;odbc.default_cursortype
+
+; Allow or prevent persistent links.
+; http://php.net/odbc.allow-persistent
+odbc.allow_persistent = On
+
+; Check that a connection is still valid before reuse.
+; http://php.net/odbc.check-persistent
+odbc.check_persistent = On
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/odbc.max-persistent
+odbc.max_persistent = -1
+
+; Maximum number of links (persistent + non-persistent). -1 means no limit.
+; http://php.net/odbc.max-links
+odbc.max_links = -1
+
+; Handling of LONG fields. Returns number of bytes to variables. 0 means
+; passthru.
+; http://php.net/odbc.defaultlrl
+odbc.defaultlrl = 4096
+
+; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
+; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
+; of odbc.defaultlrl and odbc.defaultbinmode
+; http://php.net/odbc.defaultbinmode
+odbc.defaultbinmode = 1
+
+[Interbase]
+; Allow or prevent persistent links.
+ibase.allow_persistent = 1
+
+; Maximum number of persistent links. -1 means no limit.
+ibase.max_persistent = -1
+
+; Maximum number of links (persistent + non-persistent). -1 means no limit.
+ibase.max_links = -1
+
+; Default database name for ibase_connect().
+;ibase.default_db =
+
+; Default username for ibase_connect().
+;ibase.default_user =
+
+; Default password for ibase_connect().
+;ibase.default_password =
+
+; Default charset for ibase_connect().
+;ibase.default_charset =
+
+; Default timestamp format.
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+
+; Default date format.
+ibase.dateformat = "%Y-%m-%d"
+
+; Default time format.
+ibase.timeformat = "%H:%M:%S"
+
+[MySQLi]
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/mysqli.max-persistent
+mysqli.max_persistent = -1
+
+; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
+; http://php.net/mysqli.allow_local_infile
+;mysqli.allow_local_infile = On
+
+; Allow or prevent persistent links.
+; http://php.net/mysqli.allow-persistent
+mysqli.allow_persistent = On
+
+; Maximum number of links. -1 means no limit.
+; http://php.net/mysqli.max-links
+mysqli.max_links = -1
+
+; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
+; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
+; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
+; at MYSQL_PORT.
+; http://php.net/mysqli.default-port
+mysqli.default_port = 3306
+
+; Default socket name for local MySQL connects. If empty, uses the built-in
+; MySQL defaults.
+; http://php.net/mysqli.default-socket
+mysqli.default_socket =
+
+; Default host for mysql_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-host
+mysqli.default_host =
+
+; Default user for mysql_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-user
+mysqli.default_user =
+
+; Default password for mysqli_connect() (doesn't apply in safe mode).
+; Note that this is generally a *bad* idea to store passwords in this file.
+; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
+; and reveal this password! And of course, any users with read access to this
+; file will be able to reveal the password as well.
+; http://php.net/mysqli.default-pw
+mysqli.default_pw =
+
+; Allow or prevent reconnect
+mysqli.reconnect = Off
+
+[mysqlnd]
+; Enable / Disable collection of general statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_statistics = On
+
+; Enable / Disable collection of memory usage statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_memory_statistics = Off
+
+; Records communication from all extensions using mysqlnd to the specified log
+; file.
+; http://php.net/mysqlnd.debug
+;mysqlnd.debug =
+
+; Defines which queries will be logged.
+;mysqlnd.log_mask = 0
+
+; Default size of the mysqlnd memory pool, which is used by result sets.
+;mysqlnd.mempool_default_size = 16000
+
+; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
+;mysqlnd.net_cmd_buffer_size = 2048
+
+; Size of a pre-allocated buffer used for reading data sent by the server in
+; bytes.
+;mysqlnd.net_read_buffer_size = 32768
+
+; Timeout for network requests in seconds.
+;mysqlnd.net_read_timeout = 31536000
+
+; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
+; key.
+;mysqlnd.sha256_server_public_key =
+
+[OCI8]
+
+; Connection: Enables privileged connections using external
+; credentials (OCI_SYSOPER, OCI_SYSDBA)
+; http://php.net/oci8.privileged-connect
+;oci8.privileged_connect = Off
+
+; Connection: The maximum number of persistent OCI8 connections per
+; process. Using -1 means no limit.
+; http://php.net/oci8.max-persistent
+;oci8.max_persistent = -1
+
+; Connection: The maximum number of seconds a process is allowed to
+; maintain an idle persistent connection. Using -1 means idle
+; persistent connections will be maintained forever.
+; http://php.net/oci8.persistent-timeout
+;oci8.persistent_timeout = -1
+
+; Connection: The number of seconds that must pass before issuing a
+; ping during oci_pconnect() to check the connection validity. When
+; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
+; pings completely.
+; http://php.net/oci8.ping-interval
+;oci8.ping_interval = 60
+
+; Connection: Set this to a user chosen connection class to be used
+; for all pooled server requests with Oracle 11g Database Resident
+; Connection Pooling (DRCP). To use DRCP, this value should be set to
+; the same string for all web servers running the same application,
+; the database pool must be configured, and the connection string must
+; specify to use a pooled server.
+;oci8.connection_class =
+
+; High Availability: Using On lets PHP receive Fast Application
+; Notification (FAN) events generated when a database node fails. The
+; database must also be configured to post FAN events.
+;oci8.events = Off
+
+; Tuning: This option enables statement caching, and specifies how
+; many statements to cache. Using 0 disables statement caching.
+; http://php.net/oci8.statement-cache-size
+;oci8.statement_cache_size = 20
+
+; Tuning: Enables statement prefetching and sets the default number of
+; rows that will be fetched automatically after statement execution.
+; http://php.net/oci8.default-prefetch
+;oci8.default_prefetch = 100
+
+; Compatibility. Using On means oci_close() will not close
+; oci_connect() and oci_new_connect() connections.
+; http://php.net/oci8.old-oci-close-semantics
+;oci8.old_oci_close_semantics = Off
+
+[PostgreSQL]
+; Allow or prevent persistent links.
+; http://php.net/pgsql.allow-persistent
+pgsql.allow_persistent = On
+
+; Detect broken persistent links always with pg_pconnect().
+; Auto reset feature requires a little overheads.
+; http://php.net/pgsql.auto-reset-persistent
+pgsql.auto_reset_persistent = Off
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/pgsql.max-persistent
+pgsql.max_persistent = -1
+
+; Maximum number of links (persistent+non persistent). -1 means no limit.
+; http://php.net/pgsql.max-links
+pgsql.max_links = -1
+
+; Ignore PostgreSQL backends Notice message or not.
+; Notice message logging require a little overheads.
+; http://php.net/pgsql.ignore-notice
+pgsql.ignore_notice = 0
+
+; Log PostgreSQL backends Notice message or not.
+; Unless pgsql.ignore_notice=0, module cannot log notice message.
+; http://php.net/pgsql.log-notice
+pgsql.log_notice = 0
+
+[bcmath]
+; Number of decimal digits for all bcmath functions.
+; http://php.net/bcmath.scale
+bcmath.scale = 0
+
+[browscap]
+; http://php.net/browscap
+;browscap = extra/browscap.ini
+
+[Session]
+; Handler used to store/retrieve data.
+; http://php.net/session.save-handler
+session.save_handler = files
+
+; Argument passed to save_handler. In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+; session.save_path = "N;/path"
+;
+; where N is an integer. Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories. This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+; You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+; use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+; session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; http://php.net/session.save-path
+;session.save_path = "/var/lib/php/sessions"
+
+; Whether to use strict session mode.
+; Strict session mode does not accept an uninitialized session ID, and
+; regenerates the session ID if the browser sends an uninitialized session ID.
+; Strict mode protects applications from session fixation via a session adoption
+; vulnerability. It is disabled by default for maximum compatibility, but
+; enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
+
+; Whether to use cookies.
+; http://php.net/session.use-cookies
+session.use_cookies = 1
+
+; http://php.net/session.cookie-secure
+;session.cookie_secure =
+
+; This option forces PHP to fetch and use a cookie for storing and maintaining
+; the session id. We encourage this operation as it's very helpful in combating
+; session hijacking when not specifying and managing your own session id. It is
+; not the be-all and end-all of session hijacking defense, but it's a good start.
+; http://php.net/session.use-only-cookies
+session.use_only_cookies = 1
+
+; Name of the session (used as cookie name).
+; http://php.net/session.name
+session.name = PHPSESSID
+
+; Initialize session on request startup.
+; http://php.net/session.auto-start
+session.auto_start = 0
+
+; Lifetime in seconds of cookie or, if 0, until browser is restarted.
+; http://php.net/session.cookie-lifetime
+session.cookie_lifetime = 0
+
+; The path for which the cookie is valid.
+; http://php.net/session.cookie-path
+session.cookie_path = /
+
+; The domain for which the cookie is valid.
+; http://php.net/session.cookie-domain
+session.cookie_domain =
+
+; Whether or not to add the httpOnly flag to the cookie, which makes it
+; inaccessible to browser scripting languages such as JavaScript.
+; http://php.net/session.cookie-httponly
+session.cookie_httponly =
+
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Strict", "Lax" or "None". When using "None",
+; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+session.cookie_samesite =
+
+; Handler used to serialize data. php is the standard serializer of PHP.
+; http://php.net/session.serialize-handler
+session.serialize_handler = php
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.gc-probability
+session.gc_probability = 0
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; For high volume production servers, using a value of 1000 is a more efficient approach.
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+; http://php.net/session.gc-divisor
+session.gc_divisor = 1000
+
+; After this number of seconds, stored data will be seen as 'garbage' and
+; cleaned up by the garbage collection process.
+; http://php.net/session.gc-maxlifetime
+session.gc_maxlifetime = 1440
+
+; NOTE: If you are using the subdirectory option for storing session files
+; (see session.save_path above), then garbage collection does *not*
+; happen automatically. You will need to do your own garbage
+; collection through a shell script, cron entry, or some other method.
+; For example, the following script is the equivalent of setting
+; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+; find /path/to/sessions -cmin +24 -type f | xargs rm
+
+; Check HTTP Referer to invalidate externally stored URLs containing ids.
+; HTTP_REFERER has to contain this substring for the session to be
+; considered as valid.
+; http://php.net/session.referer-check
+session.referer_check =
+
+; Set to {nocache,private,public,} to determine HTTP caching aspects
+; or leave this empty to avoid sending anti-caching headers.
+; http://php.net/session.cache-limiter
+session.cache_limiter = nocache
+
+; Document expires after n minutes.
+; http://php.net/session.cache-expire
+session.cache_expire = 180
+
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users' security.
+; Use this option with caution.
+; - User may send URL contains active session ID
+; to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+; in publicly accessible computer.
+; - User may access your site with the same session ID
+; always using URL stored in browser's history or bookmarks.
+; http://php.net/session.use-trans-sid
+session.use_trans_sid = 0
+
+; Set session ID character length. This value could be between 22 to 256.
+; Shorter length than default is supported only for compatibility reason.
+; Users should use 32 or more chars.
+; http://php.net/session.sid-length
+; Default Value: 32
+; Development Value: 26
+; Production Value: 26
+session.sid_length = 26
+
+; The URL rewriter will look for URLs in a defined set of HTML tags.
+; <form> is special; if you include them here, the rewriter will
+; add a hidden <input> field with the info which is otherwise appended
+; to URLs. <form> tag's action attribute URL will not be modified
+; unless it is specified.
+; Note that all valid entries require a "=", even if no value follows.
+; Default Value: "a=href,area=href,frame=src,form="
+; Development Value: "a=href,area=href,frame=src,form="
+; Production Value: "a=href,area=href,frame=src,form="
+; http://php.net/url-rewriter.tags
+session.trans_sid_tags = "a=href,area=href,frame=src,form="
+
+; URL rewriter does not rewrite absolute URLs by default.
+; To enable rewrites for absolute paths, target hosts must be specified
+; at RUNTIME. i.e. use ini_set()
+; <form> tags is special. PHP will check action attribute's URL regardless
+; of session.trans_sid_tags setting.
+; If no host is defined, HTTP_HOST will be used for allowed host.
+; Example value: php.net,www.php.net,wiki.php.net
+; Use "," for multiple hosts. No spaces are allowed.
+; Default Value: ""
+; Development Value: ""
+; Production Value: ""
+;session.trans_sid_hosts=""
+
+; Define how many bits are stored in each character when converting
+; the binary hash data to something readable.
+; Possible values:
+; 4 (4 bits: 0-9, a-f)
+; 5 (5 bits: 0-9, a-v)
+; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
+; Default Value: 4
+; Development Value: 5
+; Production Value: 5
+; http://php.net/session.hash-bits-per-character
+session.sid_bits_per_character = 5
+
+; Enable upload progress tracking in $_SESSION
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.enabled
+;session.upload_progress.enabled = On
+
+; Cleanup the progress information as soon as all POST data has been read
+; (i.e. upload completed).
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.cleanup
+;session.upload_progress.cleanup = On
+
+; A prefix used for the upload progress key in $_SESSION
+; Default Value: "upload_progress_"
+; Development Value: "upload_progress_"
+; Production Value: "upload_progress_"
+; http://php.net/session.upload-progress.prefix
+;session.upload_progress.prefix = "upload_progress_"
+
+; The index name (concatenated with the prefix) in $_SESSION
+; containing the upload progress information
+; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; http://php.net/session.upload-progress.name
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+
+; How frequently the upload progress should be updated.
+; Given either in percentages (per-file), or in bytes
+; Default Value: "1%"
+; Development Value: "1%"
+; Production Value: "1%"
+; http://php.net/session.upload-progress.freq
+;session.upload_progress.freq = "1%"
+
+; The minimum delay between updates, in seconds
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.upload-progress.min-freq
+;session.upload_progress.min_freq = "1"
+
+; Only write session data when session data is changed. Enabled by default.
+; http://php.net/session.lazy-write
+;session.lazy_write = On
+
+[Assertion]
+; Switch whether to compile assertions at all (to have no overhead at run-time)
+; -1: Do not compile at all
+; 0: Jump over assertion at run-time
+; 1: Execute assertions
+; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
+; Default Value: 1
+; Development Value: 1
+; Production Value: -1
+; http://php.net/zend.assertions
+zend.assertions = -1
+
+; Assert(expr); active by default.
+; http://php.net/assert.active
+;assert.active = On
+
+; Throw an AssertionError on failed assertions
+; http://php.net/assert.exception
+;assert.exception = On
+
+; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
+; http://php.net/assert.warning
+;assert.warning = On
+
+; Don't bail out by default.
+; http://php.net/assert.bail
+;assert.bail = Off
+
+; User-function to be called if an assertion fails.
+; http://php.net/assert.callback
+;assert.callback = 0
+
+; Eval the expression with current error_reporting(). Set to true if you want
+; error_reporting(0) around the eval().
+; http://php.net/assert.quiet-eval
+;assert.quiet_eval = 0
+
+[COM]
+; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
+; http://php.net/com.typelib-file
+;com.typelib_file =
+
+; allow Distributed-COM calls
+; http://php.net/com.allow-dcom
+;com.allow_dcom = true
+
+; autoregister constants of a component's typlib on com_load()
+; http://php.net/com.autoregister-typelib
+;com.autoregister_typelib = true
+
+; register constants casesensitive
+; http://php.net/com.autoregister-casesensitive
+;com.autoregister_casesensitive = false
+
+; show warnings on duplicate constant registrations
+; http://php.net/com.autoregister-verbose
+;com.autoregister_verbose = true
+
+; The default character set code-page to use when passing strings to and from COM objects.
+; Default: system ANSI code page
+;com.code_page=
+
+[mbstring]
+; language for internal character representation.
+; This affects mb_send_mail() and mbstring.detect_order.
+; http://php.net/mbstring.language
+;mbstring.language = Japanese
+
+; Use of this INI entry is deprecated, use global internal_encoding instead.
+; internal/script encoding.
+; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
+; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
+; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
+;mbstring.internal_encoding =
+
+; Use of this INI entry is deprecated, use global input_encoding instead.
+; http input encoding.
+; mbstring.encoding_translation = On is needed to use this setting.
+; If empty, default_charset or input_encoding or mbstring.input is used.
+; The precedence is: default_charset < input_encoding < mbsting.http_input
+; http://php.net/mbstring.http-input
+;mbstring.http_input =
+
+; Use of this INI entry is deprecated, use global output_encoding instead.
+; http output encoding.
+; mb_output_handler must be registered as output buffer to function.
+; If empty, default_charset or output_encoding or mbstring.http_output is used.
+; The precedence is: default_charset < output_encoding < mbstring.http_output
+; To use an output encoding conversion, mbstring's output handler must be set
+; otherwise output encoding conversion cannot be performed.
+; http://php.net/mbstring.http-output
+;mbstring.http_output =
+
+; enable automatic encoding translation according to
+; mbstring.internal_encoding setting. Input chars are
+; converted to internal encoding by setting this to On.
+; Note: Do _not_ use automatic encoding translation for
+; portable libs/applications.
+; http://php.net/mbstring.encoding-translation
+;mbstring.encoding_translation = Off
+
+; automatic encoding detection order.
