1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161
|
#
# Simple greylisting config file using the new features
# See greylist2.conf for a more detailed list of available options
#
# $Id: greylist.conf,v 1.50 2013/08/13 12:45:08 manu Exp $
#
pidfile "/var/run/milter-greylist.pid"
dumpfile "/var/lib/milter-greylist/greylist.db" 600
dumpfreq 10m
# For sendmail use the following two lines
socket "/var/run/milter-greylist/milter-greylist.sock"
user "smmsp"
# For Postfix uncomment the following two lines and comment out the
# sendmail ones above.
#socket "/var/run/milter-greylist/milter-greylist.sock" 660
#user "postfix"
# Log milter-greylist activity to a file
#stat ">>/var/milter-greylist/greylist.log" \
# "%T{%Y/%m/%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
# Same, sent to syslog
#stat "|logger -p local7.info" \
# "%T{%Y/%m/%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh"
# Be verbose (or use -v flag)
#verbose
# Do not tell spammer how long they have to wait
quiet
# MX peering
#peer 192.0.2.17
#peer 192.0.2.18
# Your own network, which should not suffer greylisting
list "my network" addr { 127.0.0.1/8 10.0.0.0/8 192.0.2.0/24 }
# Your MXes and Mailforwardinghosts, Mailinglistsproviders, which you
# don't want to annoy.
list "my friends" addr { \
70.103.162.0/24 \ # Debian Mail+Listservers. NEVER unwhitelist them.
140.211.166.0/24 \ # Debian Bugs
192.25.206.0/24 \ # Debian web/cvs/people
194.109.137.218/32 \ # Debian security/www-master.d.o
}
# This is a list of broken MTAs that break with greylisting. Derived from
# http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16
list "broken mta" addr { \
12.5.136.141/32 \ # Southwest Airlines (unique sender)
12.5.136.142/32 \ # Southwest Airlines
12.5.136.143/32 \ # Southwest Airlines
12.5.136.144/32 \ # Southwest Airlines
12.107.209.244/32 \ # kernel.org (unique sender)
12.107.209.250/32 \ # sourceware.org (unique sender)
63.82.37.110/32 \ # SLmail
63.169.44.143/32 \ # Southwest Airlines
63.169.44.144/32 \ # Southwest Airlines
64.7.153.18/32 \ # sentex.ca (common pool)
64.12.136.0/24 \ # AOL (common pool)
64.12.137.0/24 \ # AOL
64.12.138.0/24 \ # AOL
64.124.204.39 \ # moveon.org (unique sender)
64.125.132.254/32 \ # collab.net (unique sender)
64.233.160.0/19 \ # Google
66.94.237.16/28 \ # Yahoo Groups servers (common pool)
66.94.237.32/28 \ # Yahoo Groups servers (common pool)
66.94.237.48/30 \ # Yahoo Groups servers (common pool)
66.100.210.82/32 \ # Groupwise?
66.135.192.0/19 \ # Ebay
66.162.216.166/32 \ # Groupwise?
66.206.22.82/32 \ # Plexor
66.206.22.83/32 \ # Plexor
66.206.22.84/32 \ # Plexor
66.206.22.85/32 \ # Plexor
66.218.66.0/23 \ # Yahoo Groups servers (common pool)
66.218.67.0/23 \ # Yahoo Groups servers (common pool)
66.218.68.0/23 \ # Yahoo Groups servers (common pool)
66.218.69.0/23 \ # Yahoo Groups servers (common pool)
66.27.51.218/32 \ # ljbtc.com (Groupwise)
66.102.0.0/20 \ # Google
66.249.80.0/20 \ # Google
72.14.192.0/18 \ # Google
74.125.0.0/16 \ # Google
152.163.225.0/24 \ # AOL
194.245.101.88/32 \ # Joker.com
195.235.39.19/32 \ # Tid InfoMail Exchanger v2.20
195.238.2.0/24 \ # skynet.be (wierd retry pattern, common pool)
195.238.3.0/24 \ # skynet.be
195.46.220.208/32 \ # mgn.net
195.46.220.209/32 \ # mgn.net
195.46.220.210/32 \ # mgn.net
195.46.220.211/32 \ # mgn.net
195.46.220.221/32 \ # mgn.net
195.46.220.222/32 \ # mgn.net
195.238.2.0/24 \ # skynet.be (wierd retry pattern)
195.238.3.0/24 \ # skynet.be
204.107.120.10/32 \ # Ameritrade (no retry)
205.188.0.0/16 \ # AOL
205.206.231.0/24 \ # SecurityFocus.com (unique sender)
207.115.63.0/24 \ # Prodigy - retries continually
207.171.168.0/24 \ # Amazon.com
207.171.180.0/24 \ # Amazon.com
207.171.187.0/24 \ # Amazon.com
207.171.188.0/24 \ # Amazon.com
207.171.190.0/24 \ # Amazon.com
209.132.176.174/32 \ # sourceware.org mailing lists (unique sender)
209.85.128.0/17 \ # Google
211.29.132.0/24 \ # optusnet.com.au (wierd retry pattern)
213.136.52.31/32 \ # Mysql.com (unique sender)
216.33.244.0/24 \ # Ebay
216.239.32.0/19 \ # Google
217.158.50.178/32 \ # AXKit mailing list (unique sender)
}
# List of users that want greylisting
list "grey users" rcpt { \
user1@example.com \
user2@example.com \
user3@example.com \
}
# Give this a try if you enabled DNSRBL
#dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
#dnsrbl "SBL" sbl-xbl.spamhaus.org 127.0.0.2
#dnsrbl "CBL" sbl-xbl.spamhaus.org 127.0.0.4
#dnsrbl "NJABL" sbl-xbl.spamhaus.org 127.0.0.5
#dnsrbl "PBL" zen.spamhaus.org 127.0.0.10/31
#dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16
# Here is an example of user preference pulled from a LDAP directory
# (requires building --with-libcurl). If the milterGreylistStatus
# attribute is set to TRUE, then $usrRBL will be usable later in the
# ACL and will carry the values of the usrRBL attribute.
# urlcheck "userpref" \
# "ldap://localhost/dc=example,dc=net?milterGreylistStatus,usrRBL?one?mail=%r" \
# 30 getprop clear fork
racl continue from /.*/ addheader "X-Greylist: inspected by %V for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"
# And here is the access list
racl whitelist list "my network"
racl whitelist list "my friends"
racl whitelist list "broken mta"
#racl whitelist dnsrbl "MTAWL"
#racl blacklist urlcheck "userpref" $usrRBL "CBL" dnsrbl "CBL" \
# msg "Sender IP caught in CBL blacklist"
#racl blacklist $usrRBL "SBL" dnsrbl "BBL" \
# msg "Sender IP caught in SBL blacklist"
#racl blacklist $usrRBL "NJABL" dnsrbl "NJABL" \
# msg "Sender IP caught in NJABL blacklist"
#racl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d
racl greylist list "grey users" delay 30m autowhite 3d
racl whitelist default
# Example of content filtering for fighting image SPAM
#dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \
# msg "Sorry, We do not accept images embedded in HTML"
|