# # Simple greylisting config file using the new features # See greylist2.conf for a more detailed list of available options # http://milter-greylist.wikidot.com/greylist2-conf # $Id: greylist.conf,v 1.42.2.1 2008/02/27 05:01:47 manu Exp $ # pidfile "/var/run/milter-greylist.pid" socket "/var/milter-greylist/milter-greylist.sock" dumpfile "/var/milter-greylist/greylist.db" # How often should we dump to the dumpfile (0: on each change, -1: never). # I'd like to see some RESULTS! dumpfreq 10m # default: 1 #dumpfreq 1 user "mail" # Log milter-greylist activity to a file #stat ">>/var/milter-greylist/greylist.log" \ # "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh\n" # Same, sent to syslog stat "|logger -p local7.info" \ "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh" # Be verbose (or use -v flag) #verbose # Do not tell spammer how long they have to wait quiet # MX peering #peer 192.0.2.17 #peer 192.0.2.18 # Your own network, which should not suffer greylisting # list "my network" addr { 127.0.0.1/8 10.0.0.0/8 192.0.2.0/24 } # MXM: list "my network" addr { 127.0.0.1/8 } # This is a list of broken MTAs that break with greylisting. Derived from # http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16 list "broken mta" addr { \ 12.5.136.141/32 \ # Southwest Airlines (unique sender) 12.5.136.142/32 \ # Southwest Airlines 12.5.136.143/32 \ # Southwest Airlines 12.5.136.144/32 \ # Southwest Airlines 12.107.209.244/32 \ # kernel.org (unique sender) 12.107.209.250/32 \ # sourceware.org (unique sender) 63.82.37.110/32 \ # SLmail 63.169.44.143/32 \ # Southwest Airlines 63.169.44.144/32 \ # Southwest Airlines 64.7.153.18/32 \ # sentex.ca (common pool) 64.12.136.0/24 \ # AOL (common pool) 64.12.137.0/24 \ # AOL 64.12.138.0/24 \ # AOL 64.124.204.39 \ # moveon.org (unique sender) 64.125.132.254/32 \ # collab.net (unique sender) 64.233.160.0/19 \ # Google 66.94.237.16/28 \ # Yahoo Groups servers (common pool) 66.94.237.32/28 \ # Yahoo Groups servers (common pool) 66.94.237.48/30 \ # Yahoo Groups servers (common pool) 66.100.210.82/32 \ # Groupwise? 66.135.192.0/19 \ # Ebay 66.162.216.166/32 \ # Groupwise? 66.206.22.82/32 \ # Plexor 66.206.22.83/32 \ # Plexor 66.206.22.84/32 \ # Plexor 66.206.22.85/32 \ # Plexor 66.218.66.0/23 \ # Yahoo Groups servers (common pool) 66.218.67.0/23 \ # Yahoo Groups servers (common pool) 66.218.68.0/23 \ # Yahoo Groups servers (common pool) 66.218.69.0/23 \ # Yahoo Groups servers (common pool) 66.27.51.218/32 \ # ljbtc.com (Groupwise) 66.102.0.0/20 \ # Google 66.249.80.0/20 \ # Google 72.14.192.0/18 \ # Google 152.163.225.0/24 \ # AOL 194.245.101.88/32 \ # Joker.com 195.235.39.19/32 \ # Tid InfoMail Exchanger v2.20 195.238.2.0/24 \ # skynet.be (wierd retry pattern, common pool) 195.238.3.0/24 \ # skynet.be 195.46.220.208/32 \ # mgn.net 195.46.220.209/32 \ # mgn.net 195.46.220.210/32 \ # mgn.net 195.46.220.211/32 \ # mgn.net 195.46.220.221/32 \ # mgn.net 195.46.220.222/32 \ # mgn.net 195.238.2.0/24 \ # skynet.be (wierd retry pattern) 195.238.3.0/24 \ # skynet.be 204.107.120.10/32 \ # Ameritrade (no retry) 205.188.0.0/16 \ # AOL 205.206.231.0/24 \ # SecurityFocus.com (unique sender) 207.115.63.0/24 \ # Prodigy - retries continually 207.171.168.0/24 \ # Amazon.com 207.171.180.0/24 \ # Amazon.com 207.171.187.0/24 \ # Amazon.com 207.171.188.0/24 \ # Amazon.com 207.171.190.0/24 \ # Amazon.com 209.132.176.174/32 \ # sourceware.org mailing lists (unique sender) 209.85.128.0/17 \ # Google 211.29.132.0/24 \ # optusnet.com.au (wierd retry pattern) 213.136.52.31/32 \ # Mysql.com (unique sender) 216.33.244.0/24 \ # Ebay 216.239.32.0/19 \ # Google 217.158.50.178/32 \ # AXKit mailing list (unique sender) } # List of users that want greylisting list "grey users" rcpt { \ user1@example.com \ user2@example.com \ user3@example.com \ } # Give this a try if you enabled DNSRBL #dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10 #dnsrbl "SBL" sbl-xbl.spamhaus.org 127.0.0.2 #dnsrbl "CBL" sbl-xbl.spamhaus.org 127.0.0.4 #dnsrbl "NJABL" sbl-xbl.spamhaus.org 127.0.0.5 #dnsrbl "PBL" zen.spamhaus.org 127.0.0.10/31 #dnsrbl "TQM3-DHCP" dhcp.tqmcube.com 127.0.0.2 #dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16 # Here is an example of user preference pulled from a LDAP directory # (requires building --with-libcurl). If the milterGreylistStatus # attribute is set to TRUE, then $usrRBL will be usable later in the # ACL and will carry the values of the usrRBL attribute. # urlcheck "userpref" \ # "ldap://localhost/dc=example,dc=net?milterGreylistStatus,usrRBL?one?mail=%r" \ # 30 getprop clear fork # And here is the access list racl whitelist list "my network" racl whitelist list "broken mta" #racl whitelist dnsrbl "MTAWL" #racl blacklist urlcheck "userpref" $usrRBL "CBL" dnsrbl "CBL" \ # msg "Sender IP caught in CBL blacklist" #racl blacklist $usrRBL "SBL" dnsrbl "BBL" \ # msg "Sender IP caught in SBL blacklist" #racl blacklist $usrRBL "NJABL" dnsrbl "NJABL" \ # msg "Sender IP caught in NJABL blacklist" #racl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d racl greylist list "grey users" delay 30m autowhite 3d # As found in the distribution: #racl whitelist default # # "racl whitelist default" provides some useful evidence that # milter-greylist is working (with some of the options below). # Test messages will come through with X-Greylist headers. # Then it's time to get serious. # MXM: start greylist for everybody not exempted already racl greylist default delay 10m autowhite 3d # Example of content filtering for fighting image SPAM #dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \ # msg "Sorry, We do not accept images embedded in HTML" ########################################################################## # # Added by MXM--to see whether milter-greylist is working # # This option tells milter-greylist when it should # add an X-Greylist header. Default is all, which # causes a header to always be added. Other possible # values are none, delays and nodelays report all # This option attempts to make milter-greylist more # friendly with sender callback systems. When the # message is from <>, it will be temporarily # rejected at the DATA stage instead of the RCPT # stage of the SMTP transaction. In the case of a # multi recipient DSN, whitelisted recipient will # not be honoured. delayedreject # Uncomment if you want auto-whitelist to work for # the IP rather than for the (IP, sender, receiver) # tuple. #lazyaw # This option disables the conversion of the time specified in the # integer format to humanly readable format in the comment of each # line in the dumpfile. # Time needed in order to dump large dumpfiles (several milion # entries/few 100's of MB) can be significantly improved. dump_no_time_translation # This option causes greylist entries that expire to be logged via # syslog. This allows you to collect the IP addresses and sender # names and use them for blacklisting, SPAM scoring, etc. logexpired # # Something not in the distribution greylist.conf # # The geoipdb statement is used to specify the location of GeoIP database geoipdb "/usr/share/GeoIP/GeoIP.dat"