# # Greylisting config file with a lot of options explained # # $Id: greylist2.conf,v 1.1 2006/08/20 04:49:49 manu Exp $ # # Uncomment this to enable debug output. # Note that options appearing before the "verbose" option in this # file will not be treated verbosely. # May be overridden by the "-v" command line argument. #verbose # If you work with multiple MXs, list them with # peer entries to enable greylist sync among the MXs. #peer 192.0.2.17 #peer 192.0.2.18 # You may wish to use a specific local address or port for # syncing between MXs. Of course one of your interfaces # must have the address assigned. An '*' for the address # means any address. #syncaddr * #syncaddr * port 7689 #syncaddr 192.0.2.2 #syncaddr 192.0.2.2 port 9785 #syncaddr 2001:db8::1:c3b5:123 #syncaddr 2001:db8::1:c3b5:123 port 1234 # Specific IP-Address for outbound sync-connections # between MXs. If blank, system selects an ip. # syncsrcaddr 123.45.678.9 # Greylisting your own MTA is a very bad idea: never # comment this line, except for testing purposes. acl whitelist addr 127.0.0.0/8 # If you use IPv6, uncomment this. #acl whitelist addr ::1/128 # You will want to avoid greylisting your own clients # as well, by filtering out your IP address blocks. # Here is an example if you use 192.0.2.0/16. #acl whitelist addr 192.0.2.0/16 # It is also possible to whitelist sender # machines using their DNS names. #acl whitelist domain example.net # You can avoid greylisting by filtering on the sender # envelope address, but this is not a good idea: it # can be trivially forged. #acl whitelist from friendly@example.com # Some of your users do not get any spam because # their addresses have never been collected by # spammers. They will want to avoid the extra delivery # delay caused by grey listing. You can filter on the # recipient envelope address to achieve that. #acl whitelist rcpt John.Doe@example.net # It is possible to use regular expressions in domain, from # and rcpt lines. The expression must be enclosed by # slashes (/). Note that no escaping is available to # provide slashes inside the regular expression. #acl whitelist rcpt /.*@example\.net/ # This option tells milter-greylist when it should # add an X-Greylist header. Default is all, which # causes a header to always be added. Other possible # values are none, delays and nodelays #report all # This option attempts to make milter-greylist more # friendly with sender callback systems. When the # message is from <>, it will be temporarily # rejected at the DATA stage instead of the RCPT # stage of the SMTP transaction. In the case of a # multi recipient DSN, whitelisted recipient will # not be honoured. #delayedreject # Uncomment if you want auto-whitelist to work for # the IP rather than for the (IP, sender, receiver) # tuple. #lazyaw # How often should we dump to the dumpfile (0: on each change, -1: never). #dumpfreq 10m # This option disables the conversion of the time specified in the # integer format to humanly readable format in the comment of each # line in the dumpfile. # Time needed in order to dump large dumpfiles (several milion # entries/few 100's of MB) can be significantly improved. #dump_no_time_translation # This option causes greylist entries that expire to be logged via # syslog. This allows you to collect the IP addresses and sender # names and use them for blacklisting, SPAM scoring, etc. #logexpired # How long will the greylist database retain tuples. #timeout 5d # Do not use ${greylist} macros from sendmail's access DB. #noaccessdb # Use extended regular expressions instead of basic # regular expressions. #extendedregex # # All of the following options have command-line equivalents. # See greylist.conf(5) for the exact equivalences. # # How long a client has to wait before we accept # the messages it retries to send. Here, 1 hour. # May be overridden by the "-w greylist_delay" command line argument. #greylist 1h # How long does auto-whitelisting last (set it to 0 # to disable auto-whitelisting). Here, 3 days. # May be overridden by the "-a autowhite_delay" command line argument. #autowhite 3d # Specify the netmask to be used when checking IPv4 addresses # in the greylist. # May be overridden by the "-L cidrmask" command line argument. #subnetmatch /24 # Specify the netmask to be used when checking IPv6 addresses # in the greylist. # May be overridden by the "-M prefixlen" command line argument. #subnetmatch6 /64 # Normally, clients that