+; "auto" detect order is changed according to mbstring.language
+; http://php.net/mbstring.detect-order
+;mbstring.detect_order = auto
+
+; substitute_character used when character cannot be converted
+; one from another
+; http://php.net/mbstring.substitute-character
+;mbstring.substitute_character = none
+
+; overload(replace) single byte functions by mbstring functions.
+; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
+; etc. Possible values are 0,1,2,4 or combination of them.
+; For example, 7 for overload everything.
+; 0: No overload
+; 1: Overload mail() function
+; 2: Overload str*() functions
+; 4: Overload ereg*() functions
+; http://php.net/mbstring.func-overload
+;mbstring.func_overload = 0
+
+; enable strict encoding detection.
+; Default: Off
+;mbstring.strict_detection = On
+
+; This directive specifies the regex pattern of content types for which mb_output_handler()
+; is activated.
+; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
+;mbstring.http_output_conv_mimetype=
+
+; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
+; to the pcre.recursion_limit for PCRE.
+; Default: 100000
+;mbstring.regex_stack_limit=100000
+
+[gd]
+; Tell the jpeg decode to ignore warnings and try to create
+; a gd image. The warning will then be displayed as notices
+; disabled by default
+; http://php.net/gd.jpeg-ignore-warning
+;gd.jpeg_ignore_warning = 1
+
+[exif]
+; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
+; With mbstring support this will automatically be converted into the encoding
+; given by corresponding encode setting. When empty mbstring.internal_encoding
+; is used. For the decode settings you can distinguish between motorola and
+; intel byte order. A decode setting cannot be empty.
+; http://php.net/exif.encode-unicode
+;exif.encode_unicode = ISO-8859-15
+
+; http://php.net/exif.decode-unicode-motorola
+;exif.decode_unicode_motorola = UCS-2BE
+
+; http://php.net/exif.decode-unicode-intel
+;exif.decode_unicode_intel = UCS-2LE
+
+; http://php.net/exif.encode-jis
+;exif.encode_jis =
+
+; http://php.net/exif.decode-jis-motorola
+;exif.decode_jis_motorola = JIS
+
+; http://php.net/exif.decode-jis-intel
+;exif.decode_jis_intel = JIS
+
+[Tidy]
+; The path to a default tidy configuration file to use when using tidy
+; http://php.net/tidy.default-config
+;tidy.default_config = /usr/local/lib/php/default.tcfg
+
+; Should tidy clean and repair output automatically?
+; WARNING: Do not use this option if you are generating non-html content
+; such as dynamic images
+; http://php.net/tidy.clean-output
+tidy.clean_output = Off
+
+[soap]
+; Enables or disables WSDL caching feature.
+; http://php.net/soap.wsdl-cache-enabled
+soap.wsdl_cache_enabled=1
+
+; Sets the directory name where SOAP extension will put cache files.
+; http://php.net/soap.wsdl-cache-dir
+soap.wsdl_cache_dir="/tmp"
+
+; (time to live) Sets the number of second while cached file will be used
+; instead of original one.
+; http://php.net/soap.wsdl-cache-ttl
+soap.wsdl_cache_ttl=86400
+
+; Sets the size of the cache limit. (Max. number of WSDL files to cache)
+soap.wsdl_cache_limit = 5
+
+[sysvshm]
+; A default size of the shared memory segment
+;sysvshm.init_mem = 10000
+
+[ldap]
+; Sets the maximum number of open links or -1 for unlimited.
+ldap.max_links = -1
+
+[dba]
+;dba.default_handler=
+
+[opcache]
+; Determines if Zend OPCache is enabled
+;opcache.enable=1
+
+; Determines if Zend OPCache is enabled for the CLI version of PHP
+;opcache.enable_cli=0
+
+; The OPcache shared memory storage size.
+;opcache.memory_consumption=128
+
+; The amount of memory for interned strings in Mbytes.
+;opcache.interned_strings_buffer=8
+
+; The maximum number of keys (scripts) in the OPcache hash table.
+; Only numbers between 200 and 1000000 are allowed.
+;opcache.max_accelerated_files=10000
+
+; The maximum percentage of "wasted" memory until a restart is scheduled.
+;opcache.max_wasted_percentage=5
+
+; When this directive is enabled, the OPcache appends the current working
+; directory to the script key, thus eliminating possible collisions between
+; files with the same name (basename). Disabling the directive improves
+; performance, but may break existing applications.
+;opcache.use_cwd=1
+
+; When disabled, you must reset the OPcache manually or restart the
+; webserver for changes to the filesystem to take effect.
+;opcache.validate_timestamps=1
+
+; How often (in seconds) to check file timestamps for changes to the shared
+; memory storage allocation. ("1" means validate once per second, but only
+; once per request. "0" means always validate)
+;opcache.revalidate_freq=2
+
+; Enables or disables file search in include_path optimization
+;opcache.revalidate_path=0
+
+; If disabled, all PHPDoc comments are dropped from the code to reduce the
+; size of the optimized code.
+;opcache.save_comments=1
+
+; Allow file existence override (file_exists, etc.) performance feature.
+;opcache.enable_file_override=0
+
+; A bitmask, where each bit enables or disables the appropriate OPcache
+; passes
+;opcache.optimization_level=0x7FFFBFFF
+
+;opcache.dups_fix=0
+
+; The location of the OPcache blacklist file (wildcards allowed).
+; Each OPcache blacklist file is a text file that holds the names of files
+; that should not be accelerated. The file format is to add each filename
+; to a new line. The filename may be a full path or just a file prefix
+; (i.e., /var/www/x blacklists all the files and directories in /var/www
+; that start with 'x'). Line starting with a ; are ignored (comments).
+;opcache.blacklist_filename=
+
+; Allows exclusion of large files from being cached. By default all files
+; are cached.
+;opcache.max_file_size=0
+
+; Check the cache checksum each N requests.
+; The default value of "0" means that the checks are disabled.
+;opcache.consistency_checks=0
+
+; How long to wait (in seconds) for a scheduled restart to begin if the cache
+; is not being accessed.
+;opcache.force_restart_timeout=180
+
+; OPcache error_log file name. Empty string assumes "stderr".
+;opcache.error_log=
+
+; All OPcache errors go to the Web server log.
+; By default, only fatal errors (level 0) or errors (level 1) are logged.
+; You can also enable warnings (level 2), info messages (level 3) or
+; debug messages (level 4).
+;opcache.log_verbosity_level=1
+
+; Preferred Shared Memory back-end. Leave empty and let the system decide.
+;opcache.preferred_memory_model=
+
+; Protect the shared memory from unexpected writing during script execution.
+; Useful for internal debugging only.
+;opcache.protect_memory=0
+
+; Allows calling OPcache API functions only from PHP scripts which path is
+; started from specified string. The default "" means no restriction
+;opcache.restrict_api=
+
+; Mapping base of shared memory segments (for Windows only). All the PHP
+; processes have to map shared memory into the same address space. This
+; directive allows to manually fix the "Unable to reattach to base address"
+; errors.
+;opcache.mmap_base=
+
+; Enables and sets the second level cache directory.
+; It should improve performance when SHM memory is full, at server restart or
+; SHM reset. The default "" disables file based caching.
+;opcache.file_cache=
+
+; Enables or disables opcode caching in shared memory.
+;opcache.file_cache_only=0
+
+; Enables or disables checksum validation when script loaded from file cache.
+;opcache.file_cache_consistency_checks=1
+
+; Implies opcache.file_cache_only=1 for a certain process that failed to
+; reattach to the shared memory (for Windows only). Explicitly enabled file
+; cache is required.
+;opcache.file_cache_fallback=1
+
+; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
+; This should improve performance, but requires appropriate OS configuration.
+;opcache.huge_code_pages=1
+
+; Validate cached file permissions.
+;opcache.validate_permission=0
+
+; Prevent name collisions in chroot'ed environment.
+;opcache.validate_root=0
+
+; If specified, it produces opcode dumps for debugging different stages of
+; optimizations.
+;opcache.opt_debug_level=0
+
+[curl]
+; A default value for the CURLOPT_CAINFO option. This is required to be an
+; absolute path.
+;curl.cainfo =
+
+[openssl]
+; The location of a Certificate Authority (CA) file on the local filesystem
+; to use when verifying the identity of SSL/TLS peers. Most users should
+; not specify a value for this directive as PHP will attempt to use the
+; OS-managed cert stores in its absence. If specified, this value may still
+; be overridden on a per-stream basis via the "cafile" SSL stream context
+; option.
+;openssl.cafile=
+
+; If openssl.cafile is not specified or if the CA file is not found, the
+; directory pointed to by openssl.capath is searched for a suitable
+; certificate. This value must be a correctly hashed certificate directory.
+; Most users should not specify a value for this directive as PHP will
+; attempt to use the OS-managed cert stores in its absence. If specified,
+; this value may still be overridden on a per-stream basis via the "capath"
+; SSL stream context option.
+;openssl.capath=
+
+; Local Variables:
+; tab-width: 4
+; End:
--- /dev/null
+/etc/php/7.3/mods-available/mysqlnd.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/opcache.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/pdo.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xml.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/calendar.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/ctype.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/curl.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/dom.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/exif.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/fileinfo.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/ftp.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/gd.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/gettext.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/iconv.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/intl.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/json.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/mbstring.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/mysqli.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/pdo_mysql.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/phar.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/posix.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/readline.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/shmop.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/simplexml.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sockets.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sysvmsg.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sysvsem.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/sysvshm.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/tokenizer.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/wddx.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xmlreader.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xmlwriter.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/xsl.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.3/mods-available/zip.ini
\ No newline at end of file
--- /dev/null
+;;;;;;;;;;;;;;;;;;;;;
+; FPM Configuration ;
+;;;;;;;;;;;;;;;;;;;;;
+
+; All relative paths in this configuration file are relative to PHP's install
+; prefix (/usr). This prefix can be dynamically changed by using the
+; '-p' argument from the command line.
+
+;;;;;;;;;;;;;;;;;;
+; Global Options ;
+;;;;;;;;;;;;;;;;;;
+
+[global]
+; Pid file
+; Note: the default prefix is /var
+; Default Value: none
+pid = /run/php/php7.3-fpm.pid
+
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; into a local file.
+; Note: the default prefix is /var
+; Default Value: log/php-fpm.log
+error_log = /var/log/php7.3-fpm.log
+
+; syslog_facility is used to specify what type of program is logging the
+; message. This lets syslogd specify that messages from different facilities
+; will be handled differently.
+; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
+; Default Value: daemon
+;syslog.facility = daemon
+
+; syslog_ident is prepended to every message. If you have multiple FPM
+; instances running on the same server, you can change the default value
+; which must suit common needs.
+; Default Value: php-fpm
+;syslog.ident = php-fpm
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+;log_level = notice
+
+; Log limit on number of characters in the single line (log entry). If the
+; line is over the limit, it is wrapped on multiple lines. The limit is for
+; all logged characters including message prefix and suffix if present. However
+; the new line character does not count into it as it is present only when
+; logging to a file descriptor. It means the new line character is not present
+; when logging to syslog.
+; Default Value: 1024
+;log_limit = 4096
+
+; Log buffering specifies if the log line is buffered which means that the
+; line is written in a single write operation. If the value is false, then the
+; data is written directly into the file descriptor. It is an experimental
+; option that can potentionaly improve logging performance and memory usage
+; for some heavy logging scenarios. This option is ignored if logging to syslog
+; as it has to be always buffered.
+; Default value: yes
+;log_buffering = no
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+;emergency_restart_threshold = 0
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated. This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;emergency_restart_interval = 0
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;process_control_timeout = 0
+
+; The maximum number of processes FPM will fork. This has been designed to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+; process.max = 128
+
+; Specify the nice(2) priority to apply to the master process (only if set)
+; The value can vary from -19 (highest priority) to 20 (lowest priority)
+; Note: - It will only work if the FPM master process is launched as root
+; - The pool process will inherit the master process priority
+; unless specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
+; Default Value: yes
+;daemonize = yes
+
+; Set open file descriptor rlimit for the master process.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit for the master process.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Specify the event mechanism FPM will use. The following is available:
+; - select (any POSIX os)
+; - poll (any POSIX os)
+; - epoll (linux >= 2.5.44)
+; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
+; - /dev/poll (Solaris >= 7)
+; - port (Solaris >= 10)
+; Default Value: not set (auto detection)
+;events.mechanism = epoll
+
+; When FPM is built with systemd integration, specify the interval,
+; in seconds, between health report notification to systemd.
+; Set to 0 to disable.
+; Available Units: s(econds), m(inutes), h(ours)
+; Default Unit: seconds
+; Default value: 10
+;systemd_interval = 10
+
+;;;;;;;;;;;;;;;;;;;;
+; Pool Definitions ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Multiple pools of child processes may be started with different listening
+; ports and different management options. The name of the pool will be
+; used in logs and stats. There is no limitation on the number of pools which
+; FPM can handle. Your system will tell you anyway :)
+
+; Include one or more files. If glob(3) exists, it is used to include a bunch of
+; files from a glob(3) pattern. This directive can be used everywhere in the
+; file.
+; Relative path can also be used. They will be prefixed by:
+; - the global prefix if it's been set (-p argument)
+; - /usr otherwise
+include=/etc/php/7.3/fpm/pool.d/*.conf
--- /dev/null
+[PHP]
+
+;;;;;;;;;;;;;;;;;;;
+; About php.ini ;
+;;;;;;;;;;;;;;;;;;;
+; PHP's initialization file, generally called php.ini, is responsible for
+; configuring many of the aspects of PHP's behavior.
+
+; PHP attempts to find and load this configuration from a number of locations.
+; The following is a summary of its search order:
+; 1. SAPI module specific location.
+; 2. The PHPRC environment variable. (As of PHP 5.2.0)
+; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
+; 4. Current working directory (except CLI)
+; 5. The web server's directory (for SAPI modules), or directory of PHP
+; (otherwise in Windows)
+; 6. The directory from the --with-config-file-path compile time option, or the
+; Windows directory (usually C:\windows)
+; See the PHP docs for more specific information.
+; http://php.net/configuration.file
+
+; The syntax of the file is extremely simple. Whitespace and lines
+; beginning with a semicolon are silently ignored (as you probably guessed).
+; Section headers (e.g. [Foo]) are also silently ignored, even though
+; they might mean something in the future.
+
+; Directives following the section heading [PATH=/www/mysite] only
+; apply to PHP files in the /www/mysite directory. Directives
+; following the section heading [HOST=www.example.com] only apply to
+; PHP files served from www.example.com. Directives set in these
+; special sections cannot be overridden by user-defined INI files or
+; at runtime. Currently, [PATH=] and [HOST=] sections only work under
+; CGI/FastCGI.
+; http://php.net/ini.sections
+
+; Directives are specified using the following syntax:
+; directive = value
+; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
+; Directives are variables used to configure PHP or PHP extensions.
+; There is no name validation. If PHP can't find an expected
+; directive because it is not set or is mistyped, a default value will be used.
+
+; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
+; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
+; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
+; previously set variable or directive (e.g. ${foo})
+
+; Expressions in the INI file are limited to bitwise operators and parentheses:
+; | bitwise OR
+; ^ bitwise XOR
+; & bitwise AND
+; ~ bitwise NOT
+; ! boolean NOT
+
+; Boolean flags can be turned on using the values 1, On, True or Yes.
+; They can be turned off using the values 0, Off, False or No.
+
+; An empty string can be denoted by simply not writing anything after the equal
+; sign, or by using the None keyword:
+
+; foo = ; sets foo to an empty string
+; foo = None ; sets foo to an empty string
+; foo = "None" ; sets foo to the string 'None'
+
+; If you use constants in your value, and these constants belong to a
+; dynamically loaded extension (either a PHP extension or a Zend extension),
+; you may only use these constants *after* the line that loads the extension.
+
+;;;;;;;;;;;;;;;;;;;
+; About this file ;
+;;;;;;;;;;;;;;;;;;;
+; PHP comes packaged with two INI files. One that is recommended to be used
+; in production environments and one that is recommended to be used in
+; development environments.
+
+; php.ini-production contains settings which hold security, performance and
+; best practices at its core. But please be aware, these settings may break
+; compatibility with older or less security conscience applications. We
+; recommending using the production ini in production and testing environments.
+
+; php.ini-development is very similar to its production variant, except it is
+; much more verbose when it comes to errors. We recommend using the
+; development version only in development environments, as errors shown to
+; application users can inadvertently leak otherwise secure information.
+
+; This is the php.ini-production INI file.
+
+;;;;;;;;;;;;;;;;;;;
+; Quick Reference ;
+;;;;;;;;;;;;;;;;;;;
+; The following are all the settings which are different in either the production
+; or development versions of the INIs with respect to PHP's default behavior.
+; Please see the actual settings later in the document for more details as to why
+; we recommend these changes in PHP's behavior.
