Differences

This shows you the differences between two versions of the page.

Link to this comparison view

blog:sample-greylist.conf [2017/07/13 20:33] (current)
Line 1: Line 1:
 +<​code>​
 +#
 +# Simple greylisting config file using the new features
 +# See greylist2.conf for a more detailed list of available options
 +#     ​http://​milter-greylist.wikidot.com/​greylist2-conf
 +# $Id: greylist.conf,​v 1.42.2.1 2008/02/27 05:01:47 manu Exp $
 +#
 +
 +pidfile "/​var/​run/​milter-greylist.pid"​
 +socket "/​var/​milter-greylist/​milter-greylist.sock"​
 +dumpfile "/​var/​milter-greylist/​greylist.db"​
 +# How often should we dump to the dumpfile (0: on each change, -1: never).
 +# I'd like to see some RESULTS!
 +dumpfreq 10m
 +# default: 1
 +#dumpfreq 1
 +user "​mail"​
 +
 +# Log milter-greylist activity to a file
 +#stat ">>/​var/​milter-greylist/​greylist.log"​ \
 +#      "​%T{%Y/​%m/​%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh\n"
 +# Same, sent to syslog
 +stat "​|logger -p local7.info"​ \
 +      "​%T{%Y/​%m/​%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh"
 +
 +# Be verbose (or use -v flag)
 +#verbose
 +
 +# Do not tell spammer how long they have to wait
 +quiet
 +
 +# MX peering
 +#peer 192.0.2.17
 +#peer 192.0.2.18
 +
 +# Your own network, which should not suffer greylisting
 +# list "my network"​ addr { 127.0.0.1/8 10.0.0.0/8 192.0.2.0/​24 }
 +#    MXM:
 +list "my network"​ addr { 127.0.0.1/8 }
 +
 +# This is a list of broken MTAs that break with greylisting. Derived from
 +# http://​cvs.puremagic.com/​viewcvs/​greylisting/​schema/​whitelist_ip.txt?​rev=1.16
 +list "​broken mta" addr {   \
 + 12.5.136.141/​32 ​   \ # Southwest Airlines (unique sender)
 + 12.5.136.142/​32 ​   \ # Southwest Airlines
 + 12.5.136.143/​32 ​   \ # Southwest Airlines
 + 12.5.136.144/​32 ​   \ # Southwest Airlines
 + 12.107.209.244/​32 ​ \ # kernel.org (unique sender)
 + 12.107.209.250/​32 ​ \ # sourceware.org (unique sender)
 + 63.82.37.110/​32 ​   \ # SLmail
 + 63.169.44.143/​32 ​  \ # Southwest Airlines
 + 63.169.44.144/​32 ​  \ # Southwest Airlines
 + 64.7.153.18/​32 ​    \ # sentex.ca (common pool)
 + 64.12.136.0/​24 ​    \ # AOL (common pool)
 + 64.12.137.0/​24 ​    \ # AOL
 + 64.12.138.0/​24 ​    \ # AOL
 + 64.124.204.39 ​     \ # moveon.org (unique sender)
 + 64.125.132.254/​32 ​ \ # collab.net (unique sender)
 + 64.233.160.0/​19 ​   \ # Google
 + 66.94.237.16/​28 ​   \ # Yahoo Groups servers (common pool)
 + 66.94.237.32/​28 ​   \ # Yahoo Groups servers (common pool)
 + 66.94.237.48/​30 ​   \ # Yahoo Groups servers (common pool)
 + 66.100.210.82/​32 ​  \ # Groupwise?
 + 66.135.192.0/​19 ​   \ # Ebay
 + 66.162.216.166/​32 ​ \ # Groupwise?
 + 66.206.22.82/​32 ​   \ # Plexor
 + 66.206.22.83/​32 ​   \ # Plexor
 + 66.206.22.84/​32 ​   \ # Plexor
 + 66.206.22.85/​32 ​   \ # Plexor
 + 66.218.66.0/​23 ​    \ # Yahoo Groups servers (common pool)
 + 66.218.67.0/​23 ​    \ # Yahoo Groups servers (common pool)
 + 66.218.68.0/​23 ​    \ # Yahoo Groups servers (common pool)
 + 66.218.69.0/​23 ​    \ # Yahoo Groups servers (common pool)
 + 66.27.51.218/​32 ​   \ # ljbtc.com (Groupwise)
 + 66.102.0.0/​20 ​     \ # Google
 + 66.249.80.0/​20 ​    \ # Google
 + 72.14.192.0/​18 ​    \ # Google
 + 152.163.225.0/​24 ​  \ # AOL
 + 194.245.101.88/​32 ​ \ # Joker.com
 + 195.235.39.19/​32 ​  \ # Tid InfoMail Exchanger v2.20
 + 195.238.2.0/​24 ​    \ # skynet.be (wierd retry pattern, common pool)
 + 195.238.3.0/​24 ​    \ # skynet.be
 + 195.46.220.208/​32 ​ \ # mgn.net
 + 195.46.220.209/​32 ​ \ # mgn.net
 + 195.46.220.210/​32 ​ \ # mgn.net
 + 195.46.220.211/​32 ​ \ # mgn.net
 + 195.46.220.221/​32 ​ \ # mgn.net
 + 195.46.220.222/​32 ​ \ # mgn.net
 + 195.238.2.0/​24 ​    \ # skynet.be (wierd retry pattern)
 + 195.238.3.0/​24 ​    \ # skynet.be
 + 204.107.120.10/​32 ​ \ # Ameritrade (no retry)
 + 205.188.0.0/​16 ​    \ # AOL
 + 205.206.231.0/​24 ​  \ # SecurityFocus.com (unique sender)
 + 207.115.63.0/​24 ​   \ # Prodigy - retries continually
 + 207.171.168.0/​24 ​  \ # Amazon.com
 + 207.171.180.0/​24 ​  \ # Amazon.com
 + 207.171.187.0/​24 ​  \ # Amazon.com
 + 207.171.188.0/​24 ​  \ # Amazon.com
 + 207.171.190.0/​24 ​  \ # Amazon.com
 + 209.132.176.174/​32 \ # sourceware.org mailing lists (unique sender)
