1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
#
# Greylisting config file with a lot of options explained
#
# $Id: greylist2.conf,v 1.1 2006/08/20 04:49:49 manu Exp $
#
# Uncomment this to enable debug output.
# Note that options appearing before the "verbose" option in this
# file will not be treated verbosely.
# May be overridden by the "-v" command line argument.
#verbose
# If you work with multiple MXs, list them with
# peer entries to enable greylist sync among the MXs.
#peer 192.0.2.17
#peer 192.0.2.18
# You may wish to use a specific local address or port for
# syncing between MXs. Of course one of your interfaces
# must have the address assigned. An '*' for the address
# means any address.
#syncaddr *
#syncaddr * port 7689
#syncaddr 192.0.2.2
#syncaddr 192.0.2.2 port 9785
#syncaddr 2001:db8::1:c3b5:123
#syncaddr 2001:db8::1:c3b5:123 port 1234
# Specific IP-Address for outbound sync-connections
# between MXs. If blank, system selects an ip.
# syncsrcaddr 123.45.678.9
# Greylisting your own MTA is a very bad idea: never
# comment this line, except for testing purposes.
acl whitelist addr 127.0.0.0/8
# If you use IPv6, uncomment this.
#acl whitelist addr ::1/128
# You will want to avoid greylisting your own clients
# as well, by filtering out your IP address blocks.
# Here is an example if you use 192.0.2.0/16.
#acl whitelist addr 192.0.2.0/16
# It is also possible to whitelist sender
# machines using their DNS names.
#acl whitelist domain example.net
# You can avoid greylisting by filtering on the sender
# envelope address, but this is not a good idea: it
# can be trivially forged.
#acl whitelist from friendly@example.com
# Some of your users do not get any spam because
# their addresses have never been collected by
# spammers. They will want to avoid the extra delivery
# delay caused by grey listing. You can filter on the
# recipient envelope address to achieve that.
#acl whitelist rcpt John.Doe@example.net
# It is possible to use regular expressions in domain, from
# and rcpt lines. The expression must be enclosed by
# slashes (/). Note that no escaping is available to
# provide slashes inside the regular expression.
#acl whitelist rcpt /.*@example\.net/
# This option tells milter-greylist when it should
# add an X-Greylist header. Default is all, which
# causes a header to always be added. Other possible
# values are none, delays and nodelays
#report all
# This option attempts to make milter-greylist more
# friendly with sender callback systems. When the
# message is from <>, it will be temporarily
# rejected at the DATA stage instead of the RCPT
# stage of the SMTP transaction. In the case of a
# multi recipient DSN, whitelisted recipient will
# not be honoured.
#delayedreject
# Uncomment if you want auto-whitelist to work for
# the IP rather than for the (IP, sender, receiver)
# tuple.
#lazyaw
# How often should we dump to the dumpfile (0: on each change, -1: never).
#dumpfreq 10m
# This option disables the conversion of the time specified in the
# integer format to humanly readable format in the comment of each
# line in the dumpfile.
# Time needed in order to dump large dumpfiles (several milion
# entries/few 100's of MB) can be significantly improved.
#dump_no_time_translation
# This option causes greylist entries that expire to be logged via
# syslog. This allows you to collect the IP addresses and sender
# names and use them for blacklisting, SPAM scoring, etc.
#logexpired
# How long will the greylist database retain tuples.
#timeout 5d
# Do not use ${greylist} macros from sendmail's access DB.
#noaccessdb
# Use extended regular expressions instead of basic
# regular expressions.
#extendedregex
#
# All of the following options have command-line equivalents.
# See greylist.conf(5) for the exact equivalences.
#
# How long a client has to wait before we accept
# the messages it retries to send. Here, 1 hour.
# May be overridden by the "-w greylist_delay" command line argument.
#greylist 1h
# How long does auto-whitelisting last (set it to 0
# to disable auto-whitelisting). Here, 3 days.
# May be overridden by the "-a autowhite_delay" command line argument.
#autowhite 3d
# Specify the netmask to be used when checking IPv4 addresses
# in the greylist.
# May be overridden by the "-L cidrmask" command line argument.
#subnetmatch /24
# Specify the netmask to be used when checking IPv6 addresses
# in the greylist.
# May be overridden by the "-M prefixlen" command line argument.
#subnetmatch6 /64