+
+; display_errors
+; Default Value: On
+; Development Value: On
+; Production Value: Off
+
+; display_startup_errors
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+
+; error_reporting
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+
+; html_errors
+; Default Value: On
+; Development Value: On
+; Production value: On
+
+; log_errors
+; Default Value: Off
+; Development Value: On
+; Production Value: On
+
+; max_input_time
+; Default Value: -1 (Unlimited)
+; Development Value: 60 (60 seconds)
+; Production Value: 60 (60 seconds)
+
+; output_buffering
+; Default Value: Off
+; Development Value: 4096
+; Production Value: 4096
+
+; register_argc_argv
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+
+; request_order
+; Default Value: None
+; Development Value: "GP"
+; Production Value: "GP"
+
+; session.gc_divisor
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+
+; session.sid_bits_per_character
+; Default Value: 4
+; Development Value: 5
+; Production Value: 5
+
+; short_open_tag
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+
+; variables_order
+; Default Value: "EGPCS"
+; Development Value: "GPCS"
+; Production Value: "GPCS"
+
+;;;;;;;;;;;;;;;;;;;;
+; php.ini Options ;
+;;;;;;;;;;;;;;;;;;;;
+; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
+;user_ini.filename = ".user.ini"
+
+; To disable this feature set this option to an empty value
+;user_ini.filename =
+
+; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
+;user_ini.cache_ttl = 300
+
+;;;;;;;;;;;;;;;;;;;;
+; Language Options ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Enable the PHP scripting language engine under Apache.
+; http://php.net/engine
+engine = On
+
+; This directive determines whether or not PHP will recognize code between
+; <? and ?> tags as PHP source which should be processed as such. It is
+; generally recommended that <?php and ?> should be used and that this feature
+; should be disabled, as enabling it may result in issues when generating XML
+; documents, however this remains supported for backward compatibility reasons.
+; Note that this directive does not control the <?= shorthand tag, which can be
+; used regardless of this directive.
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+; http://php.net/short-open-tag
+short_open_tag = Off
+
+; The number of significant digits displayed in floating point numbers.
+; http://php.net/precision
+precision = 14
+
+; Output buffering is a mechanism for controlling how much output data
+; (excluding headers and cookies) PHP should keep internally before pushing that
+; data to the client. If your application's output exceeds this setting, PHP
+; will send that data in chunks of roughly the size you specify.
+; Turning on this setting and managing its maximum buffer size can yield some
+; interesting side-effects depending on your application and web server.
+; You may be able to send headers and cookies after you've already sent output
+; through print or echo. You also may see performance benefits if your server is
+; emitting less packets due to buffered output versus PHP streaming the output
+; as it gets it. On production servers, 4096 bytes is a good setting for performance
+; reasons.
+; Note: Output buffering can also be controlled via Output Buffering Control
+; functions.
+; Possible Values:
+; On = Enabled and buffer is unlimited. (Use with caution)
+; Off = Disabled
+; Integer = Enables the buffer and sets its maximum size in bytes.
+; Note: This directive is hardcoded to Off for the CLI SAPI
+; Default Value: Off
+; Development Value: 4096
+; Production Value: 4096
+; http://php.net/output-buffering
+output_buffering = 4096
+
+; You can redirect all of the output of your scripts to a function. For
+; example, if you set output_handler to "mb_output_handler", character
+; encoding will be transparently converted to the specified encoding.
+; Setting any output handler automatically turns on output buffering.
+; Note: People who wrote portable scripts should not depend on this ini
+; directive. Instead, explicitly set the output handler using ob_start().
+; Using this ini directive may cause problems unless you know what script
+; is doing.
+; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
+; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
+; Note: output_handler must be empty if this is set 'On' !!!!
+; Instead you must use zlib.output_handler.
+; http://php.net/output-handler
+;output_handler =
+
+; URL rewriter function rewrites URL on the fly by using
+; output buffer. You can set target tags by this configuration.
+; "form" tag is special tag. It will add hidden input tag to pass values.
+; Refer to session.trans_sid_tags for usage.
+; Default Value: "form="
+; Development Value: "form="
+; Production Value: "form="
+;url_rewriter.tags
+
+; URL rewriter will not rewrite absolute URL nor form by default. To enable
+; absolute URL rewrite, allowed hosts must be defined at RUNTIME.
+; Refer to session.trans_sid_hosts for more details.
+; Default Value: ""
+; Development Value: ""
+; Production Value: ""
+;url_rewriter.hosts
+
+; Transparent output compression using the zlib library
+; Valid values for this option are 'off', 'on', or a specific buffer size
+; to be used for compression (default is 4KB)
+; Note: Resulting chunk size may vary due to nature of compression. PHP
+; outputs chunks that are few hundreds bytes each as a result of
+; compression. If you prefer a larger chunk size for better
+; performance, enable output_buffering in addition.
+; Note: You need to use zlib.output_handler instead of the standard
+; output_handler, or otherwise the output will be corrupted.
+; http://php.net/zlib.output-compression
+zlib.output_compression = Off
+
+; http://php.net/zlib.output-compression-level
+;zlib.output_compression_level = -1
+
+; You cannot specify additional output handlers if zlib.output_compression
+; is activated here. This setting does the same as output_handler but in
+; a different order.
+; http://php.net/zlib.output-handler
+;zlib.output_handler =
+
+; Implicit flush tells PHP to tell the output layer to flush itself
+; automatically after every output block. This is equivalent to calling the
+; PHP function flush() after each and every call to print() or echo() and each
+; and every HTML block. Turning this option on has serious performance
+; implications and is generally recommended for debugging purposes only.
+; http://php.net/implicit-flush
+; Note: This directive is hardcoded to On for the CLI SAPI
+implicit_flush = Off
+
+; The unserialize callback function will be called (with the undefined class'
+; name as parameter), if the unserializer finds an undefined class
+; which should be instantiated. A warning appears if the specified function is
+; not defined, or if the function doesn't include/implement the missing class.
+; So only set this entry, if you really want to implement such a
+; callback-function.
+unserialize_callback_func =
+
+; When floats & doubles are serialized, store serialize_precision significant
+; digits after the floating point. The default value ensures that when floats
+; are decoded with unserialize, the data will remain the same.
+; The value is also used for json_encode when encoding double values.
+; If -1 is used, then dtoa mode 0 is used which automatically select the best
+; precision.
+serialize_precision = -1
+
+; open_basedir, if set, limits all file operations to the defined directory
+; and below. This directive makes most sense if used in a per-directory
+; or per-virtualhost web server configuration file.
+; Note: disables the realpath cache
+; http://php.net/open-basedir
+;open_basedir =
+
+; This directive allows you to disable certain functions for security reasons.
+; It receives a comma-delimited list of function names.
+; http://php.net/disable-functions
+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
+
+; This directive allows you to disable certain classes for security reasons.
+; It receives a comma-delimited list of class names.
+; http://php.net/disable-classes
+disable_classes =
+
+; Colors for Syntax Highlighting mode. Anything that's acceptable in
+; <span style="color: ???????"> would work.
+; http://php.net/syntax-highlighting
+;highlight.string = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html = #000000
+
+; If enabled, the request will be allowed to complete even if the user aborts
+; the request. Consider enabling it if executing long requests, which may end up
+; being interrupted by the user or a browser timing out. PHP's default behavior
+; is to disable this feature.
+; http://php.net/ignore-user-abort
+;ignore_user_abort = On
+
+; Determines the size of the realpath cache to be used by PHP. This value should
+; be increased on systems where PHP opens many files to reflect the quantity of
+; the file operations performed.
+; Note: if open_basedir is set, the cache is disabled
+; http://php.net/realpath-cache-size
+;realpath_cache_size = 4096k
+
+; Duration of time, in seconds for which to cache realpath information for a given
+; file or directory. For systems with rarely changing files, consider increasing this
+; value.
+; http://php.net/realpath-cache-ttl
+;realpath_cache_ttl = 120
+
+; Enables or disables the circular reference collector.
+; http://php.net/zend.enable-gc
+zend.enable_gc = On
+
+; If enabled, scripts may be written in encodings that are incompatible with
+; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
+; encodings. To use this feature, mbstring extension must be enabled.
+; Default: Off
+;zend.multibyte = Off
+
+; Allows to set the default encoding for the scripts. This value will be used
+; unless "declare(encoding=...)" directive appears at the top of the script.
+; Only affects if zend.multibyte is set.
+; Default: ""
+;zend.script_encoding =
+
+;;;;;;;;;;;;;;;;;
+; Miscellaneous ;
+;;;;;;;;;;;;;;;;;
+
+; Decides whether PHP may expose the fact that it is installed on the server
+; (e.g. by adding its signature to the Web server header). It is no security
+; threat in any way, but it makes it possible to determine whether you use PHP
+; on your server or not.
+; http://php.net/expose-php
+expose_php = Off
+
+;;;;;;;;;;;;;;;;;;;
+; Resource Limits ;
+;;;;;;;;;;;;;;;;;;;
+
+; Maximum execution time of each script, in seconds
+; http://php.net/max-execution-time
+; Note: This directive is hardcoded to 0 for the CLI SAPI
+max_execution_time = 30
+
+; Maximum amount of time each script may spend parsing request data. It's a good
+; idea to limit this time on productions servers in order to eliminate unexpectedly
+; long running scripts.
+; Note: This directive is hardcoded to -1 for the CLI SAPI
+; Default Value: -1 (Unlimited)
+; Development Value: 60 (60 seconds)
+; Production Value: 60 (60 seconds)
+; http://php.net/max-input-time
+max_input_time = 60
+
+; Maximum input variable nesting level
+; http://php.net/max-input-nesting-level
+;max_input_nesting_level = 64
+
+; How many GET/POST/COOKIE input variables may be accepted
+;max_input_vars = 1000
+
+; Maximum amount of memory a script may consume (128MB)
+; http://php.net/memory-limit
+memory_limit = 128M
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Error handling and logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; This directive informs PHP of which errors, warnings and notices you would like
+; it to take action for. The recommended way of setting values for this
+; directive is through the use of the error level constants and bitwise
+; operators. The error level constants are below here for convenience as well as
+; some common settings and their meanings.
+; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
+; those related to E_NOTICE and E_STRICT, which together cover best practices and
+; recommended coding standards in PHP. For performance reasons, this is the
+; recommend error reporting setting. Your production server shouldn't be wasting
+; resources complaining about best practices and coding standards. That's what
+; development servers and development settings are for.
+; Note: The php.ini-development file has this setting as E_ALL. This
+; means it pretty much reports everything which is exactly what you want during
+; development and early testing.
+;
+; Error Level Constants:
+; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
+; E_ERROR - fatal run-time errors
+; E_RECOVERABLE_ERROR - almost fatal run-time errors
+; E_WARNING - run-time warnings (non-fatal errors)
+; E_PARSE - compile-time parse errors
+; E_NOTICE - run-time notices (these are warnings which often result
+; from a bug in your code, but it's possible that it was
+; intentional (e.g., using an uninitialized variable and
+; relying on the fact it is automatically initialized to an
+; empty string)
+; E_STRICT - run-time notices, enable to have PHP suggest changes
+; to your code which will ensure the best interoperability
+; and forward compatibility of your code
+; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
+; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
+; initial startup
+; E_COMPILE_ERROR - fatal compile-time errors
+; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
+; E_USER_ERROR - user-generated error message
+; E_USER_WARNING - user-generated warning message
+; E_USER_NOTICE - user-generated notice message
+; E_DEPRECATED - warn about code that will not work in future versions
+; of PHP
+; E_USER_DEPRECATED - user-generated deprecation warnings
+;
+; Common Values:
+; E_ALL (Show all errors, warnings and notices including coding standards.)
+; E_ALL & ~E_NOTICE (Show all errors, except for notices)
+; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
+; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+; http://php.net/error-reporting
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+
+; This directive controls whether or not and where PHP will output errors,
+; notices and warnings too. Error output is very useful during development, but
+; it could be very dangerous in production environments. Depending on the code
+; which is triggering the error, sensitive information could potentially leak
+; out of your application such as database usernames and passwords or worse.
+; For production environments, we recommend logging errors rather than
+; sending them to STDOUT.
+; Possible Values:
+; Off = Do not display any errors
+; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
+; On or stdout = Display errors to STDOUT
+; Default Value: On
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-errors
+display_errors = Off
+
+; The display of errors which occur during PHP's startup sequence are handled
+; separately from display_errors. PHP's default behavior is to suppress those
+; errors from clients. Turning the display of startup errors on can be useful in
+; debugging configuration problems. We strongly recommend you
+; set this to 'off' for production servers.
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-startup-errors
+display_startup_errors = Off
+
+; Besides displaying errors, PHP can also log errors to locations such as a
+; server-specific log, STDERR, or a location specified by the error_log
+; directive found below. While errors should not be displayed on productions
+; servers they should still be monitored and logging is a great way to do that.
+; Default Value: Off
+; Development Value: On
+; Production Value: On
+; http://php.net/log-errors
+log_errors = On
+
+; Set maximum length of log_errors. In error_log information about the source is
+; added. The default is 1024 and 0 allows to not apply any maximum length at all.
+; http://php.net/log-errors-max-len
+log_errors_max_len = 1024
+
+; Do not log repeated messages. Repeated errors must occur in same file on same
+; line unless ignore_repeated_source is set true.
+; http://php.net/ignore-repeated-errors
+ignore_repeated_errors = Off
+
+; Ignore source of message when ignoring repeated messages. When this setting
+; is On you will not log errors with repeated messages from different files or
+; source lines.
+; http://php.net/ignore-repeated-source
+ignore_repeated_source = Off
+
+; If this parameter is set to Off, then memory leaks will not be shown (on
+; stdout or in the log). This has only effect in a debug compile, and if
+; error reporting includes E_WARNING in the allowed list
+; http://php.net/report-memleaks
+report_memleaks = On
+
+; This setting is on by default.
+;report_zend_debug = 0
+
+; Store the last error/warning message in $php_errormsg (boolean). Setting this value
+; to On can assist in debugging and is appropriate for development servers. It should
+; however be disabled on production servers.
+; This directive is DEPRECATED.
+; Default Value: Off
+; Development Value: Off
+; Production Value: Off
+; http://php.net/track-errors
+;track_errors = Off
+
+; Turn off normal error reporting and emit XML-RPC error XML
+; http://php.net/xmlrpc-errors
+;xmlrpc_errors = 0
+
+; An XML-RPC faultCode
+;xmlrpc_error_number = 0
+
+; When PHP displays or logs an error, it has the capability of formatting the
+; error message as HTML for easier reading. This directive controls whether
+; the error message is formatted as HTML or not.
+; Note: This directive is hardcoded to Off for the CLI SAPI
+; Default Value: On
+; Development Value: On
+; Production value: On
+; http://php.net/html-errors
+html_errors = On
+
+; If html_errors is set to On *and* docref_root is not empty, then PHP
+; produces clickable error messages that direct to a page describing the error
+; or function causing the error in detail.
+; You can download a copy of the PHP manual from http://php.net/docs
+; and change docref_root to the base URL of your local copy including the
+; leading '/'. You must also specify the file extension being used including
+; the dot. PHP's default behavior is to leave these settings empty, in which
+; case no links to documentation are generated.
+; Note: Never use this feature for production boxes.
+; http://php.net/docref-root
+; Examples
+;docref_root = "/phpmanual/"
+
+; http://php.net/docref-ext
+;docref_ext = .html
+
+; String to output before an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-prepend-string
+; Example:
+;error_prepend_string = "<span style='color: #ff0000'>"
+
+; String to output after an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-append-string
+; Example:
+;error_append_string = "</span>"
+
+; Log errors to specified file. PHP's default behavior is to leave this value
+; empty.
+; http://php.net/error-log
+; Example:
+;error_log = php_errors.log
+; Log errors to syslog (Event Log on Windows).
+;error_log = syslog
+
+; The syslog ident is a string which is prepended to every message logged
+; to syslog. Only used when error_log is set to syslog.
+;syslog.ident = php
+
+; The syslog facility is used to specify what type of program is logging
+; the message. Only used when error_log is set to syslog.
+;syslog.facility = user
+
+; Set this to disable filtering control characters (the default).
+; Some loggers only accept NVT-ASCII, others accept anything that's not
+; control characters. If your logger accepts everything, then no filtering
+; is needed at all.
+; Allowed values are:
+; ascii (all printable ASCII characters and NL)
+; no-ctrl (all characters except control characters)
+; all (all characters)
+; raw (like "all", but messages are not split at newlines)
+; http://php.net/syslog.filter
+;syslog.filter = ascii
+
+;windows.show_crt_warning
+; Default value: 0
+; Development value: 0
+; Production value: 0
+
+;;;;;;;;;;;;;;;;;
+; Data Handling ;
+;;;;;;;;;;;;;;;;;
+
+; The separator used in PHP generated URLs to separate arguments.
+; PHP's default setting is "&".
+; http://php.net/arg-separator.output
+; Example:
+;arg_separator.output = "&"
+
+; List of separator(s) used by PHP to parse input URLs into variables.
+; PHP's default setting is "&".
+; NOTE: Every character in this directive is considered as separator!
+; http://php.net/arg-separator.input
+; Example:
+;arg_separator.input = ";&"
+
+; This directive determines which super global arrays are registered when PHP
+; starts up. G,P,C,E & S are abbreviations for the following respective super
+; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
+; paid for the registration of these arrays and because ENV is not as commonly
+; used as the others, ENV is not recommended on productions servers. You
+; can still get access to the environment variables through getenv() should you
+; need to.
+; Default Value: "EGPCS"
+; Development Value: "GPCS"
+; Production Value: "GPCS";
+; http://php.net/variables-order
+variables_order = "GPCS"
+
+; This directive determines which super global data (G,P & C) should be
+; registered into the super global array REQUEST. If so, it also determines
+; the order in which that data is registered. The values for this directive
+; are specified in the same manner as the variables_order directive,
+; EXCEPT one. Leaving this value empty will cause PHP to use the value set
+; in the variables_order directive. It does not mean it will leave the super
+; globals array REQUEST empty.
+; Default Value: None
+; Development Value: "GP"
+; Production Value: "GP"
+; http://php.net/request-order
+request_order = "GP"
+
+; This directive determines whether PHP registers $argv & $argc each time it
+; runs. $argv contains an array of all the arguments passed to PHP when a script
+; is invoked. $argc contains an integer representing the number of arguments
+; that were passed when the script was invoked. These arrays are extremely
+; useful when running scripts from the command line. When this directive is
+; enabled, registering these variables consumes CPU cycles and memory each time
+; a script is executed. For performance reasons, this feature should be disabled
+; on production servers.
+; Note: This directive is hardcoded to On for the CLI SAPI
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+; http://php.net/register-argc-argv
+register_argc_argv = Off
+
+; When enabled, the ENV, REQUEST and SERVER variables are created when they're
+; first used (Just In Time) instead of when the script starts. If these
+; variables are not used within a script, having this directive on will result
+; in a performance gain. The PHP directive register_argc_argv must be disabled
+; for this directive to have any affect.
+; http://php.net/auto-globals-jit
+auto_globals_jit = On
+
+; Whether PHP will read the POST data.
+; This option is enabled by default.
+; Most likely, you won't want to disable this option globally. It causes $_POST
+; and $_FILES to always be empty; the only way you will be able to read the
+; POST data will be through the php://input stream wrapper. This can be useful
+; to proxy requests or to process the POST data in a memory efficient fashion.
+; http://php.net/enable-post-data-reading
+;enable_post_data_reading = Off
+
+; Maximum size of POST data that PHP will accept.
+; Its value may be 0 to disable the limit. It is ignored if POST data reading
+; is disabled through enable_post_data_reading.
+; http://php.net/post-max-size
+post_max_size = 8M
+
+; Automatically add files before PHP document.
+; http://php.net/auto-prepend-file
+auto_prepend_file =
+
+; Automatically add files after PHP document.
+; http://php.net/auto-append-file
+auto_append_file =
+
+; By default, PHP will output a media type using the Content-Type header. To
+; disable this, simply set it to be empty.
+;
+; PHP's built-in default media type is set to text/html.
+; http://php.net/default-mimetype
+default_mimetype = "text/html"
+
+; PHP's default character set is set to UTF-8.
+; http://php.net/default-charset
+default_charset = "UTF-8"
+
+; PHP internal character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/internal-encoding
+;internal_encoding =
+
+; PHP input character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/input-encoding
+;input_encoding =
+
+; PHP output character encoding is set to empty.
+; If empty, default_charset is used.
+; See also output_buffer.
+; http://php.net/output-encoding
+;output_encoding =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;
+; Paths and Directories ;
+;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; UNIX: "/path1:/path2"
+;include_path = ".:/usr/share/php"
+;
+; Windows: "\path1;\path2"
+;include_path = ".;c:\php\includes"
+;
+; PHP's default setting for include_path is ".;/path/to/php/pear"
+; http://php.net/include-path
+
+; The root of the PHP pages, used only if nonempty.
+; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
+; if you are running php as a CGI under any web server (other than IIS)
+; see documentation for security issues. The alternate is to use the
+; cgi.force_redirect configuration below
+; http://php.net/doc-root
+doc_root =
+
+; The directory under which PHP opens the script using /~username used only
+; if nonempty.
+; http://php.net/user-dir
+user_dir =
+
+; Directory in which the loadable extensions (modules) reside.
+; http://php.net/extension-dir
+;extension_dir = "./"
+; On windows:
+;extension_dir = "ext"
+
+; Directory where the temporary files should be placed.
+; Defaults to the system default (see sys_get_temp_dir)
+;sys_temp_dir = "/tmp"
+
+; Whether or not to enable the dl() function. The dl() function does NOT work
+; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+; disabled on them.
+; http://php.net/enable-dl
+enable_dl = Off
+
+; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+; most web servers. Left undefined, PHP turns this on by default. You can
+; turn it off here AT YOUR OWN RISK
+; **You CAN safely turn this off for IIS, in fact, you MUST.**
+; http://php.net/cgi.force-redirect
+;cgi.force_redirect = 1
+
+; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
+; every request. PHP's default behavior is to disable this feature.
+;cgi.nph = 1
+
+; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
+; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+; will look for to know it is OK to continue execution. Setting this variable MAY
+; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+; http://php.net/cgi.redirect-status-env
+;cgi.redirect_status_env =
+
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
+; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
+; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; http://php.net/cgi.fix-pathinfo
+;cgi.fix_pathinfo=1
+
+; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
+; of the web tree and people will not be able to circumvent .htaccess security.
+;cgi.discard_path=1
+
+; FastCGI under IIS supports the ability to impersonate
+; security tokens of the calling client. This allows IIS to define the
+; security context that the request runs under. mod_fastcgi under Apache
+; does not currently support this feature (03/17/2002)
+; Set to 1 if running under IIS. Default is zero.
+; http://php.net/fastcgi.impersonate
+;fastcgi.impersonate = 1
+
+; Disable logging through FastCGI connection. PHP's default behavior is to enable
+; this feature.
+;fastcgi.logging = 0
+
+; cgi.rfc2616_headers configuration option tells PHP what type of headers to
+; use when sending HTTP response code. If set to 0, PHP sends Status: header that
+; is supported by Apache. When this option is set to 1, PHP will send
+; RFC2616 compliant header.
+; Default is zero.
+; http://php.net/cgi.rfc2616-headers
+;cgi.rfc2616_headers = 0
+
+; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
+; (shebang) at the top of the running script. This line might be needed if the
+; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
+; mode skips this line and ignores its content if this directive is turned on.
+; http://php.net/cgi.check-shebang-line
+;cgi.check_shebang_line=1
+
+;;;;;;;;;;;;;;;;
+; File Uploads ;
+;;;;;;;;;;;;;;;;
+
+; Whether to allow HTTP file uploads.
+; http://php.net/file-uploads
+file_uploads = On
+
+; Temporary directory for HTTP uploaded files (will use system default if not
+; specified).
+; http://php.net/upload-tmp-dir
+;upload_tmp_dir =
+
+; Maximum allowed size for uploaded files.
+; http://php.net/upload-max-filesize
+upload_max_filesize = 2M
+
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 20
+
+;;;;;;;;;;;;;;;;;;
+; Fopen wrappers ;
+;;;;;;;;;;;;;;;;;;
+
+; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-fopen
+allow_url_fopen = On
+
+; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-include
+allow_url_include = Off
+
+; Define the anonymous ftp password (your email address). PHP's default setting
+; for this is empty.
+; http://php.net/from
+;from="john@doe.com"
+
+; Define the User-Agent string. PHP's default setting for this is empty.
+; http://php.net/user-agent
+;user_agent="PHP"
+
+; Default timeout for socket based streams (seconds)
+; http://php.net/default-socket-timeout
+default_socket_timeout = 60
+
+; If your scripts have to deal with files from Macintosh systems,
+; or you are running on a Mac and need to deal with files from
+; unix or win32 systems, setting this flag will cause PHP to
+; automatically detect the EOL character in those files so that
+; fgets() and file() will work regardless of the source of the file.
+; http://php.net/auto-detect-line-endings
+;auto_detect_line_endings = Off
+
+;;;;;;;;;;;;;;;;;;;;;;
+; Dynamic Extensions ;
+;;;;;;;;;;;;;;;;;;;;;;
+
+; If you wish to have an extension loaded automatically, use the following
+; syntax:
+;
+; extension=modulename
+;
+; For example:
+;
+; extension=mysqli
+;
+; When the extension library to load is not located in the default extension
+; directory, You may specify an absolute path to the library file:
+;
+; extension=/path/to/extension/mysqli.so
+;
+; Note : The syntax used in previous PHP versions ('extension=<ext>.so' and
+; 'extension='php_<ext>.dll') is supported for legacy reasons and may be
+; deprecated in a future PHP major version. So, when it is possible, please
+; move to the new ('extension=<ext>) syntax.
+;
+; Notes for Windows environments :
+;
+; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+)
+; extension folders as well as the separate PECL DLL download (PHP 5+).
+; Be sure to appropriately set the extension_dir directive.
+;
+;extension=bz2
+;extension=curl
+;extension=fileinfo
+;extension=gd2
+;extension=gettext
+;extension=gmp
+;extension=intl
+;extension=imap
+;extension=interbase
+;extension=ldap
+;extension=mbstring
+;extension=exif ; Must be after mbstring as it depends on it
+;extension=mysqli
+;extension=oci8_12c ; Use with Oracle Database 12c Instant Client
+;extension=odbc
+;extension=openssl
+;extension=pdo_firebird
+;extension=pdo_mysql
+;extension=pdo_oci
+;extension=pdo_odbc
+;extension=pdo_pgsql
+;extension=pdo_sqlite
+;extension=pgsql
+;extension=shmop
+
+; The MIBS data available in the PHP distribution must be installed.
+; See http://www.php.net/manual/en/snmp.installation.php
+;extension=snmp
+
+;extension=soap
+;extension=sockets
+;extension=sodium
+;extension=sqlite3
+;extension=tidy
+;extension=xmlrpc
+;extension=xsl
+
+;;;;;;;;;;;;;;;;;;;
+; Module Settings ;
+;;;;;;;;;;;;;;;;;;;
+
+[CLI Server]
+; Whether the CLI web server uses ANSI color coding in its terminal output.
+cli_server.color = On
+
+[Date]
+; Defines the default timezone used by the date functions
+; http://php.net/date.timezone
+;date.timezone =
+
+; http://php.net/date.default-latitude
+;date.default_latitude = 31.7667
+
+; http://php.net/date.default-longitude
+;date.default_longitude = 35.2333
+
+; http://php.net/date.sunrise-zenith
+;date.sunrise_zenith = 90.583333
+
+; http://php.net/date.sunset-zenith
+;date.sunset_zenith = 90.583333
+
+[filter]
+; http://php.net/filter.default
+;filter.default = unsafe_raw
+
+; http://php.net/filter.default-flags
+;filter.default_flags =
+
+[iconv]
+; Use of this INI entry is deprecated, use global input_encoding instead.
+; If empty, default_charset or input_encoding or iconv.input_encoding is used.
+; The precedence is: default_charset < input_encoding < iconv.input_encoding
+;iconv.input_encoding =
+
+; Use of this INI entry is deprecated, use global internal_encoding instead.
+; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
+; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
+;iconv.internal_encoding =
+
+; Use of this INI entry is deprecated, use global output_encoding instead.
+; If empty, default_charset or output_encoding or iconv.output_encoding is used.
+; The precedence is: default_charset < output_encoding < iconv.output_encoding
+; To use an output encoding conversion, iconv's output handler must be set
+; otherwise output encoding conversion cannot be performed.
+;iconv.output_encoding =
+
+[imap]
+; rsh/ssh logins are disabled by default. Use this INI entry if you want to
+; enable them. Note that the IMAP library does not filter mailbox names before
+; passing them to rsh/ssh command, thus passing untrusted data to this function
+; with rsh/ssh enabled is insecure.
+;imap.enable_insecure_rsh=0
+
+[intl]
+;intl.default_locale =
+; This directive allows you to produce PHP errors when some error
+; happens within intl functions. The value is the level of the error produced.
+; Default is 0, which does not produce any errors.
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
+
+[sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
+;sqlite3.extension_dir =
+
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+;sqlite3.defensive = 1
+
+[Pcre]
+; PCRE library backtracking limit.
+; http://php.net/pcre.backtrack-limit
+;pcre.backtrack_limit=100000
+
+; PCRE library recursion limit.
+; Please note that if you set this value to a high number you may consume all
+; the available process stack and eventually crash PHP (due to reaching the
+; stack size limit imposed by the Operating System).
+; http://php.net/pcre.recursion-limit
+;pcre.recursion_limit=100000
+
+; Enables or disables JIT compilation of patterns. This requires the PCRE
+; library to be compiled with JIT support.
+;pcre.jit=1
+
+[Pdo]
+; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
+; http://php.net/pdo-odbc.connection-pooling
+;pdo_odbc.connection_pooling=strict
+
+;pdo_odbc.db2_instance_name
+
+[Pdo_mysql]
+; Default socket name for local MySQL connects. If empty, uses the built-in
+; MySQL defaults.
+pdo_mysql.default_socket=
+
+[Phar]
+; http://php.net/phar.readonly
+;phar.readonly = On
+
+; http://php.net/phar.require-hash
+;phar.require_hash = On
+
+;phar.cache_list =
+
+[mail function]
+; For Win32 only.
+; http://php.net/smtp
+SMTP = localhost
+; http://php.net/smtp-port
+smtp_port = 25
+
+; For Win32 only.
+; http://php.net/sendmail-from
+;sendmail_from = me@example.com
+
+; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
+; http://php.net/sendmail-path
+;sendmail_path =
+
+; Force the addition of the specified parameters to be passed as extra parameters
+; to the sendmail binary. These parameters will always replace the value of
+; the 5th parameter to mail().
+;mail.force_extra_parameters =
+
+; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
+mail.add_x_header = Off
+
+; The path to a log file that will log all mail() calls. Log entries include
+; the full path of the script, line number, To address and headers.
+;mail.log =
+; Log mail to syslog (Event Log on Windows).
+;mail.log = syslog
+
+[ODBC]
+; http://php.net/odbc.default-db
+;odbc.default_db = Not yet implemented
+
+; http://php.net/odbc.default-user
+;odbc.default_user = Not yet implemented
+
+; http://php.net/odbc.default-pw
+;odbc.default_pw = Not yet implemented
+
+; Controls the ODBC cursor model.
+; Default: SQL_CURSOR_STATIC (default).
+;odbc.default_cursortype
+
+; Allow or prevent persistent links.
+; http://php.net/odbc.allow-persistent
+odbc.allow_persistent = On
+
+; Check that a connection is still valid before reuse.
+; http://php.net/odbc.check-persistent
+odbc.check_persistent = On
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/odbc.max-persistent
+odbc.max_persistent = -1
+
+; Maximum number of links (persistent + non-persistent). -1 means no limit.
+; http://php.net/odbc.max-links
+odbc.max_links = -1
+
+; Handling of LONG fields. Returns number of bytes to variables. 0 means
+; passthru.
+; http://php.net/odbc.defaultlrl
+odbc.defaultlrl = 4096
+
+; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
+; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
+; of odbc.defaultlrl and odbc.defaultbinmode
+; http://php.net/odbc.defaultbinmode
+odbc.defaultbinmode = 1
+
+[Interbase]
+; Allow or prevent persistent links.
+ibase.allow_persistent = 1
+
+; Maximum number of persistent links. -1 means no limit.
+ibase.max_persistent = -1
+
+; Maximum number of links (persistent + non-persistent). -1 means no limit.
+ibase.max_links = -1
+
+; Default database name for ibase_connect().
+;ibase.default_db =
+
+; Default username for ibase_connect().
+;ibase.default_user =
+
+; Default password for ibase_connect().
+;ibase.default_password =
+
+; Default charset for ibase_connect().
+;ibase.default_charset =
+
+; Default timestamp format.
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+
+; Default date format.
+ibase.dateformat = "%Y-%m-%d"
+
+; Default time format.
+ibase.timeformat = "%H:%M:%S"
+
+[MySQLi]
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/mysqli.max-persistent
+mysqli.max_persistent = -1
+
+; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
+; http://php.net/mysqli.allow_local_infile
+;mysqli.allow_local_infile = On
+
+; Allow or prevent persistent links.
+; http://php.net/mysqli.allow-persistent
+mysqli.allow_persistent = On
+
+; Maximum number of links. -1 means no limit.
+; http://php.net/mysqli.max-links
+mysqli.max_links = -1
+
+; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
+; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
+; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
+; at MYSQL_PORT.
+; http://php.net/mysqli.default-port
+mysqli.default_port = 3306
+
+; Default socket name for local MySQL connects. If empty, uses the built-in
+; MySQL defaults.
+; http://php.net/mysqli.default-socket
+mysqli.default_socket =
+
+; Default host for mysql_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-host
+mysqli.default_host =
+
+; Default user for mysql_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-user
+mysqli.default_user =
+
+; Default password for mysqli_connect() (doesn't apply in safe mode).
