# # Greylisting config file # # $Id: greylist.conf,v 1.30 2005/06/09 20:28:43 manu Exp $ # # Uncomment this to enable debug output. # Note that options appearing before the "verbose" option in this # file will not be treated verbosely. # May be overridden by the "-v" command line argument. #verbose # If you work with multiple MXs, list them with # peer entries to enable greylist sync among the MXs. # JKF List the other MX hosts here peer 152.78.71.14 peer 152.78.68.137 peer 152.78.71.84 peer 152.78.68.178 peer 152.78.71.210 peer 152.78.68.132 # You may wish to use a specific local address or port for # syncing between MXs. Of course one of your interfaces # must have the address assigned. An '*' for the address # means any address. #syncaddr * #syncaddr * port 7689 #syncaddr 192.0.2.2 #syncaddr 192.0.2.2 port 9785 #syncaddr 2001:db8::1:c3b5:123 #syncaddr 2001:db8::1:c3b5:123 port 1234 syncaddr * geoipdb "/usr/share/GeoIP/GeoIP.dat" # Greylisting your own MTA is a very bad idea: never # comment this line, except for testing purposes. acl whitelist addr 127.0.0.0/8 acl whitelist addr 152.78.0.0/16 # If you use IPv6, uncomment this. acl whitelist addr ::1/128 # JKF I think this whitelists all our IPv6 hosts... acl whitelist addr 2001:630:d0:f100::/56 # You will want to avoid greylisting your own clients # as well, by filtering out your IP address blocks. # Here is an example if you use 192.0.2.0/16. #acl whitelist addr 192.0.2.0/16 # It is also possible to whitelist sender # machines using their DNS names. #acl whitelist domain example.net # You can avoid greylisting by filtering on the sender # envelope address, but this is not a good idea: it # can be trivially forged. #acl whitelist from friendly@example.com # Some of your users do not get any spam because # their addresses have never been collected by # spammers. They will want to avoid the extra delivery # delay caused by grey listing. You can filter on the # recipient envelope address to achieve that. #acl whitelist rcpt John.Doe@example.net # It is possible to use regular expressions in domain, from # and rcpt lines. The expression must be enclosed by # slashes (/). Note that no escaping is available to # provide slashes inside the regular expression. #acl whitelist rcpt /.*@example\.net/ # This option tells milter-greylist when it should # add an X-Greylist header. Default is all, which # causes a header to always be added. Other possible # values are none, delays and nodelays report all # This option attempts to make milter-greylist more # friendly with sender callback systems. When the # message is from <>, it will be temporarily # rejected at the DATA stage instead of the RCPT # stage of the SMTP transaction. In the case of a # multi recipient DSN, whitelisted recipient will # not be honoured. delayedreject # Uncomment if you want auto-whitelist to work for # the IP rather than for the (IP, sender, receiver) # tuple. # JKF Uncommented on 2006-11-20 lazyaw # How often should we dump to the dumpfile (0: on each change, -1: never). dumpfreq 10m # How long will the greylist database retain tuples. timeout 2d # Do not use ${greylist} macros from sendmail's access DB. #noaccessdb # Use extended regular expressions instead of basic # regular expressions. #extendedregex # # All of the following options have command-line equivalents. # See greylist.conf(5) for the exact equivalences. # # How long a client has to wait before we accept # the messages it retries to send. Here, 1 hour. # May be overridden by the "-w greylist_delay" command line argument. greylist 1h # How long does auto-whitelisting last (set it to 0 # to disable auto-whitelisting). Here, 3 days. # May be overridden by the "-a autowhite_delay" command line argument. autowhite 32d # Specify the netmask to be used when checking IPv4 addresses # in the greylist. # May be overridden by the "-L cidrmask" command line argument. subnetmatch /24 # Specify the