# Normally, clients that succeed SMTP AUTH are not
# greylisted. Uncomment this if you want to
# greylist them regardless of SMTP AUTH.
# May be overridden by the "-A" command line argument.
#noauth
# If milter-greylist was built with SPF support, then
# SPF-compliant senders are not greylisted. Uncomment
# this to greylist them regardless of SPF compliance.
# May be overridden by the "-S" command line argument.
#nospf
# If milter-greylist was built with DRAC support,
# then DRAC DB location can be specified here
#drac db "/usr/local/etc/drac.db"
# Uncomment this to disable DRAC
#nodrac
# Uncomment if you want milter-greylist to remain
# in the foreground (no daemon).
# May be overridden by the "-D" command line argument.
#nodetach
# Uncomment this if you do not want milter-greylist
# to tell its clients how long they are greylisted.
# May be overridden by the "-q" command line argument.
#quiet
# You can specify a file where milter-greylist will
# store its PID.
# May be overridden by the "-P pidfile" command line argument.
#pidfile "/var/run/milter-greylist.pid"
# You can specify the socket file used to communicate
# with sendmail.
# May be overridden by the "-p socket" command line argument.
#socket "/var/milter-greylist/milter-greylist.sock"
# The dumpfile location.
# May be overridden by the "-d dumpfile" command line argument.
#dumpfile "/var/milter-greylist/greylist.db"
# The user the milter should run as.
# May be overridden by the "-u username" command line argument.
#user "smmsp"
# This is a list of broken MTAs that break with greylisting. Copied from
# http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.12
acl whitelist addr 12.5.136.141/32 # Southwest Airlines (unique sender)
acl whitelist addr 12.5.136.142/32 # Southwest Airlines
acl whitelist addr 12.5.136.143/32 # Southwest Airlines
acl whitelist addr 12.5.136.144/32 # Southwest Airlines
acl whitelist addr 12.107.209.244/32 # kernel.org (unique sender)
acl whitelist addr 12.107.209.250/32 # sourceware.org (unique sender)
acl whitelist addr 63.82.37.110/32 # SLmail
acl whitelist addr 64.7.153.18/32 # sentex.ca (common pool)
acl whitelist addr 64.12.136.0/24 # AOL (common pool)
acl whitelist addr 64.12.137.0/24 # AOL
acl whitelist addr 64.12.138.0/24 # AOL
acl whitelist addr 64.124.204.39 # moveon.org (unique sender)
acl whitelist addr 64.125.132.254/32 # collab.net (unique sender)
acl whitelist addr 66.94.237.16/28 # Yahoo Groups servers (common pool)
acl whitelist addr 66.94.237.32/28 # Yahoo Groups servers (common pool)
acl whitelist addr 66.94.237.48/30 # Yahoo Groups servers (common pool)
acl whitelist addr 66.100.210.82/32 # Groupwise?
acl whitelist addr 66.135.192.0/19 # Ebay
acl whitelist addr 66.162.216.166/32 # Groupwise?
acl whitelist addr 66.206.22.82/32 # Plexor
acl whitelist addr 66.206.22.83/32 # Plexor
acl whitelist addr 66.206.22.84/32 # Plexor
acl whitelist addr 66.206.22.85/32 # Plexor
acl whitelist addr 66.218.66.0/23 # Yahoo Groups servers (common pool)
acl whitelist addr 66.218.67.0/23 # Yahoo Groups servers (common pool)
acl whitelist addr 66.218.68.0/23 # Yahoo Groups servers (common pool)
acl whitelist addr 66.27.51.218/32 # ljbtc.com (Groupwise)
acl whitelist addr 152.163.225.0/24 # AOL
acl whitelist addr 194.245.101.88/32 # Joker.com
acl whitelist addr 195.235.39.19/32 # Tid InfoMail Exchanger v2.20
acl whitelist addr 195.46.220.208/32 # mgn.net
acl whitelist addr 195.46.220.209/32 # mgn.net
acl whitelist addr 195.46.220.210/32 # mgn.net
acl whitelist addr 195.46.220.211/32 # mgn.net
acl whitelist addr 195.46.220.221/32 # mgn.net
acl whitelist addr 195.46.220.222/32 # mgn.net
acl whitelist addr 195.238.2.0/24 # skynet.be (wierd retry pattern)
acl whitelist addr 195.238.3.0/24 # skynet.be
acl whitelist addr 204.107.120.10/32 # Ameritrade (no retry)
acl whitelist addr 205.188.0.0/16 # AOL
acl whitelist addr 205.206.231.0/24 # SecurityFocus.com (unique sender)
acl whitelist addr 207.115.63.0/24 # Prodigy - retries continually
acl whitelist addr 207.171.168.0/24 # Amazon.com
acl whitelist addr 207.171.180.0/24 # Amazon.com
acl whitelist addr 207.171.187.0/24 # Amazon.com
acl whitelist addr 207.171.188.0/24 # Amazon.com
acl whitelist addr 207.171.190.0/24 # Amazon.com
acl whitelist addr 211.29.132.0/24 # optusnet.com.au (wierd retry pattern)
acl whitelist addr 213.136.52.31/32 # Mysql.com (unique sender)
acl whitelist addr 216.33.244.0/24 # Ebay
acl whitelist addr 217.158.50.178/32 # AXKit mailing list (unique sender)
|