+; Note that this is generally a *bad* idea to store passwords in this file.
+; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
+; and reveal this password! And of course, any users with read access to this
+; file will be able to reveal the password as well.
+; http://php.net/mysqli.default-pw
+mysqli.default_pw =
+
+; Allow or prevent reconnect
+mysqli.reconnect = Off
+
+[mysqlnd]
+; Enable / Disable collection of general statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_statistics = On
+
+; Enable / Disable collection of memory usage statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_memory_statistics = Off
+
+; Records communication from all extensions using mysqlnd to the specified log
+; file.
+; http://php.net/mysqlnd.debug
+;mysqlnd.debug =
+
+; Defines which queries will be logged.
+;mysqlnd.log_mask = 0
+
+; Default size of the mysqlnd memory pool, which is used by result sets.
+;mysqlnd.mempool_default_size = 16000
+
+; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
+;mysqlnd.net_cmd_buffer_size = 2048
+
+; Size of a pre-allocated buffer used for reading data sent by the server in
+; bytes.
+;mysqlnd.net_read_buffer_size = 32768
+
+; Timeout for network requests in seconds.
+;mysqlnd.net_read_timeout = 31536000
+
+; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
+; key.
+;mysqlnd.sha256_server_public_key =
+
+[OCI8]
+
+; Connection: Enables privileged connections using external
+; credentials (OCI_SYSOPER, OCI_SYSDBA)
+; http://php.net/oci8.privileged-connect
+;oci8.privileged_connect = Off
+
+; Connection: The maximum number of persistent OCI8 connections per
+; process. Using -1 means no limit.
+; http://php.net/oci8.max-persistent
+;oci8.max_persistent = -1
+
+; Connection: The maximum number of seconds a process is allowed to
+; maintain an idle persistent connection. Using -1 means idle
+; persistent connections will be maintained forever.
+; http://php.net/oci8.persistent-timeout
+;oci8.persistent_timeout = -1
+
+; Connection: The number of seconds that must pass before issuing a
+; ping during oci_pconnect() to check the connection validity. When
+; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
+; pings completely.
+; http://php.net/oci8.ping-interval
+;oci8.ping_interval = 60
+
+; Connection: Set this to a user chosen connection class to be used
+; for all pooled server requests with Oracle 11g Database Resident
+; Connection Pooling (DRCP). To use DRCP, this value should be set to
+; the same string for all web servers running the same application,
+; the database pool must be configured, and the connection string must
+; specify to use a pooled server.
+;oci8.connection_class =
+
+; High Availability: Using On lets PHP receive Fast Application
+; Notification (FAN) events generated when a database node fails. The
+; database must also be configured to post FAN events.
+;oci8.events = Off
+
+; Tuning: This option enables statement caching, and specifies how
+; many statements to cache. Using 0 disables statement caching.
+; http://php.net/oci8.statement-cache-size
+;oci8.statement_cache_size = 20
+
+; Tuning: Enables statement prefetching and sets the default number of
+; rows that will be fetched automatically after statement execution.
+; http://php.net/oci8.default-prefetch
+;oci8.default_prefetch = 100
+
+; Compatibility. Using On means oci_close() will not close
+; oci_connect() and oci_new_connect() connections.
+; http://php.net/oci8.old-oci-close-semantics
+;oci8.old_oci_close_semantics = Off
+
+[PostgreSQL]
+; Allow or prevent persistent links.
+; http://php.net/pgsql.allow-persistent
+pgsql.allow_persistent = On
+
+; Detect broken persistent links always with pg_pconnect().
+; Auto reset feature requires a little overheads.
+; http://php.net/pgsql.auto-reset-persistent
+pgsql.auto_reset_persistent = Off
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/pgsql.max-persistent
+pgsql.max_persistent = -1
+
+; Maximum number of links (persistent+non persistent). -1 means no limit.
+; http://php.net/pgsql.max-links
+pgsql.max_links = -1
+
+; Ignore PostgreSQL backends Notice message or not.
+; Notice message logging require a little overheads.
+; http://php.net/pgsql.ignore-notice
+pgsql.ignore_notice = 0
+
+; Log PostgreSQL backends Notice message or not.
+; Unless pgsql.ignore_notice=0, module cannot log notice message.
+; http://php.net/pgsql.log-notice
+pgsql.log_notice = 0
+
+[bcmath]
+; Number of decimal digits for all bcmath functions.
+; http://php.net/bcmath.scale
+bcmath.scale = 0
+
+[browscap]
+; http://php.net/browscap
+;browscap = extra/browscap.ini
+
+[Session]
+; Handler used to store/retrieve data.
+; http://php.net/session.save-handler
+session.save_handler = files
+
+; Argument passed to save_handler. In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+; session.save_path = "N;/path"
+;
+; where N is an integer. Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories. This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+; You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+; use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+; session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; http://php.net/session.save-path
+;session.save_path = "/var/lib/php/sessions"
+
+; Whether to use strict session mode.
+; Strict session mode does not accept an uninitialized session ID, and
+; regenerates the session ID if the browser sends an uninitialized session ID.
+; Strict mode protects applications from session fixation via a session adoption
+; vulnerability. It is disabled by default for maximum compatibility, but
+; enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
+
+; Whether to use cookies.
+; http://php.net/session.use-cookies
+session.use_cookies = 1
+
+; http://php.net/session.cookie-secure
+;session.cookie_secure =
+
+; This option forces PHP to fetch and use a cookie for storing and maintaining
+; the session id. We encourage this operation as it's very helpful in combating
+; session hijacking when not specifying and managing your own session id. It is
+; not the be-all and end-all of session hijacking defense, but it's a good start.
+; http://php.net/session.use-only-cookies
+session.use_only_cookies = 1
+
+; Name of the session (used as cookie name).
+; http://php.net/session.name
+session.name = PHPSESSID
+
+; Initialize session on request startup.
+; http://php.net/session.auto-start
+session.auto_start = 0
+
+; Lifetime in seconds of cookie or, if 0, until browser is restarted.
+; http://php.net/session.cookie-lifetime
+session.cookie_lifetime = 0
+
+; The path for which the cookie is valid.
+; http://php.net/session.cookie-path
+session.cookie_path = /
+
+; The domain for which the cookie is valid.
+; http://php.net/session.cookie-domain
+session.cookie_domain =
+
+; Whether or not to add the httpOnly flag to the cookie, which makes it
+; inaccessible to browser scripting languages such as JavaScript.
+; http://php.net/session.cookie-httponly
+session.cookie_httponly =
+
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Strict", "Lax" or "None". When using "None",
+; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+session.cookie_samesite =
+
+; Handler used to serialize data. php is the standard serializer of PHP.
+; http://php.net/session.serialize-handler
+session.serialize_handler = php
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.gc-probability
+session.gc_probability = 0
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; For high volume production servers, using a value of 1000 is a more efficient approach.
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+; http://php.net/session.gc-divisor
+session.gc_divisor = 1000
+
+; After this number of seconds, stored data will be seen as 'garbage' and
+; cleaned up by the garbage collection process.
+; http://php.net/session.gc-maxlifetime
+session.gc_maxlifetime = 1440
+
+; NOTE: If you are using the subdirectory option for storing session files
+; (see session.save_path above), then garbage collection does *not*
+; happen automatically. You will need to do your own garbage
+; collection through a shell script, cron entry, or some other method.
+; For example, the following script is the equivalent of setting
+; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+; find /path/to/sessions -cmin +24 -type f | xargs rm
+
+; Check HTTP Referer to invalidate externally stored URLs containing ids.
+; HTTP_REFERER has to contain this substring for the session to be
+; considered as valid.
+; http://php.net/session.referer-check
+session.referer_check =
+
+; Set to {nocache,private,public,} to determine HTTP caching aspects
+; or leave this empty to avoid sending anti-caching headers.
+; http://php.net/session.cache-limiter
+session.cache_limiter = nocache
+
+; Document expires after n minutes.
+; http://php.net/session.cache-expire
+session.cache_expire = 180
+
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users' security.
+; Use this option with caution.
+; - User may send URL contains active session ID
+; to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+; in publicly accessible computer.
+; - User may access your site with the same session ID
+; always using URL stored in browser's history or bookmarks.
+; http://php.net/session.use-trans-sid
+session.use_trans_sid = 0
+
+; Set session ID character length. This value could be between 22 to 256.
+; Shorter length than default is supported only for compatibility reason.
+; Users should use 32 or more chars.
+; http://php.net/session.sid-length
+; Default Value: 32
+; Development Value: 26
+; Production Value: 26
+session.sid_length = 26
+
+; The URL rewriter will look for URLs in a defined set of HTML tags.
+; <form> is special; if you include them here, the rewriter will
+; add a hidden <input> field with the info which is otherwise appended
+; to URLs. <form> tag's action attribute URL will not be modified
+; unless it is specified.
+; Note that all valid entries require a "=", even if no value follows.
+; Default Value: "a=href,area=href,frame=src,form="
+; Development Value: "a=href,area=href,frame=src,form="
+; Production Value: "a=href,area=href,frame=src,form="
+; http://php.net/url-rewriter.tags
+session.trans_sid_tags = "a=href,area=href,frame=src,form="
+
+; URL rewriter does not rewrite absolute URLs by default.
+; To enable rewrites for absolute paths, target hosts must be specified
+; at RUNTIME. i.e. use ini_set()
+; <form> tags is special. PHP will check action attribute's URL regardless
+; of session.trans_sid_tags setting.
+; If no host is defined, HTTP_HOST will be used for allowed host.
+; Example value: php.net,www.php.net,wiki.php.net
+; Use "," for multiple hosts. No spaces are allowed.
+; Default Value: ""
+; Development Value: ""
+; Production Value: ""
+;session.trans_sid_hosts=""
+
+; Define how many bits are stored in each character when converting
+; the binary hash data to something readable.
+; Possible values:
+; 4 (4 bits: 0-9, a-f)
+; 5 (5 bits: 0-9, a-v)
+; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
+; Default Value: 4
+; Development Value: 5
+; Production Value: 5
+; http://php.net/session.hash-bits-per-character
+session.sid_bits_per_character = 5
+
+; Enable upload progress tracking in $_SESSION
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.enabled
+;session.upload_progress.enabled = On
+
+; Cleanup the progress information as soon as all POST data has been read
+; (i.e. upload completed).
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.cleanup
+;session.upload_progress.cleanup = On
+
+; A prefix used for the upload progress key in $_SESSION
+; Default Value: "upload_progress_"
+; Development Value: "upload_progress_"
+; Production Value: "upload_progress_"
+; http://php.net/session.upload-progress.prefix
+;session.upload_progress.prefix = "upload_progress_"
+
+; The index name (concatenated with the prefix) in $_SESSION
+; containing the upload progress information
+; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; http://php.net/session.upload-progress.name
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+
+; How frequently the upload progress should be updated.
+; Given either in percentages (per-file), or in bytes
+; Default Value: "1%"
+; Development Value: "1%"
+; Production Value: "1%"
+; http://php.net/session.upload-progress.freq
+;session.upload_progress.freq = "1%"
+
+; The minimum delay between updates, in seconds
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.upload-progress.min-freq
+;session.upload_progress.min_freq = "1"
+
+; Only write session data when session data is changed. Enabled by default.
+; http://php.net/session.lazy-write
+;session.lazy_write = On
+
+[Assertion]
+; Switch whether to compile assertions at all (to have no overhead at run-time)
+; -1: Do not compile at all
+; 0: Jump over assertion at run-time
+; 1: Execute assertions
+; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
+; Default Value: 1
+; Development Value: 1
+; Production Value: -1
+; http://php.net/zend.assertions
+zend.assertions = -1
+
+; Assert(expr); active by default.
+; http://php.net/assert.active
+;assert.active = On
+
+; Throw an AssertionError on failed assertions
+; http://php.net/assert.exception
+;assert.exception = On
+
+; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
+; http://php.net/assert.warning
+;assert.warning = On
+
+; Don't bail out by default.
+; http://php.net/assert.bail
+;assert.bail = Off
+
+; User-function to be called if an assertion fails.
+; http://php.net/assert.callback
+;assert.callback = 0
+
+; Eval the expression with current error_reporting(). Set to true if you want
+; error_reporting(0) around the eval().
+; http://php.net/assert.quiet-eval
+;assert.quiet_eval = 0
+
+[COM]
+; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
+; http://php.net/com.typelib-file
+;com.typelib_file =
+
+; allow Distributed-COM calls
+; http://php.net/com.allow-dcom
+;com.allow_dcom = true
+
+; autoregister constants of a component's typlib on com_load()
+; http://php.net/com.autoregister-typelib
+;com.autoregister_typelib = true
+
+; register constants casesensitive
+; http://php.net/com.autoregister-casesensitive
+;com.autoregister_casesensitive = false
+
+; show warnings on duplicate constant registrations
+; http://php.net/com.autoregister-verbose
+;com.autoregister_verbose = true
+
+; The default character set code-page to use when passing strings to and from COM objects.
+; Default: system ANSI code page
+;com.code_page=
+
+[mbstring]
+; language for internal character representation.
+; This affects mb_send_mail() and mbstring.detect_order.
+; http://php.net/mbstring.language
+;mbstring.language = Japanese
+
+; Use of this INI entry is deprecated, use global internal_encoding instead.
+; internal/script encoding.
+; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
+; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
+; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
+;mbstring.internal_encoding =
+
+; Use of this INI entry is deprecated, use global input_encoding instead.
+; http input encoding.
+; mbstring.encoding_translation = On is needed to use this setting.
+; If empty, default_charset or input_encoding or mbstring.input is used.
+; The precedence is: default_charset < input_encoding < mbsting.http_input
+; http://php.net/mbstring.http-input
+;mbstring.http_input =
+
+; Use of this INI entry is deprecated, use global output_encoding instead.
+; http output encoding.
+; mb_output_handler must be registered as output buffer to function.
+; If empty, default_charset or output_encoding or mbstring.http_output is used.
+; The precedence is: default_charset < output_encoding < mbstring.http_output
+; To use an output encoding conversion, mbstring's output handler must be set
+; otherwise output encoding conversion cannot be performed.
+; http://php.net/mbstring.http-output
+;mbstring.http_output =
+
+; enable automatic encoding translation according to
+; mbstring.internal_encoding setting. Input chars are
+; converted to internal encoding by setting this to On.
+; Note: Do _not_ use automatic encoding translation for
+; portable libs/applications.
+; http://php.net/mbstring.encoding-translation
+;mbstring.encoding_translation = Off
+
+; automatic encoding detection order.
+; "auto" detect order is changed according to mbstring.language
+; http://php.net/mbstring.detect-order
+;mbstring.detect_order = auto
+
+; substitute_character used when character cannot be converted
+; one from another
+; http://php.net/mbstring.substitute-character
+;mbstring.substitute_character = none
+
+; overload(replace) single byte functions by mbstring functions.
+; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
+; etc. Possible values are 0,1,2,4 or combination of them.
+; For example, 7 for overload everything.
+; 0: No overload
+; 1: Overload mail() function
+; 2: Overload str*() functions
+; 4: Overload ereg*() functions
+; http://php.net/mbstring.func-overload
+;mbstring.func_overload = 0
+
+; enable strict encoding detection.
+; Default: Off
+;mbstring.strict_detection = On
+
+; This directive specifies the regex pattern of content types for which mb_output_handler()
+; is activated.
+; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
+;mbstring.http_output_conv_mimetype=
+
+; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
+; to the pcre.recursion_limit for PCRE.
+; Default: 100000
+;mbstring.regex_stack_limit=100000
+
+[gd]
+; Tell the jpeg decode to ignore warnings and try to create
+; a gd image. The warning will then be displayed as notices
+; disabled by default
+; http://php.net/gd.jpeg-ignore-warning
+;gd.jpeg_ignore_warning = 1
+
+[exif]
+; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
+; With mbstring support this will automatically be converted into the encoding
+; given by corresponding encode setting. When empty mbstring.internal_encoding
+; is used. For the decode settings you can distinguish between motorola and
+; intel byte order. A decode setting cannot be empty.
+; http://php.net/exif.encode-unicode
+;exif.encode_unicode = ISO-8859-15
+
+; http://php.net/exif.decode-unicode-motorola
+;exif.decode_unicode_motorola = UCS-2BE
+
+; http://php.net/exif.decode-unicode-intel
+;exif.decode_unicode_intel = UCS-2LE
+
+; http://php.net/exif.encode-jis
+;exif.encode_jis =
+
+; http://php.net/exif.decode-jis-motorola
+;exif.decode_jis_motorola = JIS
+
+; http://php.net/exif.decode-jis-intel
+;exif.decode_jis_intel = JIS
+
+[Tidy]
+; The path to a default tidy configuration file to use when using tidy
+; http://php.net/tidy.default-config
+;tidy.default_config = /usr/local/lib/php/default.tcfg
+
+; Should tidy clean and repair output automatically?