netmask to be used when checking IPv6 addresses # in the greylist. # May be overridden by the "-M prefixlen" command line argument. #subnetmatch6 /64 # Normally, clients that succeed SMTP AUTH are not # greylisted. Uncomment this if you want to # greylist them regardless of SMTP AUTH. # May be overridden by the "-A" command line argument. #noauth # If milter-greylist was built with SPF support, then # SPF-compliant senders are not greylisted. Uncomment # this to greylist them regardless of SPF compliance. # May be overridden by the "-S" command line argument. #nospf # Uncomment if you want milter-greylist to remain # in the foreground (no daemon). # May be overridden by the "-D" command line argument. #nodetach # Uncomment this if you do not want milter-greylist # to tell its clients how long they are greylisted. # May be overridden by the "-q" command line argument. quiet # You can specify a file where milter-greylist will # store its PID. # May be overridden by the "-P pidfile" command line argument. pidfile "/var/run/milter-greylist.pid" # You can specify the socket file used to communicate # with sendmail. # May be overridden by the "-p socket" command line argument. #socket "/var/milter-greylist/milter-greylist.sock" socket "/var/milter-greylist/milter-greylist.sock" # The dumpfile location. # May be overridden by the "-d dumpfile" command line argument. #dumpfile "/var/milter-greylist/greylist.db" dumpfile "/var/milter-greylist/greylist.db" # The user the milter should run as. # May be overridden by the "-u username" command line argument. user "milter" # Greylist anyone connecting from a SORBS DUN host. This should catch most # of the dial-up IPs in the world dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10 acl greylist dnsrbl "SORBS DUN" delay 1h # This is a list of broken MTAs that break with greylisting. Copied from # http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16 acl whitelist addr 127.0.0.1/32 # Of course we don't want to delay ourselves or local users acl whitelist addr 12.5.136.141/32 # Southwest Airlines (unique sender, no retry) acl whitelist addr 12.5.136.142/32 # Southwest Airlines (unique sender, no retry) acl whitelist addr 12.5.136.143/32 # Southwest Airlines (unique sender, no retry) acl whitelist addr 12.5.136.144/32 # Southwest Airlines (unique sender, no retry) acl whitelist addr 12.107.209.244/32 # kernel.org mailing lists (high traffic, unique sender per mail) acl whitelist addr 63.82.37.110/32 # SLmail acl whitelist addr 63.169.44.143/32 # Southwest Airlines (unique sender, no retry) acl whitelist addr 63.169.44.144/32 # Southwest Airlines (unique sender, no retry) acl whitelist addr 64.7.153.18/32 # sentex.ca (common pool) acl whitelist addr 64.12.137.0/24 # AOL (common pool) - http://postmaster.aol.com/servers/imo.html acl whitelist addr 64.12.138.0/24 # AOL (common pool) acl whitelist addr 64.124.204.39/32 # moveon.org (unique sender per attempt) acl whitelist addr 64.125.132.254/32 # collab.net (unique sender per attempt) acl whitelist addr 64.233.162.0/24 # zproxy.gmail.com (common server pool, bad 451 handling?) acl whitelist addr 64.233.170.0/24 # rproxy.gmail.com (common server pool, bad 451 handling?) acl whitelist addr 64.233.182.0/24 # nproxy.gmail.com (common server pool, bad 451 handling?) acl whitelist addr 64.233.184.0/24 # wproxy.gmail.com (common server pool, bad 451 handling?) acl whitelist addr 65.82.241.160/32 # Groupwise? acl whitelist addr 66.94.237.0/24 # Yahoo Groups servers (common pool, no retry) acl whitelist addr 66.100.210.82/32 # Groupwise? acl whitelist addr 66.135.209.0/24 # Ebay (for time critical alerts) acl whitelist addr 66.135.197.0/24 # Ebay (common pool) acl whitelist addr 66.162.216.166/32 # Groupwise? acl whitelist addr 66.206.22.82/32 # PLEXOR acl whitelist addr 66.206.22.83/32 # PLEXOR acl whitelist addr 66.206.22.84/32 # PLEXOR acl whitelist addr 66.206.22.85/32 # PLEXOR acl