# # Simple greylisting config file using the new features # See greylist2.conf for a more detailed list of available options # # $Id: greylist.conf,v 1.49 2013/01/27 02:10:19 manu Exp $ # pidfile "/var/run/milter-greylist.pid" socket "/var/milter-greylist/milter-greylist.sock" 666 dumpfile "/var/milter-greylist/greylist.db" 600 dumpfreq 1 user "mailnull:mailnull" # Log milter-greylist activity to a file #stat ">>/var/milter-greylist/greylist.log" \ # "%T{%Y/%m/%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n" # Same, sent to syslog #stat "|logger -p local7.info" \ # "%T{%Y/%m/%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh" # Be verbose (or use -v flag) #verbose # Do not tell spammer how long they have to wait # quiet # MX peering #peer 192.0.2.17 #peer 192.0.2.18 # Your own network, which should not suffer greylisting list "my network" addr { 127.0.0.1/8 10.0.0.0/8 192.0.2.0/24 144.76.7.58/32 } # This is a list of broken MTAs that break with greylisting. Derived from # http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16 list "broken mta" addr { \ 12.5.136.141/32 \ # Southwest Airlines (unique sender) 12.5.136.142/32 \ # Southwest Airlines 12.5.136.143/32 \ # Southwest Airlines 12.5.136.144/32 \ # Southwest Airlines 12.107.209.244/32 \ # kernel.org (unique sender) 12.107.209.250/32 \ # sourceware.org (unique sender) 63.82.37.110/32 \ # SLmail 63.169.44.143/32 \ # Southwest Airlines 63.169.44.144/32 \ # Southwest Airlines 64.7.153.18/32 \ # sentex.ca (common pool) 64.12.136.0/24 \ # AOL (common pool) 64.12.137.0/24 \ # AOL 64.12.138.0/24 \ # AOL 64.124.204.39 \ # moveon.org (unique sender) 64.125.132.254/32 \ # collab.net (unique sender) 64.233.160.0/19 \ # Google 66.94.237.16/28 \ # Yahoo Groups servers (common pool) 66.94.237.32/28 \ # Yahoo Groups servers (common pool) 66.94.237.48/30 \ # Yahoo Groups servers (common pool) 66.100.210.82/32 \ # Groupwise? 66.135.192.0/19 \ # Ebay 66.162.216.166/32 \ # Groupwise? 66.206.22.82/32 \ # Plexor 66.206.22.83/32 \ # Plexor 66.206.22.84/32 \ # Plexor 66.206.22.85/32 \ # Plexor 66.218.66.0/23 \ # Yahoo Groups servers (common pool) 66.218.67.0/23 \ # Yahoo Groups servers (common pool) 66.218.68.0/23 \ # Yahoo Groups servers (common pool) 66.218.69.0/23 \ # Yahoo Groups servers (common pool) 66.27.51.218/32 \ # ljbtc.com (Groupwise) 66.102.0.0/20 \ # Google 66.249.80.0/20 \ # Google 72.14.192.0/18 \ # Google 74.125.0.0/16 \ # Google 152.163.225.0/24 \ # AOL 194.245.101.88/32 \ # Joker.com 195.235.39.19/32 \ # Tid InfoMail Exchanger v2.20 195.238.2.0/24 \ # skynet.be (wierd retry pattern, common pool) 195.238.3.0/24 \ # skynet.be 195.46.220.208/32 \ # mgn.net 195.46.220.209/32 \ # mgn.net 195.46.220.210/32 \ # mgn.net 195.46.220.211/32 \ # mgn.net 195.46.220.221/32 \ # mgn.net 195.46.220.222/32 \ # mgn.net 195.238.2.0/24 \ # skynet.be (wierd retry pattern) 195.238.3.0/24 \ # skynet.be 204.107.120.10/32 \ # Ameritrade (no retry) 205.188.0.0/16 \ # AOL 205.206.231.0/24 \ # SecurityFocus.com (unique sender) 207.115.63.0/24 \ # Prodigy - retries continually 207.171.168.0/24 \ # Amazon.com 207.171.180.0/24 \ # Amazon.com 207.171.187.0/24 \ # Amazon.com 207.171.188.0/24 \ # Amazon.com 207.171.190.0/24 \ # Amazon.com 209.132.176.174/32 \ # sourceware.org mailing lists (unique sender) 209.85.128.0/17 \ # Google 211.29.132.0/24 \ # optusnet.com.au (wierd retry pattern) 213.136.52.31/32 \ # Mysql.com (unique sender) 216.33.244.0/24 \ # Ebay 216.239.32.0/19 \ # Google 217.158.50.178/32 \ # AXKit mailing list (unique sender) } # List of users that want greylisting list "grey users" rcpt { \ user1@example.com \ user2@example.com \ user3@example.com \ } geoipdb "/usr/local/share/GeoIP/GeoIP.dat" # Give this a try if you enabled DNSRBL #dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10 dnsrbl "SBL" sbl-xbl.spamhaus.org 127.0.0.2 dnsrbl "CBL" sbl-xbl.spamhaus.org 127.0.0.4 #dnsrbl "NJABL" sbl-xbl.spamhaus.org 127.0.0.5 dnsrbl "PBL" zen.spamhaus.org 127.0.0.10/31 #dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16 # Here is an example of user preference pulled from a LDAP directory # (requires building --with-libcurl). If the milterGreylistStatus # attribute is set to TRUE, then $usrRBL will be usable later in the # ACL and will carry the values of the usrRBL attribute. # urlcheck "userpref" \ # "ldap://localhost/dc=example,dc=net?milterGreylistStatus,usrRBL?one?mail=%r" \ # 30 getprop clear fork # And here is the access list racl whitelist list "my network" racl whitelist list "broken mta" #racl whitelist dnsrbl "MTAWL" racl blacklist dnsrbl "CBL" msg "Sender IP caught in CBL blacklist" racl blacklist dnsrbl "SBL" msg "Sender IP caught in SBL blacklist" racl blacklist dnsrbl "PBL" msg "Sender IP caught in PBL blacklist" #racl blacklist $usrRBL "SBL" dnsrbl "BBL" \ # msg "Sender IP caught in SBL blacklist" #racl blacklist $usrRBL "NJABL" dnsrbl "NJABL" \ # msg "Sender IP caught in NJABL blacklist" #racl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d #racl greylist list "grey users" delay 5m autowhite 3d #racl whitelist default racl greylist default delay 5m autowhite 3d # Example of content filtering for fighting image SPAM #dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \ # msg "Sorry, We do not accept images embedded in HTML"