+; WARNING: Do not use this option if you are generating non-html content
+; such as dynamic images
+; http://php.net/tidy.clean-output
+tidy.clean_output = Off
+
+[soap]
+; Enables or disables WSDL caching feature.
+; http://php.net/soap.wsdl-cache-enabled
+soap.wsdl_cache_enabled=1
+
+; Sets the directory name where SOAP extension will put cache files.
+; http://php.net/soap.wsdl-cache-dir
+soap.wsdl_cache_dir="/tmp"
+
+; (time to live) Sets the number of second while cached file will be used
+; instead of original one.
+; http://php.net/soap.wsdl-cache-ttl
+soap.wsdl_cache_ttl=86400
+
+; Sets the size of the cache limit. (Max. number of WSDL files to cache)
+soap.wsdl_cache_limit = 5
+
+[sysvshm]
+; A default size of the shared memory segment
+;sysvshm.init_mem = 10000
+
+[ldap]
+; Sets the maximum number of open links or -1 for unlimited.
+ldap.max_links = -1
+
+[dba]
+;dba.default_handler=
+
+[opcache]
+; Determines if Zend OPCache is enabled
+;opcache.enable=1
+
+; Determines if Zend OPCache is enabled for the CLI version of PHP
+;opcache.enable_cli=0
+
+; The OPcache shared memory storage size.
+;opcache.memory_consumption=128
+
+; The amount of memory for interned strings in Mbytes.
+;opcache.interned_strings_buffer=8
+
+; The maximum number of keys (scripts) in the OPcache hash table.
+; Only numbers between 200 and 1000000 are allowed.
+;opcache.max_accelerated_files=10000
+
+; The maximum percentage of "wasted" memory until a restart is scheduled.
+;opcache.max_wasted_percentage=5
+
+; When this directive is enabled, the OPcache appends the current working
+; directory to the script key, thus eliminating possible collisions between
+; files with the same name (basename). Disabling the directive improves
+; performance, but may break existing applications.
+;opcache.use_cwd=1
+
+; When disabled, you must reset the OPcache manually or restart the
+; webserver for changes to the filesystem to take effect.
+;opcache.validate_timestamps=1
+
+; How often (in seconds) to check file timestamps for changes to the shared
+; memory storage allocation. ("1" means validate once per second, but only
+; once per request. "0" means always validate)
+;opcache.revalidate_freq=2
+
+; Enables or disables file search in include_path optimization
+;opcache.revalidate_path=0
+
+; If disabled, all PHPDoc comments are dropped from the code to reduce the
+; size of the optimized code.
+;opcache.save_comments=1
+
+; Allow file existence override (file_exists, etc.) performance feature.
+;opcache.enable_file_override=0
+
+; A bitmask, where each bit enables or disables the appropriate OPcache
+; passes
+;opcache.optimization_level=0x7FFFBFFF
+
+;opcache.dups_fix=0
+
+; The location of the OPcache blacklist file (wildcards allowed).
+; Each OPcache blacklist file is a text file that holds the names of files
+; that should not be accelerated. The file format is to add each filename
+; to a new line. The filename may be a full path or just a file prefix
+; (i.e., /var/www/x blacklists all the files and directories in /var/www
+; that start with 'x'). Line starting with a ; are ignored (comments).
+;opcache.blacklist_filename=
+
+; Allows exclusion of large files from being cached. By default all files
+; are cached.
+;opcache.max_file_size=0
+
+; Check the cache checksum each N requests.
+; The default value of "0" means that the checks are disabled.
+;opcache.consistency_checks=0
+
+; How long to wait (in seconds) for a scheduled restart to begin if the cache
+; is not being accessed.
+;opcache.force_restart_timeout=180
+
+; OPcache error_log file name. Empty string assumes "stderr".
+;opcache.error_log=
+
+; All OPcache errors go to the Web server log.
+; By default, only fatal errors (level 0) or errors (level 1) are logged.
+; You can also enable warnings (level 2), info messages (level 3) or
+; debug messages (level 4).
+;opcache.log_verbosity_level=1
+
+; Preferred Shared Memory back-end. Leave empty and let the system decide.
+;opcache.preferred_memory_model=
+
+; Protect the shared memory from unexpected writing during script execution.
+; Useful for internal debugging only.
+;opcache.protect_memory=0
+
+; Allows calling OPcache API functions only from PHP scripts which path is
+; started from specified string. The default "" means no restriction
+;opcache.restrict_api=
+
+; Mapping base of shared memory segments (for Windows only). All the PHP
+; processes have to map shared memory into the same address space. This
+; directive allows to manually fix the "Unable to reattach to base address"
+; errors.
+;opcache.mmap_base=
+
+; Enables and sets the second level cache directory.
+; It should improve performance when SHM memory is full, at server restart or
+; SHM reset. The default "" disables file based caching.
+;opcache.file_cache=
+
+; Enables or disables opcode caching in shared memory.
+;opcache.file_cache_only=0
+
+; Enables or disables checksum validation when script loaded from file cache.
+;opcache.file_cache_consistency_checks=1
+
+; Implies opcache.file_cache_only=1 for a certain process that failed to
+; reattach to the shared memory (for Windows only). Explicitly enabled file
+; cache is required.
+;opcache.file_cache_fallback=1
+
+; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
+; This should improve performance, but requires appropriate OS configuration.
+;opcache.huge_code_pages=1
+
+; Validate cached file permissions.
+;opcache.validate_permission=0
+
+; Prevent name collisions in chroot'ed environment.
+;opcache.validate_root=0
+
+; If specified, it produces opcode dumps for debugging different stages of
+; optimizations.
+;opcache.opt_debug_level=0
+
+[curl]
+; A default value for the CURLOPT_CAINFO option. This is required to be an
+; absolute path.
+;curl.cainfo =
+
+[openssl]
+; The location of a Certificate Authority (CA) file on the local filesystem
+; to use when verifying the identity of SSL/TLS peers. Most users should
+; not specify a value for this directive as PHP will attempt to use the
+; OS-managed cert stores in its absence. If specified, this value may still
+; be overridden on a per-stream basis via the "cafile" SSL stream context
+; option.
+;openssl.cafile=
+
+; If openssl.cafile is not specified or if the CA file is not found, the
+; directory pointed to by openssl.capath is searched for a suitable
+; certificate. This value must be a correctly hashed certificate directory.
+; Most users should not specify a value for this directive as PHP will
+; attempt to use the OS-managed cert stores in its absence. If specified,
+; this value may still be overridden on a per-stream basis via the "capath"
+; SSL stream context option.
+;openssl.capath=
+
+; Local Variables:
+; tab-width: 4
+; End:
--- /dev/null
+; Start a new pool named 'www'.
+; the variable $pool can be used in any directive and will be replaced by the
+; pool name ('www' here)
+[www]
+
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+; will be used.
+user = www-data
+group = www-data
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
+; a specific port;
+; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+; a specific port;
+; 'port' - to listen on a TCP socket to all addresses
+; (IPv6 and IPv4-mapped) on a specific port;
+; '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /run/php/php7.3-fpm.sock
+
+; Set listen(2) backlog.
+; Default Value: 511 (-1 on FreeBSD and OpenBSD)
+;listen.backlog = 511
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions. The owner
+; and group can be specified either by name or by their numeric IDs.
+; Default Values: user and group are set as the running user
+; mode is set to 0660
+listen.owner = www-data
+listen.group = www-data
+;listen.mode = 0660
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a comma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.acl_users =
+;listen.acl_groups =
+
+; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+;listen.allowed_clients = 127.0.0.1
+
+; Specify the nice(2) priority to apply to the pool processes (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+; - The pool processes will inherit the master process priority
+; unless it specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+; static - a fixed number (pm.max_children) of child processes;
+; dynamic - the number of child processes are set dynamically based on the
+; following directives. With this process management, there will be
+; always at least 1 children.
+; pm.max_children - the maximum number of children that can
+; be alive at the same time.
+; pm.start_servers - the number of children created on startup.
+; pm.min_spare_servers - the minimum number of children in 'idle'
+; state (waiting to process). If the number
+; of 'idle' processes is less than this
+; number then some children will be created.
+; pm.max_spare_servers - the maximum number of children in 'idle'
+; state (waiting to process). If the number
+; of 'idle' processes is greater than this
+; number then some children will be killed.
+; ondemand - no children are created at startup. Children will be forked when
+; new requests will connect. The following parameter are used:
+; pm.max_children - the maximum number of children that
+; can be alive at the same time.
+; pm.process_idle_timeout - The number of seconds after which
+; an idle process will be killed.
+; Note: This value is mandatory.
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 5
+
+; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
+pm.start_servers = 2
+
+; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.min_spare_servers = 1
+
+; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.max_spare_servers = 3
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+;pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+;pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page. It shows the following informations:
+; pool - the name of the pool;
+; process manager - static, dynamic or ondemand;
+; start time - the date and time FPM has started;
+; start since - number of seconds since FPM has started;
+; accepted conn - the number of request accepted by the pool;
+; listen queue - the number of request in the queue of pending
+; connections (see backlog in listen(2));
+; max listen queue - the maximum number of requests in the queue
+; of pending connections since FPM has started;
+; listen queue len - the size of the socket queue of pending connections;
+; idle processes - the number of idle processes;
+; active processes - the number of active processes;
+; total processes - the number of idle + active processes;
+; max active processes - the maximum number of active processes since FPM
+; has started;
+; max children reached - number of times, the process limit has been reached,
+; when pm tries to start more children (works only for
+; pm 'dynamic' and 'ondemand');
+; Value are updated in real time.
+; Example output:
+; pool: www
+; process manager: static
+; start time: 01/Jul/2011:17:53:49 +0200
+; start since: 62636
+; accepted conn: 190460
+; listen queue: 0
+; max listen queue: 1
+; listen queue len: 42
+; idle processes: 4
+; active processes: 11
+; total processes: 15
+; max active processes: 12
+; max children reached: 0
+;
+; By default the status page output is formatted as text/plain. Passing either
+; 'html', 'xml' or 'json' in the query string will return the corresponding
+; output syntax. Example:
+; http://www.foo.bar/status
+; http://www.foo.bar/status?json
+; http://www.foo.bar/status?html
+; http://www.foo.bar/status?xml
+;
+; By default the status page only outputs short status. Passing 'full' in the
+; query string will also return status for each pool process.
+; Example:
+; http://www.foo.bar/status?full
+; http://www.foo.bar/status?json&full
+; http://www.foo.bar/status?html&full
+; http://www.foo.bar/status?xml&full
+; The Full status returns for each process:
+; pid - the PID of the process;
+; state - the state of the process (Idle, Running, ...);
+; start time - the date and time the process has started;
+; start since - the number of seconds since the process has started;
+; requests - the number of requests the process has served;
+; request duration - the duration in µs of the requests;
+; request method - the request method (GET, POST, ...);
+; request URI - the request URI with the query string;
+; content length - the content length of the request (only with POST);
+; user - the user (PHP_AUTH_USER) (or '-' if not set);
+; script - the main script called (or '-' if not set);
+; last request cpu - the %cpu the last request consumed
+; it's always 0 if the process is not in Idle state
+; because CPU calculation is done when the request
+; processing has terminated;
+; last request memory - the max amount of memory the last request consumed
+; it's always 0 if the process is not in Idle state
+; because memory calculation is done when the request
+; processing has terminated;
+; If the process is in Idle state, then informations are related to the
+; last request the process has served. Otherwise informations are related to
+; the current request being served.
+; Example output:
+; ************************
+; pid: 31330
+; state: Running
+; start time: 01/Jul/2011:17:53:49 +0200
+; start since: 63087
+; requests: 12808
+; request duration: 1250261
+; request method: GET
+; request URI: /test_mem.php?N=10000
+; content length: 0
+; user: -
+; script: /home/fat/web/docs/php/test_mem.php
+; last request cpu: 0.00
+; last request memory: 0
+;
+; Note: There is a real-time FPM status monitoring sample web page available
+; It's available in: /usr/share/php/7.3/fpm/status.html
+;
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+;pm.status_path = /status
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+;ping.path = /ping
+
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The access log file
+; Default: not set
+;access.log = log/$pool.access.log
+
+; The access log format.
+; The following syntax is allowed
+; %%: the '%' character
+; %C: %CPU used by the request
+; it can accept the following format:
+; - %{user}C for user CPU only
+; - %{system}C for system CPU only
+; - %{total}C for user + system CPU (default)
+; %d: time taken to serve the request
+; it can accept the following format:
+; - %{seconds}d (default)
+; - %{miliseconds}d
+; - %{mili}d
+; - %{microseconds}d
+; - %{micro}d
+; %e: an environment variable (same as $_ENV or $_SERVER)
+; it must be associated with embraces to specify the name of the env
+; variable. Some exemples:
+; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
+; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
+; %f: script filename
+; %l: content-length of the request (for POST request only)
+; %m: request method
+; %M: peak of memory allocated by PHP
+; it can accept the following format:
+; - %{bytes}M (default)
+; - %{kilobytes}M
+; - %{kilo}M
+; - %{megabytes}M
+; - %{mega}M
+; %n: pool name
+; %o: output header
+; it must be associated with embraces to specify the name of the header:
+; - %{Content-Type}o
+; - %{X-Powered-By}o
+; - %{Transfert-Encoding}o
+; - ....
+; %p: PID of the child that serviced the request
+; %P: PID of the parent of the child that serviced the request
+; %q: the query string
+; %Q: the '?' character if query string exists
+; %r: the request URI (without the query string, see %q and %Q)
+; %R: remote IP address
+; %s: status (response code)
+; %t: server time the request was received
+; it can accept a strftime(3) format:
+; %d/%b/%Y:%H:%M:%S %z (default)
+; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+; %T: time the log has been written (the request has finished)
+; it can accept a strftime(3) format:
+; %d/%b/%Y:%H:%M:%S %z (default)
+; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+; %u: remote user
+;
+; Default: "%R - %u %t \"%m %r\" %s"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+;slowlog = log/$pool.log.slow
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; Depth of slow log stack trace.
+; Default Value: 20
+;request_slowlog_trace_depth = 20
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; The timeout set by 'request_terminate_timeout' ini option is not engaged after
+; application calls 'fastcgi_finish_request' or when application has finished and
+; shutdown functions are being called (registered via register_shutdown_function).
+; This option will enable timeout limit to be applied unconditionally
+; even in such cases.
+; Default Value: no
+;request_terminate_timeout_track_finished = no
+
+; Set open file descriptor rlimit.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+; possible. However, all PHP paths will be relative to the chroot
+; (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
+
+; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
+;chdir = /var/www
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Decorate worker output with prefix and suffix containing information about
+; the child that writes to the log and if stdout or stderr is used as well as
+; log level and time. This options is used only if catch_workers_output is yes.
+; Settings to "no" will output data as written to the stdout or stderr.
+; Default value: yes
+;decorate_workers_output = no
+
+; Clear environment in FPM workers
+; Prevents arbitrary environment variables from reaching FPM worker processes
+; by clearing the environment in workers before env vars specified in this
+; pool configuration are added.
+; Setting to "no" will make all environment variables available to PHP code
+; via getenv(), $_ENV and $_SERVER.
+; Default Value: yes
+;clear_env = no
+
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; execute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+;security.limit_extensions = .php .php3 .php4 .php5 .php7
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+; php_value/php_flag - you can set classic ini defines which can
+; be overwritten from PHP call 'ini_set'.
+; php_admin_value/php_admin_flag - these directives won't be overwritten by
+; PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+; specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=calendar.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=ctype.so
--- /dev/null
+; configuration for php curl module
+; priority=20
+extension=curl.so
--- /dev/null
+; configuration for php xml module
+; priority=20
+extension=dom.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=exif.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=fileinfo.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=ftp.so
--- /dev/null
+; configuration for php gd module
+; priority=20
+extension=gd.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=gettext.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=iconv.so
--- /dev/null
+; configuration for php intl module
+; priority=20
+extension=intl.so
--- /dev/null
+; configuration for php json module
+; priority=20
+extension=json.so
--- /dev/null
+; configuration for php mbstring module
+; priority=20
+extension=mbstring.so
--- /dev/null
+; configuration for php mysql module
+; priority=20
+extension=mysqli.so
--- /dev/null
+; configuration for php mysql module
+; priority=10
+extension=mysqlnd.so
--- /dev/null
+; configuration for php opcache module
+; priority=10
+zend_extension=opcache.so
--- /dev/null
+; configuration for php common module
+; priority=10
+extension=pdo.so
--- /dev/null
+; configuration for php mysql module
+; priority=20
+extension=pdo_mysql.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=phar.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=posix.so
--- /dev/null
+; configuration for php readline module
+; priority=20
+extension=readline.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=shmop.so
--- /dev/null
+; configuration for php xml module
+; priority=20
+extension=simplexml.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=sockets.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=sysvmsg.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=sysvsem.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=sysvshm.so
--- /dev/null
+; configuration for php common module
+; priority=20
+extension=tokenizer.so
--- /dev/null
+; configuration for php xml module
+; priority=20
+extension=wddx.so
--- /dev/null
+; configuration for php xml module
+; priority=15
+extension=xml.so
--- /dev/null
+; configuration for php xml module
+; priority=20
+extension=xmlreader.so
--- /dev/null
+; configuration for php xml module
+; priority=20
+extension=xmlwriter.so
--- /dev/null
+; configuration for php xml module
+; priority=20
+extension=xsl.so
--- /dev/null
+; configuration for php zip module
+; priority=20
+extension=zip.so
--- /dev/null
+#!/bin/sh
+# 2004-01-25, Thomas Lamy <thomas.lamy@in-online.net>
+# From Magnus Ekdahl's <magnus@debian.org> clamav-freshclam-handledaemon(8)
+
+set -e
+
+[ -e /var/lib/clamav/interface ] || exit 0
+
+INIT=invoke-rc.d clamav-freshclam
+CLAMAV_CONF_FILE=/etc/clamav/clamd.conf
+FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf
+
+INTERNETIFACE=`cat /var/lib/clamav/interface`
+
+if grep -q freshclam /proc/*/stat 2>/dev/null; then
+ IS_RUNNING=true
+else
+ IS_RUNNING=false
+fi
+
+# $IFACE is set by ifup/down, $PPP_IFACE by pppd
+[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE
+
+# This is sloppy - woody's pppd exports variables, while sid's passes them as
+# arguments and exports them.