succeed SMTP AUTH are not # greylisted. Uncomment this if you want to # greylist them regardless of SMTP AUTH. # May be overridden by the "-A" command line argument. #noauth # If milter-greylist was built with SPF support, then # SPF-compliant senders are not greylisted. Uncomment # this to greylist them regardless of SPF compliance. # May be overridden by the "-S" command line argument. #nospf # If milter-greylist was built with DRAC support, # then DRAC DB location can be specified here #drac db "/usr/local/etc/drac.db" # Uncomment this to disable DRAC #nodrac # Uncomment if you want milter-greylist to remain # in the foreground (no daemon). # May be overridden by the "-D" command line argument. #nodetach # Uncomment this if you do not want milter-greylist # to tell its clients how long they are greylisted. # May be overridden by the "-q" command line argument. #quiet # You can specify a file where milter-greylist will # store its PID. # May be overridden by the "-P pidfile" command line argument. #pidfile "/var/run/milter-greylist.pid" # You can specify the socket file used to communicate # with sendmail. # May be overridden by the "-p socket" command line argument. #socket "/var/milter-greylist/milter-greylist.sock" # The dumpfile location. # May be overridden by the "-d dumpfile" command line argument. #dumpfile "/var/milter-greylist/greylist.db" # The user the milter should run as. # May be overridden by the "-u username" command line argument. #user "smmsp" # This is a list of broken MTAs that break with greylisting. Copied from # http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.12 acl whitelist addr 12.5.136.141/32 # Southwest Airlines (unique sender) acl whitelist addr 12.5.136.142/32 # Southwest Airlines acl whitelist addr 12.5.136.143/32 # Southwest Airlines acl whitelist addr 12.5.136.144/32 # Southwest Airlines acl whitelist addr 12.107.209.244/32 # kernel.org (unique sender) acl whitelist addr 12.107.209.250/32 # sourceware.org (unique sender) acl whitelist addr 63.82.37.110/32 # SLmail acl whitelist addr 64.7.153.18/32 # sentex.ca (common pool) acl whitelist addr 64.12.136.0/24 # AOL (common pool) acl whitelist addr 64.12.137.0/24 # AOL acl whitelist addr 64.12.138.0/24 # AOL acl whitelist addr 64.124.204.39 # moveon.org (unique sender) acl whitelist addr 64.125.132.254/32 # collab.net (unique sender) acl whitelist addr 66.94.237.16/28 # Yahoo Groups servers (common pool) acl whitelist addr 66.94.237.32/28 # Yahoo Groups servers (common pool) acl whitelist addr 66.94.237.48/30 # Yahoo Groups servers (common pool) acl whitelist addr 66.100.210.82/32 # Groupwise? acl whitelist addr 66.135.192.0/19 # Ebay acl whitelist addr 66.162.216.166/32 # Groupwise? acl whitelist addr 66.206.22.82/32 # Plexor acl whitelist addr 66.206.22.83/32 # Plexor acl whitelist addr 66.206.22.84/32 # Plexor acl whitelist addr 66.206.22.85/32 # Plexor acl whitelist addr 66.218.66.0/23 # Yahoo Groups servers (common pool) acl whitelist addr 66.218.67.0/23 # Yahoo Groups servers (common pool) acl whitelist addr 66.218.68.0/23 # Yahoo Groups servers (common pool) acl whitelist addr 66.27.51.218/32 # ljbtc.com (Groupwise) acl whitelist addr 152.163.225.0/24 # AOL acl whitelist addr 194.245.101.88/32 # Joker.com acl whitelist addr 195.235.39.19/32 # Tid InfoMail Exchanger v2.20 acl whitelist addr 195.46.220.208/32 # mgn.net acl whitelist addr 195.46.220.209/32 # mgn.net acl whitelist addr 195.46.220.210/32 # mgn.net acl whitelist addr 195.46.220.211/32 # mgn.net acl whitelist addr 195.46.220.221/32 # mgn.net acl whitelist addr 195.46.220.222/32 # mgn.net acl whitelist addr 195.238.2.0/24 # skynet.be (wierd retry pattern) acl whitelist addr 195.238.3.0/24 # skynet.be acl whitelist addr 204.107.120.10/32 # Ameritrade (no retry) acl whitelist addr 205.188.0.0/16 # AOL acl whitelist addr 205.206.231.0/24 # SecurityFocus.com (unique sender) acl whitelist addr 207.115.63.0/24 # Prodigy - retries continually acl whitelist addr 207.171.168.0/24 # Amazon.com acl whitelist addr 207.171.180.0/24 # Amazon.com acl whitelist addr 207.171.187.0/24 # Amazon.com acl whitelist addr 207.171.188.0/24 # Amazon.com acl whitelist addr 207.171.190.0/24 # Amazon.com acl whitelist addr 211.29.132.0/24 # optusnet.com.au (wierd retry pattern) acl whitelist addr 213.136.52.31/32 # Mysql.com (unique sender) acl whitelist addr 216.33.244.0/24 # Ebay acl whitelist addr 217.158.50.178/32 # AXKit mailing list (unique sender)