whitelist addr 66.218.66.0/24 # Yahoo Groups servers (common pool, no retry) acl whitelist addr 66.218.67.0/24 # Yahoo Groups servers (common pool, no retry) acl whitelist addr 66.218.69.0/24 # Yahoo Groups servers (common pool, no retry) acl whitelist addr 66.249.82.0/24 # gmail (common server pool, bad 451 handling) acl whitelist addr 66.27.51.218/32 # ljbtc.com (Groupwise) acl whitelist addr 66.89.73.101/32 # Groupwise? acl whitelist addr 68.15.115.88/32 # Groupwise? acl whitelist addr 72.14.204.0/24 # qproxy.gmail.com (common server pool, bad 451 handling?) acl whitelist addr 152.163.225.0/24 # AOL (common pool) acl whitelist addr 194.245.101.88/32 # Joker.com (email forwarding server) acl whitelist addr 195.235.39.19/32 # Tid InfoMail Exchanger v2.20 acl whitelist addr 195.238.2.0/24 # skynet.be (wierd retry pattern, common pool) acl whitelist addr 195.238.3.0/24 # skynet.be (wierd retry pattern, common pool) acl whitelist addr 204.60.8.162/32 # Groupwise? acl whitelist addr 204.107.120.10/32 # Ameritrade (no retry) acl whitelist addr 205.188.139.136/32 # AOL (common pool) acl whitelist addr 205.188.139.137/32 # AOL (common pool) acl whitelist addr 205.188.144.207/32 # AOL (common pool) acl whitelist addr 205.188.144.208/32 # AOL (common pool) acl whitelist addr 205.188.156.66/32 # AOL (common pool) acl whitelist addr 205.188.157.0/24 # AOL (common pool) acl whitelist addr 205.188.159.7/32 # AOL (common pool) acl whitelist addr 205.206.231.0/24 # SecurityFocus.com (unique sender per attempt) acl whitelist addr 205.211.164.50/32 # sentex.ca (common pool) acl whitelist addr 207.115.63.0/24 # Prodigy (broken software that retries continually with no delay) acl whitelist addr 207.171.168.0/24 # Amazon.com (common pool) acl whitelist addr 207.171.180.0/24 # Amazon.com (common pool) acl whitelist addr 207.171.187.0/24 # Amazon.com (common pool) acl whitelist addr 207.171.188.0/24 # Amazon.com (common pool) acl whitelist addr 207.171.190.0/24 # Amazon.com (common pool) acl whitelist addr 209.104.63.0/24 # Ticketmaster (poor retry config) acl whitelist addr 209.132.176.174/32 # sourceware.org mailing lists (high traffic, unique sender per mail) acl whitelist addr 211.29.132.0/24 # optusnet.com.au (wierd retry pattern and more than 48hrs) acl whitelist addr 213.136.52.31/32 # Mysql.com (unique sender) acl whitelist addr 216.136.226.0/24 # Yahoo Mail? acl whitelist addr 216.157.204.5/32 # Groupwise? acl whitelist addr 216.239.56.0/24 # proxy.gmail.com (common server pool, bad 451 handling?) acl whitelist addr 217.158.50.178/32 # AXKit mailing list (unique sender per attempt) # # JKF Additions # list "AndyL" rcpt { apl@ecs.soton.ac.uk sysapl@ecs.soton.ac.uk a.landells@ecs.soton.ac.uk a.p.landells@ecs.soton.ac.uk } list "bmb" rcpt { bmb@ecs.soton.ac.uk b.m.bailey@ecs.soton.ac.uk } list "Bob" rcpt { rid@ecs.soton.ac.uk r.i.damper@ecs.soton.ac.uk } list "Ed" rcpt { ejz@ecs.soton.ac.uk e.zaluska@ecs.soton.ac.uk e.j.zaluska@ecs.soton.ac.uk } list "Harvey" rcpt { hnr@ecs.soton.ac.uk hrutt@ecs.soton.ac.uk hnrutt@ecs.soton.ac.uk h.rutt@ecs.soton.ac.uk h.n.rutt@ecs.soton.ac.uk hos@ecs.soton.ac.uk } list "Jules" rcpt { jkf@ecs.soton.ac.uk sysjkf@ecs.soton.ac.uk j.k.field@ecs.soton.ac.uk /.*@julianfield.*/ } list "MarkNixon" rcpt { msn@ecs.sotoon.ac.uk m.nixon@ecs.soton.ac.uk m.s.nixon@ecs.soton.ac.uk } list "Wendy" rcpt { wh@ecs.soton.ac.uk w.hall@ecs.soton.ac.uk } acl greylist list "AndyL" acl greylist list "bmb" acl greylist list "Bob" acl greylist list "Ed" acl greylist list "Harvey" acl greylist list "Jules" acl greylist list "MarkNixon" acl greylist list "Wendy" # RCPT-time greylist CN=China, RU=Russia, NG=Nigeria, BG=Bulgaria # LV=Latvia, TW=Taiwan, RO=Romania, TR=Turkey acl greylist geoip "CN" acl greylist geoip "RU" acl greylist geoip "NG" acl greylist geoip "BG" acl greylist geoip "LV" acl greylist geoip "TW" acl greylist geoip "RO" acl greylist geoip "TR" acl whitelist default