+
+if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd
+ shift 6 # and we already know the interface
+fi # Dump the arguments passed.
+
+if [ -z "$1" ]; then
+ case $(dirname "$0") in
+ */if-up.d|*/ip-up.d)
+ # Short circuit and exit early if freshclam is already running
+ [ "$IS_RUNNING" = 'true' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=start
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ */if-down.d|*/ip-down.d)
+ # Short circuit and exit early if freshclam is not already running
+ [ "$IS_RUNNING" = 'false' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=stop
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ *)
+ FMODE=skip
+ ;;
+ esac
+else
+ FMODE="$1"
+fi
+
+case "$FMODE" in
+ start|stop)
+ IFACE="$IFACE" $INIT $FMODE
+ ;;
+ skip)
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|skip}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
--- /dev/null
+#!/bin/sh
+# 2004-01-25, Thomas Lamy <thomas.lamy@in-online.net>
+# From Magnus Ekdahl's <magnus@debian.org> clamav-freshclam-handledaemon(8)
+
+set -e
+
+[ -e /var/lib/clamav/interface ] || exit 0
+
+INIT=invoke-rc.d clamav-freshclam
+CLAMAV_CONF_FILE=/etc/clamav/clamd.conf
+FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf
+
+INTERNETIFACE=`cat /var/lib/clamav/interface`
+
+if grep -q freshclam /proc/*/stat 2>/dev/null; then
+ IS_RUNNING=true
+else
+ IS_RUNNING=false
+fi
+
+# $IFACE is set by ifup/down, $PPP_IFACE by pppd
+[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE
+
+# This is sloppy - woody's pppd exports variables, while sid's passes them as
+# arguments and exports them.
+
+if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd
+ shift 6 # and we already know the interface
+fi # Dump the arguments passed.
+
+if [ -z "$1" ]; then
+ case $(dirname "$0") in
+ */if-up.d|*/ip-up.d)
+ # Short circuit and exit early if freshclam is already running
+ [ "$IS_RUNNING" = 'true' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=start
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ */if-down.d|*/ip-down.d)
+ # Short circuit and exit early if freshclam is not already running
+ [ "$IS_RUNNING" = 'false' ] && exit 0
+ for interface in $INTERNETIFACE; do
+ if [ "$interface" = "$IFACE" ]; then
+ FMODE=stop
+ break
+ else
+ FMODE=skip
+ fi
+ done
+ ;;
+ *)
+ FMODE=skip
+ ;;
+ esac
+else
+ FMODE="$1"
+fi
+
+case "$FMODE" in
+ start|stop)
+ IFACE="$IFACE" $INIT $FMODE
+ ;;
+ skip)
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|skip}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
--- /dev/null
+../init.d/amavis
\ No newline at end of file
--- /dev/null
+../init.d/amavis-mc
\ No newline at end of file
--- /dev/null
+../init.d/amavisd-snmp-subagent
\ No newline at end of file
--- /dev/null
+../init.d/clamav-daemon
\ No newline at end of file
--- /dev/null
+../init.d/clamav-freshclam
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/php7.3-fpm
\ No newline at end of file
--- /dev/null
+../init.d/spamassassin
\ No newline at end of file
--- /dev/null
+../init.d/uwsgi
\ No newline at end of file
--- /dev/null
+../init.d/amavis
\ No newline at end of file
--- /dev/null
+../init.d/amavis-mc
\ No newline at end of file
--- /dev/null
+../init.d/amavisd-snmp-subagent
\ No newline at end of file
--- /dev/null
+../init.d/clamav-daemon
\ No newline at end of file
--- /dev/null
+../init.d/clamav-freshclam
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/php7.3-fpm
\ No newline at end of file
--- /dev/null
+../init.d/spamassassin
\ No newline at end of file
--- /dev/null
+../init.d/uwsgi
\ No newline at end of file
--- /dev/null
+../init.d/amavis-mc
\ No newline at end of file
--- /dev/null
+../init.d/amavisd-snmp-subagent
\ No newline at end of file
--- /dev/null
+../init.d/spamassassin
\ No newline at end of file
--- /dev/null
+../init.d/amavis
\ No newline at end of file
--- /dev/null
+../init.d/clamav-daemon
\ No newline at end of file
--- /dev/null
+../init.d/clamav-freshclam
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/php7.3-fpm
\ No newline at end of file
--- /dev/null
+../init.d/uwsgi
\ No newline at end of file
--- /dev/null
+../init.d/amavis-mc
\ No newline at end of file
--- /dev/null
+../init.d/amavisd-snmp-subagent
\ No newline at end of file
--- /dev/null
+../init.d/spamassassin
\ No newline at end of file
--- /dev/null
+../init.d/amavis
\ No newline at end of file
--- /dev/null
+../init.d/clamav-daemon
\ No newline at end of file
--- /dev/null
+../init.d/clamav-freshclam
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/php7.3-fpm
\ No newline at end of file
--- /dev/null
+../init.d/uwsgi
\ No newline at end of file
--- /dev/null
+../init.d/amavis-mc
\ No newline at end of file
--- /dev/null
+../init.d/amavisd-snmp-subagent
\ No newline at end of file
--- /dev/null
+../init.d/spamassassin
\ No newline at end of file
--- /dev/null
+../init.d/amavis
\ No newline at end of file
--- /dev/null
+../init.d/clamav-daemon
\ No newline at end of file
--- /dev/null
+../init.d/clamav-freshclam
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/php7.3-fpm
\ No newline at end of file
--- /dev/null
+../init.d/uwsgi
\ No newline at end of file
--- /dev/null
+../init.d/amavis-mc
\ No newline at end of file
--- /dev/null
+../init.d/amavisd-snmp-subagent
\ No newline at end of file
--- /dev/null
+../init.d/spamassassin
\ No newline at end of file
--- /dev/null
+../init.d/amavis
\ No newline at end of file
--- /dev/null
+../init.d/clamav-daemon
\ No newline at end of file
--- /dev/null
+../init.d/clamav-freshclam
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/php7.3-fpm
\ No newline at end of file
--- /dev/null
+../init.d/uwsgi
\ No newline at end of file
--- /dev/null
+../init.d/amavis
\ No newline at end of file
--- /dev/null
+../init.d/amavis-mc
\ No newline at end of file
--- /dev/null
+../init.d/amavisd-snmp-subagent
\ No newline at end of file
--- /dev/null
+../init.d/clamav-daemon
\ No newline at end of file
--- /dev/null
+../init.d/clamav-freshclam
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/php7.3-fpm
\ No newline at end of file
--- /dev/null
+../init.d/spamassassin
\ No newline at end of file
--- /dev/null
+../init.d/uwsgi
\ No newline at end of file
--- /dev/null
+../init.d/lm-sensors
\ No newline at end of file
--- /dev/null
+VIRUS /usr/bin/scan /nomem /sub *
+arj
+ arj a -+ -y -a1 -r -j$ -s -jm -2s "%s"
+ arj x -y "%s"
+ AD
+zip
+ zip -r "%s" . -i *
+ unzip "%s"
+ AD
+rar
+ rar a -r -y "%s"
+ rar x -y "%s"
+ AD
+tar.Z
+ tar -cvZf "%s" .
+ tar -xvZf "%s"
+ ADT
+tar.gz
+ tar -cvzf "%s" .
+ tar -xvzf "%s"
+ ADT
+tgz
+ tar -cvzf "%s" .
+ tar -xvzf "%s"
+ ADT
+tar.bz2
+ tar --bzip2 -cvf "%s" .
+ tar --bzip2 -xvf "%s"
+ ADT
--- /dev/null
+# libsensors configuration file
+# -----------------------------
+#
+# This default configuration file only includes statements which do not
+# differ from one mainboard to the next. Only label, compute and set
+# statements for internal voltage and temperature sensors are included.
+#
+# In general, local changes should not be added to this file, but rather
+# placed in custom configuration files located in /etc/sensors.d. This
+# approach makes further updates much easier.
+#
+# Such custom configuration files for specific mainboards can be found in
+# "configs" directory of lm-sensors package.
+#
+# Please contribute back a configuration of your board so other users with
+# the same hardware won't need to recreate it again and again.
+
+chip "lm78-*" "lm79-*" "lm80-*" "lm96080-*"
+
+ label temp1 "M/B Temp"
+
+
+chip "w83792d-*"
+
+ label in0 "VcoreA"
+ label in1 "VcoreB"
+ label in6 "+5V"
+ label in7 "5VSB"
+ label in8 "Vbat"
+
+ set in6_min 5.0 * 0.90
+ set in6_max 5.0 * 1.10
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+ set in8_min 3.0 * 0.90
+ set in8_max 3.0 * 1.10
+
+
+chip "w83793-*"
+
+ label in0 "VcoreA"
+ label in1 "VcoreB"
+ label in7 "+5V"
+ label in8 "5VSB"
+ label in9 "Vbat"
+
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+ set in8_min 5.0 * 0.90
+ set in8_max 5.0 * 1.10
+ set in9_min 3.0 * 0.90
+ set in9_max 3.0 * 1.10
+
+
+chip "w83795g-*" "w83795adg-*"
+
+ label in12 "+3.3V"
+ label in13 "3VSB"
+ label in14 "Vbat"
+
+ set in12_min 3.3 * 0.90
+ set in12_max 3.3 * 1.10
+ set in13_min 3.3 * 0.90
+ set in13_max 3.3 * 1.10
+ set in14_min 3.0 * 0.90
+ set in14_max 3.3 * 1.10
+
+
+chip "via686a-*"
+
+ label in0 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+
+
+chip "adm1025-*" "ne1619-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "VCC"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+# Depending on how your chip is hardwired, you may or may not have
+# +12V readings.
+# set in4_min 12.0 * 0.90
+# set in4_max 12.0 * 1.10
+
+ label temp1 "CPU Temp"
+ label temp2 "M/B Temp"
+
+
+chip "lm87-*" "adm1024-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+
+ label temp1 "M/B Temp"
+ label temp2 "CPU Temp"
+
+
+chip "it87-*" "it8712-*" "it8716-*" "it8718-*" "it8720-*"
+
+ label in8 "Vbat"
+
+
+chip "fscpos-*" "fscher-*"
+#FSC "Hermes"
+
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "Vbat"
+
+ label temp1 "CPU Temp"
+ label temp2 "M/B Temp"
+ label temp3 "Aux Temp"
+
+
+chip "fscscy-*"
+#FSC "Scylla"
+
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "+3.3V"
+
+ label temp1 "CPU0 Temp"
+ label temp2 "CPU1 Temp"
+ label temp3 "M/B Temp"
+ label temp4 "Aux Temp"
+
+
+chip "fschds-*"
+# Fujitsu Technology Solutions, "Hades"-Chip
+
+# Temperatures
+ label temp1 "CPU Temp"
+ label temp2 "Super I/O Temp"
+ label temp3 "System Temp"
+
+# Fans
+ label fan1 "PSU Fan"
+ label fan2 "CPU Fan"
+ label fan3 "System FAN2"
+ label fan4 "System FAN3"
+ label fan5 "System FAN4"
+
+# Voltages
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "Vbat"
+
+chip "fscsyl-*"
+# Fujitsu Technology Solutions, "Syleus"-Chip
+
+# Temperatures
+ label temp1 "CPU Temp"
+ label temp4 "Super I/O Temp"
+ label temp5 "Northbridge Temp"
+
+# Fans
+ label fan1 "CPU Fan"
+ label fan2 "System FAN2"
+ label fan3 "System FAN3"
+ label fan4 "System FAN4"
+ label fan7 "PSU Fan"
+
+# Voltages
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "Vbat"
+ label in3 "+3.3V"
+ label in5 "+3.3V-Aux"
+
+chip "vt1211-*"
+
+ label in5 "+3.3V"
+
+ label temp2 "SIO Temp"
+
+
+chip "vt8231-*"
+
+ label in5 "+3.3V"
+
+
+chip "smsc47m192-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "VCC"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+
+ label temp1 "SIO Temp"
+
+
+chip "lm85-*" "lm85b-*" "lm85c-*" "adm1027-*" "adt7463-*" "adt7468-*" \
+ "emc6d100-*" "emc6d102-*" "emc6d103-*" "emc6d103s-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+# Depending on how your chip is hardwired, you may or may not have
+# +12V readings.
+# set in4_min 12.0 * 0.90
+# set in4_max 12.0 * 1.10
+
+ label temp2 "M/B Temp"
+
+
+chip "emc6w201-*"
+
+ label in2 "+3.3V"
+ label in3 "+5V"
+
+ label temp6 "M/B Temp"
+
+
+chip "pc87365-*" "pc87366-*"
+
+# Voltage inputs
+
+ label in7 "3VSB"
+ label in8 "VDD"
+ label in9 "Vbat"
+ label in10 "AVDD"
+
+ compute in7 @*2, @/2
+ compute in8 @*2, @/2
+ compute in10 @*2, @/2
+
+# These are the operating conditions as recommended by National
+# Semiconductor
+ set in7_min 3.0
+ set in7_max 3.6
+ set in8_min 3.0
+ set in8_max 3.6
+ set in10_min 3.0
+ set in10_max 3.6
+# Depending on the hardware setup, the battery voltage may or may not
+# be monitored.
+# set in9_min 2.4
+# set in9_max 3.6
+
+ label temp3 "SIO Temp"
+
+ set temp3_min 0
+ set temp3_max 70
+ set temp3_crit 85
+
+
+chip "adm1030-*" "adm1031-*"
+
+ label temp1 "M/B Temp"
+
+
+chip "w83627thf-*"
+
+ label in3 "+5V"
+ label in7 "5VSB"
+ label in8 "Vbat"
+
+ # Internal resistors
+ compute in3 @ * (1 + 34/51), @ / (1 + 34/51)
+ compute in7 @ * (1 + 34/51), @ / (1 + 34/51)
+
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+# The battery voltage may or may not be monitored.
+# set in8_min 3.0 * 0.90
+# set in8_max 3.0 * 1.10
+
+
+chip "w83627ehf-*" "w83627dhg-*" "w83667hg-*" "nct6775-*" "nct6776-*" \
+ "nct6779-*" "nct6791-*" "nct6795-*" "nct6796-*"
+
+ label in0 "Vcore"
+ label in2 "AVCC"
+ label in3 "+3.3V"
+ label in7 "3VSB"
+ label in8 "Vbat"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 3.3 * 0.90
+ set in3_max 3.3 * 1.10
+ set in7_min 3.3 * 0.90
+ set in7_max 3.3 * 1.10
+ set in8_min 3.0 * 0.90
+ set in8_max 3.3 * 1.10
+
+
+chip "w83627uhg-*"
+
+ label in2 "AVCC"
+ label in3 "+5V"
+ label in7 "5VSB"
+ label in8 "Vbat"
+
+ set in2_min 5.0 * 0.90
+ set in2_max 5.0 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+ set in8_min 3.0 * 0.90
+ set in8_max 3.3 * 1.10
+
+
+chip "f71805f-*"
+
+ label in0 "+3.3V"
+
+ set in0_min 3.3 * 0.90
+ set in0_max 3.3 * 1.10
+
+
+chip "f71872f-*"
+
+ label in0 "+3.3V"
+ label in9 "Vbat"
+ label in10 "3VSB"
+
+ set in0_min 3.3 * 0.90
+ set in0_max 3.3 * 1.10
+ set in9_min 3.0 * 0.90
+ set in9_max 3.0 * 1.10
+ set in10_min 3.3 * 0.90
+ set in10_max 3.3 * 1.10
+
+
+chip "k8temp-*"
+
+ label temp1 "Core0 Temp"
+ label temp2 "Core0 Temp"
+ label temp3 "Core1 Temp"
+ label temp4 "Core1 Temp"
+
+
+chip "dme1737-*"
+
+ label in0 "5VSB"
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ label temp2 "SIO Temp"
+
+ set in0_min 5.0 * 0.90
+ set in0_max 5.0 * 1.10
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "sch311x-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ label temp2 "SIO Temp"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "sch5027-*"
+
+ label in0 "5VSB"
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ label temp2 "SIO Temp"
+
+ set in0_min 5.0 * 0.90
+ set in0_max 5.0 * 1.10
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "sch5127-*"
+
+ label in2 "+3.3V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "f71808e-*" "f71808a-*" "f71862fg-*" "f71869-*" "f71869a-*" "f71882fg-*" \
+ "f71889fg-*" "f71889ed-*" "f71889a-*"
+
+ label in0 "+3.3V"
+ label in7 "3VSB"
+ label in8 "Vbat"
+
+ compute in0 @*2, @/2
+ compute in7 @*2, @/2
+ compute in8 @*2, @/2
+
+
+chip "f71858fg-*" "f8000-*"
+
+ label in0 "+3.3V"
+ label in1 "3VSB"
+ label in2 "Vbat"
+
+ compute in0 @*2, @/2
+ compute in1 @*2, @/2
+ compute in2 @*2, @/2
+
+
+chip "f71868a-*"
+
+ label in0 "+3.3V"
+ label in7 "3VSB"
+ label in8 "Vbat"
+ label in9 "5VSB"
+
+ compute in0 @*2, @/2
+ compute in7 @*2, @/2
+ compute in8 @*2, @/2
+ compute in9 @*3, @/3
+
+
+chip "f81865f-*"
+
+ label in0 "+3.3V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ compute in0 @*2, @/2
+ compute in5 @*2, @/2
+ compute in6 @*2, @/2
+
+
+chip "adt7473-*" "adt7475-*"
+
+ label in2 "+3.3V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+
+ label temp2 "Board Temp"
+
+
+chip "adt7476-*" "adt7490-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+# Depending on how your ADT7476 is hardwired, you may or may not have
+# +12V readings.
+# set in4_min 12.0 * 0.90
+# set in4_max 12.0 * 1.10
+
+ label temp2 "M/B Temp"
frank:$6$viYRDmzFELF5pfeZ$5RbMmTp6m9ddM/PneWLQxNBPmk1S3VDCSMGHacsZQkzaPil449Ln01NmpsSCYVlqWjF2uzpxmMSUxbRwnigo6.:18725:0:99999:7:::
mysql:!:18725:0:99999:7:::
postfix:*:18725:0:99999:7:::
+clamav:!:18725:0:99999:7:::
+dovecot:*:18725:0:99999:7:::
+dovenull:*:18725:0:99999:7:::
+debian-spamd:*:18725:0:99999:7:::
+amavis:*:18725:0:99999:7:::
frank:$6$viYRDmzFELF5pfeZ$5RbMmTp6m9ddM/PneWLQxNBPmk1S3VDCSMGHacsZQkzaPil449Ln01NmpsSCYVlqWjF2uzpxmMSUxbRwnigo6.:18725:0:99999:7:::
mysql:!:18725:0:99999:7:::
postfix:*:18725:0:99999:7:::
+clamav:!:18725:0:99999:7:::
+dovecot:*:18725:0:99999:7:::
+dovenull:*:18725:0:99999:7:::
+debian-spamd:*:18725:0:99999:7:::
+amavis:*:18725:0:99999:7:::
--- /dev/null
+# Special SpamAssassin rules for Debian
+# Duncan Findlay
+
+header D_SENT_BY_DEBCONF Subject =~ /^Debconf:/
+score D_SENT_BY_DEBCONF -5.0
+describe D_SENT_BY_DEBCONF Sent by Debconf
+
+body D_SENT_BY_AFBACKUP /^\[Afbackup\]: Overall exit status:/
+score D_SENT_BY_AFBACKUP -5.0
+describe D_SENT_BY_AFBACKUP Sent by Afbackup
+
+header D_SENT_BY_APTLC Subject =~ /^apt-listchanges: (changelogs|news) for/
+score D_SENT_BY_APTLC -5.0
+describe D_SENT_BY_APTLC Sent by apt-listchanges
+
+header __ANACRON_SUBJ Subject =~ /^Anacron job '[a-z0-9_.-]+' on/i
+header __ANACRON_FROM From =~ /^Anacron/
+meta D_SENT_BY_ANACRON __ANACRON_SUBJ && __ANACRON_FROM
+score D_SENT_BY_ANACRON -5.0
+describe D_SENT_BY_ANACRON Sent by Anacron Daemon
+
+
+header __CRON_FROM From =~ /^Cron Daemon/
+header __CRON_HEADER X-Cron-Env =~ /./
+meta D_SENT_BY_CRON __CRON_FROM && __CRON_HEADER
+score D_SENT_BY_CRON -5.0
+describe D_SENT_BY_CRON Sent by Cron Daemon
+
+# As documented in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861671,
+# the bb.barracudacentral.org blacklist requires users to register, making it
+# unsuitable for use in the default configuration. If you've registered your
+# use of this blacklist, remove the following line in order to re-activate
+# this service:
+score RCVD_IN_BRBL_LASTEXT 0
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file contains plugin activation commands for plugins included
+# in SpamAssassin 3.0.x releases. It will not be installed if you
+# already have a file in place called "init.pre".
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# RelayCountry - add metadata for Bayes learning, marking the countries
+# a message was relayed through
+#
+# Note: This requires the Geo::IP Perl module
+#
+# loadplugin Mail::SpamAssassin::Plugin::RelayCountry
+
+# URIDNSBL - look up URLs found in the message against several DNS
+# blocklists.
+#
+loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
+
+# Hashcash - perform hashcash verification.
+#
+loadplugin Mail::SpamAssassin::Plugin::Hashcash
+
+# SPF - perform SPF verification.
+#
+loadplugin Mail::SpamAssassin::Plugin::SPF
+
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# Only a small subset of options are listed below
+#
+###########################################################################
+
+# Add *****SPAM***** to the Subject header of spam e-mails
+#
+# rewrite_header Subject *****SPAM*****
+
+
+# Save spam messages as a message/rfc822 MIME attachment instead of
+# modifying the original message (0: off, 2: use text/plain instead)
+#
+# report_safe 1
+
+
+# Set which networks or hosts are considered 'trusted' by your mail
+# server (i.e. not spammers)
+#
+# trusted_networks 212.17.35.
+
+
+# Set file-locking method (flock is not safe over NFS, but is faster)
+#
+# lock_method flock
+
+
+# Set the threshold at which a message is considered spam (default: 5.0)
+#
+# required_score 5.0
+
+
+# Use Bayesian classifier (default: 1)
+#
+# use_bayes 1
+
+
+# Bayesian classifier auto-learning (default: 1)
+#
+# bayes_auto_learn 1
+
+
+# Set headers which may provide inappropriate cues to the Bayesian
+# classifier
+#
+# bayes_ignore_header X-Bogosity
+# bayes_ignore_header X-Spam-Flag
+# bayes_ignore_header X-Spam-Status
+
+
+# Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+# them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+# Some shortcircuiting, if the plugin is enabled
+#
+ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
+#
+# default: strongly-whitelisted mails are *really* whitelisted now, if the
+# shortcircuiting plugin is active, causing early exit to save CPU load.
+# Uncomment to turn this on
+#
+# shortcircuit USER_IN_WHITELIST on
+# shortcircuit USER_IN_DEF_WHITELIST on
+# shortcircuit USER_IN_ALL_SPAM_TO on
+# shortcircuit SUBJECT_IN_WHITELIST on
+
+# the opposite; blacklisted mails can also save CPU
+#
+# shortcircuit USER_IN_BLACKLIST on
+# shortcircuit USER_IN_BLACKLIST_TO on
+# shortcircuit SUBJECT_IN_BLACKLIST on
+
+# if you have taken the time to correctly specify your "trusted_networks",
+# this is another good way to save CPU
+#
+# shortcircuit ALL_TRUSTED on
+
+# and a well-trained bayes DB can save running rules, too
+#
+# shortcircuit BAYES_99 spam
+# shortcircuit BAYES_00 ham
+
+endif # Mail::SpamAssassin::Plugin::Shortcircuit
--- /dev/null
+#!/bin/sh
+
+#This scripts restarts amavisd-new after spamassassin
+#rules got updated
+
+NAME=amavisd-new
+AMAVISPID=/var/run/amavis/amavisd.pid
+INIT=/etc/init.d/amavis
+
+# stolen from dhcpd3 initscript
+# single arg is -v for messages, -q for none
+check_status()
+{
+ if [ ! -r "$AMAVISPID" ]; then
+ test "$1" != -v || echo "$NAME is not running."
+ return 3
+ fi
+ if read pid < "$AMAVISPID" && ps -p "$pid" > /dev/null 2>&1; then
+ test "$1" != -v || echo "$NAME is running."
+ return 0
+ else
+ test "$1" != -v || echo "$NAME is not running but $AMAVISPID exists."
+ return 1
+ fi
+}
+
+#exit if amavis is not running
+check_status || exit
+
+$INIT restart > /dev/null
+
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.1.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# DCC - perform DCC message checks.
+#
+# DCC is disabled here because it is not open source. See the DCC
+# license for more details.
+#
+#loadplugin Mail::SpamAssassin::Plugin::DCC
+
+# Pyzor - perform Pyzor message checks.
+#
+loadplugin Mail::SpamAssassin::Plugin::Pyzor
+
+# Razor2 - perform Razor2 message checks.
+#
+loadplugin Mail::SpamAssassin::Plugin::Razor2
+
+# SpamCop - perform SpamCop message reporting
+#
+loadplugin Mail::SpamAssassin::Plugin::SpamCop
+
+# AntiVirus - some simple anti-virus checks, this is not a replacement
+# for an anti-virus filter like Clam AntiVirus
+#
+#loadplugin Mail::SpamAssassin::Plugin::AntiVirus
+
+# AWL - do auto-whitelist checks
+#
+#loadplugin Mail::SpamAssassin::Plugin::AWL
+
+# AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning
+#
+loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
+
+# TextCat - language guesser
+#
+#loadplugin Mail::SpamAssassin::Plugin::TextCat
+
+# AccessDB - lookup from-addresses in access database
+#
+#loadplugin Mail::SpamAssassin::Plugin::AccessDB
+
+# WhitelistSubject - Whitelist/Blacklist certain subject regular expressions
+#
+loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
+
+###########################################################################
+# experimental plugins
+
+# DomainKeys - perform DomainKeys verification
+#
+# This plugin has been removed as of v3.3.0. Use the DKIM plugin instead,
+# which supports both Domain Keys and DKIM.
+
+# MIMEHeader - apply regexp rules against MIME headers in the message
+#
+loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
+# ReplaceTags
+#
+loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
+
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.1.2,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+
+###########################################################################
+# experimental plugins
+
+# DKIM - perform DKIM verification
+#
+# Mail::DKIM module required for use, see INSTALL for more information.
+#
+# Note that if C<Mail::DKIM> version 0.20 or later is installed, this
+# renders the DomainKeys plugin redundant.
+#
+loadplugin Mail::SpamAssassin::Plugin::DKIM
+
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.2.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# Check - Provides main check functionality
+#
+loadplugin Mail::SpamAssassin::Plugin::Check
+
+# HTTPSMismatch - find URI mismatches between href and anchor text
+#
+loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
+
+# URIDetail - test URIs using detailed URI information
+#
+loadplugin Mail::SpamAssassin::Plugin::URIDetail
+
+# Shortcircuit - stop evaluation early if high-accuracy rules fire
+#
+# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
+
+# Plugins which used to be EvalTests.pm
+# broken out into separate plugins
+loadplugin Mail::SpamAssassin::Plugin::Bayes
+loadplugin Mail::SpamAssassin::Plugin::BodyEval
+loadplugin Mail::SpamAssassin::Plugin::DNSEval
+loadplugin Mail::SpamAssassin::Plugin::HTMLEval
+loadplugin Mail::SpamAssassin::Plugin::HeaderEval
+loadplugin Mail::SpamAssassin::Plugin::MIMEEval
+loadplugin Mail::SpamAssassin::Plugin::RelayEval
+loadplugin Mail::SpamAssassin::Plugin::URIEval
+loadplugin Mail::SpamAssassin::Plugin::WLBLEval
+
+# VBounce - anti-bounce-message rules, see rules/20_vbounce.cf
+#
+loadplugin Mail::SpamAssassin::Plugin::VBounce
+
+# Rule2XSBody - speedup by compilation of ruleset to native code
+#
+# loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
+
+# ASN - Look up the Autonomous System Number of the connecting IP
+# and create a header containing ASN data for bayes tokenization.
+# See plugin's POD docs for usage info.
+#
+# loadplugin Mail::SpamAssassin::Plugin::ASN
+
+# ImageInfo - rules to match metadata of image attachments
+#
+loadplugin Mail::SpamAssassin::Plugin::ImageInfo
+
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.3.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# PhishTag - allows sites to rewrite suspect phish-mail URLs
+# (Note: this requires configuration, see http://umut.topkara.org/PhishTag)
+#
+#loadplugin Mail::SpamAssassin::Plugin::PhishTag
+
+# FreeMail - detect email addresses using free webmail services,
+# usable as input for other rules
+#
+loadplugin Mail::SpamAssassin::Plugin::FreeMail
+
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.4.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# AskDNS - forms a DNS query based on 'tags' as supplied by other plugins
+#
+loadplugin Mail::SpamAssassin::Plugin::AskDNS
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.4.1,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# TxRep - Reputation database that replaces AWL
+# loadplugin Mail::SpamAssassin::Plugin::TxRep
+
+# URILocalBL - Provides ISP and Country code based filtering as well as
+# quick IP based blocks without a full RBL implementation - Bug 7060
+
+# loadplugin Mail::SpamAssassin::Plugin::URILocalBL
+
+# PDFInfo - Use several methods to detect a PDF file's ham/spam traits
+# loadplugin Mail::SpamAssassin::Plugin::PDFInfo
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 3.4.1,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# HashBL - Use EBL email blocklist
+# loadplugin Mail::SpamAssassin::Plugin::HashBL
+
+# ResourceLimits - assure your spamd child processes
+# do not exceed specified CPU or memory limit
+# loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
+
+
+# FromNameSpoof - help stop spam that tries to spoof other domains using
+# the from name
+# loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof
+
+# Phishing - finds uris used in phishing campaigns detected by
+# OpenPhish or PhishTank feeds.
+# loadplugin Mail::SpamAssassin::Plugin::Phishing
+
+# allow URI rules to look at DKIM headers if they exist
+parse_dkim_uris 1
--- /dev/null
+[Service]
+ExecStartPre=-/bin/mkdir /run/clamav
+ExecStartPre=/bin/chown clamav /run/clamav
--- /dev/null
+/lib/systemd/system/clamav-daemon.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/clamav-freshclam.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/dovecot.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/lm-sensors.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/nginx.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/php7.3-fpm.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/phpsessionclean.timer
\ No newline at end of file
--- /dev/null
+[Dovecot IMAP]
+title=Secure mail server (IMAP)
+description=Dovecot is a mail server whose major goals are security and extreme
+ reliability.
+ports=143/tcp
+
+[Dovecot Secure IMAP]
+title=Secure mail server (IMAPS)
+description=Dovecot is a mail server whose major goals are security and extreme
+ reliability.
+ports=993/tcp
--- /dev/null
+[Dovecot POP3]
+title=Secure mail server (POP3)
+description=Dovecot is a mail server whose major goals are security and extreme
+ reliability.
+ports=110/tcp
+
+[Dovecot Secure POP3]
+title=Secure mail server (POP3S)
+description=Dovecot is a mail server whose major goals are security and extreme
+ reliability.
+ports=995/tcp
--- /dev/null
+[Nginx HTTP]
+title=Web Server (Nginx, HTTP)
+description=Small, but very powerful and efficient web server
+ports=80/tcp
+
+[Nginx HTTPS]
+title=Web Server (Nginx, HTTPS)
+description=Small, but very powerful and efficient web server
+ports=443/tcp
+
+[Nginx Full]
+title=Web Server (Nginx, HTTP + HTTPS)
+description=Small, but very powerful and efficient web server
+ports=80,443/tcp
--- /dev/null
+This is staging directory for uWSGI configuration files.
+
+You should place configuration files here and create soft links to them in
+/etc/uwsgi/apps-enabled directory.
+
+See also /etc/uwsgi/apps-enabled/README.
--- /dev/null
+Some files found in this directory are processed by uWSGI init.d script as
+uWSGI configuration files.
+
+On system boot for each configuration file new uWSGI daemon instance is started
+with additional option. Name of this option is based on configuration file
+extension. Path to configuration files is passed as option value.
+
+See more detailed information at:
+ * /usr/share/doc/uwsgi/README.Debian.gz
+ * /etc/default/uwsgi
projects / config / helga-hetzner / etc.git / commitdiff