 + 209.85.128.0/​17 ​   \ # Google
 + 211.29.132.0/​24 ​   \ # optusnet.com.au (wierd retry pattern)
 + 213.136.52.31/​32 ​  \ # Mysql.com (unique sender)
 + 216.33.244.0/​24 ​   \ # Ebay
 + 216.239.32.0/​19 ​   \ # Google
 + 217.158.50.178/​32 ​ \ # AXKit mailing list (unique sender)
 +}
 +
 +# List of users that want greylisting
 +list "grey users" rcpt {  \
 + user1@example.com \
 + user2@example.com \
 + user3@example.com \
 +}
 +
 +# Give this a try if you enabled DNSRBL
 +#dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
 +#dnsrbl "​SBL"​ sbl-xbl.spamhaus.org 127.0.0.2
 +#dnsrbl "​CBL"​ sbl-xbl.spamhaus.org 127.0.0.4
 +#dnsrbl "​NJABL"​ sbl-xbl.spamhaus.org 127.0.0.5
 +#dnsrbl "​PBL"​ zen.spamhaus.org 127.0.0.10/​31
 +#dnsrbl "​TQM3-DHCP"​ dhcp.tqmcube.com 127.0.0.2
 +#dnsrbl "​MTAWL"​ list.dnswl.org 127.0.0.0/​16
 +
 +# Here is an example of user preference pulled from a LDAP directory
 +# (requires building --with-libcurl). If the milterGreylistStatus ​
 +# attribute is set to TRUE, then $usrRBL will be usable later in the
 +# ACL and will carry the values of the usrRBL attribute.
 +# urlcheck "​userpref"​ \
 +# "​ldap://​localhost/​dc=example,​dc=net?​milterGreylistStatus,​usrRBL?​one?​mail=%r"​ \
 +# 30 getprop clear fork
 +
 +# And here is the access list
 +racl whitelist list "my network"​
 +racl whitelist list "​broken mta"
 +#racl whitelist dnsrbl "​MTAWL"​
 +#racl blacklist urlcheck "​userpref"​ $usrRBL "​CBL"​ dnsrbl "​CBL"​ \
 +#               msg "​Sender IP caught in CBL blacklist"​
 +#racl blacklist $usrRBL "​SBL"​ dnsrbl "​BBL"​ \
 +#               msg "​Sender IP caught in SBL blacklist"​
 +#racl blacklist $usrRBL "​NJABL"​ dnsrbl "​NJABL"​ \
 +#               msg "​Sender IP caught in NJABL blacklist"​
 +#racl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d
 +racl greylist list "grey users" delay 30m autowhite 3d
 +#  As found in the distribution:​
 +#racl whitelist default
 +#
 +# "racl whitelist default"​ provides some useful evidence that
 +# milter-greylist is working (with some of the options below).
 +# Test messages will come through with X-Greylist headers.
 +# Then it's time to get serious.
 +# MXM: start greylist for everybody not exempted already
 +racl greylist default delay 10m autowhite 3d
 +
 +# Example of content filtering for fighting image SPAM
 +#dacl blacklist body /​src[:​blank:​]*=(3D)?​[:​blank:​]*["'​]?​[:​blank:​]*cid:/​ \
 +#     msg "​Sorry,​ We do not accept images embedded in HTML"
 +
 +##########################################################################​
 +#  ​
 +# Added by MXM--to see whether milter-greylist is working
 +#
 +
 +# This option tells milter-greylist when it should
 +# add an X-Greylist header. Default is all, which
 +# causes a header to always be added. Other possible
 +# values are none, delays and nodelays
 +report all
 +
 +# This option attempts to make milter-greylist more
 +# friendly with sender callback systems. When the
 +# message is from <>, it will be temporarily
 +# rejected at the DATA stage instead of the RCPT
 +# stage of the SMTP transaction. In the case of a
 +# multi recipient DSN, whitelisted recipient will
 +# not be honoured.
 +delayedreject
 +
 +# Uncomment if you want auto-whitelist to work for
 +# the IP rather than for the (IP, sender, receiver)
 +# tuple.
 +#lazyaw
 +
 +# This option disables the conversion of the time specified in the
 +# integer format to humanly readable format in the comment of each
 +# line in the dumpfile.
 +# Time needed in order to dump large dumpfiles (several milion ​
 +# entries/few 100's of MB) can be significantly improved.
 +dump_no_time_translation
 +
 +# This option causes greylist entries that expire to be logged via
 +# syslog. ​ This allows you to collect the IP addresses and sender
 +# names and use them for blacklisting,​ SPAM scoring, etc.
 +logexpired
 +
 +#
 +# Something not in the distribution greylist.conf
 +#
 +# The geoipdb statement is used to specify the location of GeoIP database
 +geoipdb "/​usr/​share/​GeoIP/​GeoIP.dat"​
 +</​code>​
  
 
blog/sample-greylist.conf.txt ยท Last modified: 2017/07/13 20:33 (external edit)
 
Recent changes RSS feed Creative Commons License Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki