# ------------------------------------------------------------------------------ pidfile "/var/run/milter-greylist.pid" socket "/var/run/milter/milter-greylist.sock" 666 dumpfile "/var/lib/milter-greylist/greylist.db" 600 dumpfreq 10m geoipdb "/usr/share/GeoIP/GeoIP.dat" noaccessdb user "mail" # ------------------------------------------------------------------------------ # Log milter-greylist activity to a file #stat ">>/var/log/greylist.log" \ # "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh\n" # Same, sent to syslog #stat "|logger -p local7.info" \ # "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh" # Be verbose (or use -v flag) #verbose # Do not tell spammer how long they have to wait quiet # ------------------------------------------------------------------------------ # MX peering #peer 192.0.2.17 #peer 192.0.2.18 # ------------------------------------------------------------------------------ # Your own network, which should not suffer greylisting list "my-network" addr { \ 127.0.0.1/8 \ 10.0.0.0/8 \ 192.0.2.0/24 \ 192.168.0.0/16 \ 172.16.0.0/12 \ } # Your MXes and Mailforwardinghosts, Mailinglistsproviders, which you don't want to annoy. list "my-friends" addr { \ 70.103.162.0/24 \ # Debian Mail+Listservers. NEVER unwhitelist them. 140.211.166.0/24 \ # Debian Bugs 192.25.206.0/24 \ # Debian web/cvs/people 194.109.137.218/32 \ # Debian security/www-master.d.o 139.20.200.42/32 \ # Eisfair News server 192.109.42.119/32 \ # IN Berlin } # GeoIP list list "we-geoip" geoip { \ "DE" \ # DE "AT" \ # AT "CH" \ # CH } # GeoIP list list "bl-geoip" geoip { \ "BR" \ # BR "CN" \ # CN } # access control list definition: broken MTAs that break with Greylisting (by domain) list "broken-peers-by-domain" domain { \ /^.*-out-.*\.google\.com$/ \ # postgrey: google.com (big pool, reported by Matthias Dyer) /^fmr\d+\.intel\.com$/ \ # postgrey: intel.com (pool on different subnets) /^gateway\d+\.np4\.de$/ \ # postgrey: lufthansa (no retry, reported by Peter Bieringer) /^mail-in-\d+\.arcor-online\.net$/ \ # postgrey: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz) /^mail\d+\.telekom\.de$/ \ # postgrey: telekom.de (slow: 6 hours) /^p?smtp.*\.wxs\.nl$/ \ # postgrey: wxs.nl (no retry, reported by Johannes Fehr) accor-hotels.com \ # postgrey: accor-hotels.com (slow: 6 hours) amazon.com \ # postgrey: greylisting.org: Amazon.com (unique sender with letters) ameritradeinfo.com \ # postgrey: greylisting.org: Ameritrade (no retry) berlin.ptb.de \ # postgrey: ptb.de (slow, reported by Joachim Schoenberg) cacert.org \ # postgrey: cacert.org (address verification, reported by Martin Lohmeier) domin.switch.ch \ # postgrey: switch.ch (works but personnel is confused by the error) freshmeat.net \ # postgrey: freshmeat.net (address verification) gnu.org \ # postgrey: gnu.org (address verification, reported by Martin Lohmeier) ibm.com \ # postgrey: ibm.com (big pool, reported by Casey Peel) isp.belgacom.be \ # postgrey: greylisting.org: isp.belgacom.be (wierd retry pattern) karger.ch \ # postgrey: karger.ch, no retry lockergnome.wc09.net \ # postgrey: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry) logismata.ch \ # postgrey: logismata.ch (no retry) mail.hhlaw.com \ # postgrey: newsletter (no retry) mail.polymed.ch \ # postgrey: polymed.ch (no retry) mail1.thurweb.ch \ # postgrey: rein.ch (no retry) mot.com \ # postgrey: motorola.com (no retry) p01m168.mxlogic.net \ # postgrey: mxlogic.net (no retry, reported by Eric) p02m169.mxlogic.net \ # postgrey: mxlogic.net (no retry, reported by Eric) piggy.rz.tu-ilmenau.de \ # postgrey: tu-ilmenau.de (no retry) proxy.gmail.com \ # postgrey: gmail.com (big pool, reported by Beat Mueller) rz.hu-berlin.de \ # postgrey: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg) scd.yahoo.com \ # postgrey: greylisting.org: Yahoo Groups servers (no retry) server-x001.hostpoint.ch \ # postgrey: lilys.ch, (slow: 4 hours) southwest.com \ # postgrey: greylisting.org: Southwest Airlines (unique sender, no retry) swissre.com \ # postgrey: swissre.com (no retry) tesla.vtszg.hr \ # postgrey: tesla.vtszg.hr (no retry, reported by Vito Robar) vger.kernel.org \ # postgrey: Linux kernel mailing-list (unique sender with letters) zd-swx.com \ # postgrey: zd-swx.com (unique sender with letters, reported by Bill Landry) } # This is a list of broken MTAs that break with greylisting. Derived from # http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16 list "broken-mta" addr { \ 12.5.136.141/32 \ # Southwest Airlines (unique sender) 12.5.136.142/32 \ # Southwest Airlines 12.5.136.143/32 \ # Southwest Airlines 12.5.136.144/32 \ # Southwest Airlines 12.107.209.244/32 \ # kernel.org (unique sender) 12.107.209.250/32 \ # sourceware.org (unique sender) 63.82.37.110/32 \ # SLmail 63.169.44.143/32 \ # Southwest Airlines 63.169.44.144/32 \ # Southwest Airlines 64.7.153.18/32 \ # sentex.ca (common pool) 64.12.136.0/24 \ # AOL (common pool) 64.12.137.0/24 \ # AOL 64.12.138.0/24 \ # AOL 64.124.204.39 \ # moveon.org (unique sender) 64.125.132.254/32 \ # collab.net (unique sender) 64.233.160.0/19 \ # Google 66.94.237.16/28 \ # Yahoo Groups servers (common pool) 66.94.237.32/28 \ # Yahoo Groups servers (common pool) 66.94.237.48/30 \ # Yahoo Groups servers (common pool) 66.100.210.82/32 \ # Groupwise? 66.135.192.0/19 \ # Ebay 66.162.216.166/32 \ # Groupwise? 66.206.22.82/32 \ # Plexor 66.206.22.83/32 \ # Plexor 66.206.22.84/32 \ # Plexor 66.206.22.85/32 \ # Plexor 66.218.66.0/23 \ # Yahoo Groups servers (common pool) 66.218.67.0/23 \ # Yahoo Groups servers (common pool) 66.218.68.0/23 \ # Yahoo Groups servers (common pool) 66.218.69.0/23 \ # Yahoo Groups servers (common pool) 66.27.51.218/32 \ # ljbtc.com (Groupwise) 66.102.0.0/20 \ # Google 66.249.80.0/20 \ # Google 72.14.192.0/18 \ # Google 74.125.0.0/16 \ # Google 152.163.225.0/24 \ # AOL 194.245.101.88/32 \ # Joker.com 195.235.39.19/32 \ # Tid InfoMail Exchanger v2.20 195.238.2.0/24 \ # skynet.be (wierd retry pattern, common pool) 195.238.3.0/24 \ # skynet.be 195.46.220.208/32 \ # mgn.net 195.46.220.209/32 \ # mgn.net 195.46.220.210/32 \ # mgn.net 195.46.220.211/32 \ # mgn.net 195.46.220.221/32 \ # mgn.net 195.46.220.222/32 \ # mgn.net 195.238.2.0/24 \ # skynet.be (wierd retry pattern) 195.238.3.0/24 \ # skynet.be 204.107.120.10/32 \ # Ameritrade (no retry) 205.188.0.0/16 \ # AOL 205.206.231.0/24 \ # SecurityFocus.com (unique sender) 207.115.63.0/24 \ # Prodigy - retries continually 207.171.168.0/24 \ # Amazon.com 207.171.180.0/24 \ # Amazon.com 207.171.187.0/24 \ # Amazon.com 207.171.188.0/24 \ # Amazon.com 207.171.190.0/24 \ # Amazon.com 209.132.176.174/32 \ # sourceware.org mailing lists (unique sender) 209.85.128.0/17 \ # Google 211.29.132.0/24 \ # optusnet.com.au (wierd retry pattern) 213.136.52.31/32 \ # Mysql.com (unique sender) 216.33.244.0/24 \ # Ebay 216.239.32.0/19 \ # Google 217.158.50.178/32 \ # AXKit mailing list (unique sender) } # Give this a try if you enabled DNSRBL dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10 #dnsrbl "SBL" sbl-xbl.spamhaus.org 127.0.0.2 #dnsrbl "CBL" sbl-xbl.spamhaus.org 127.0.0.4 #dnsrbl "NJABL" sbl-xbl.spamhaus.org 127.0.0.5 #dnsrbl "PBL" zen.spamhaus.org 127.0.0.10/31 #dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16 # ------------------------------------------------------------------------------ # And here is the access list racl whitelist list "my-network" racl whitelist list "my-friends" racl whitelist list "broken-mta" racl whitelist list "broken-peers-by-domain" racl greylist list "we-geoip" delay 4m autowhite 30d racl greylist list "bl-geoip" delay 24h racl greylist dnsrbl "SORBS DUN" delay 24h racl greylist default delay 1h autowhite 30d #racl whitelist dnsrbl "MTAWL" #racl blacklist urlcheck "userpref" $usrRBL "CBL" dnsrbl "CBL" \ # msg "Sender IP caught in CBL blacklist" #racl blacklist $usrRBL "SBL" dnsrbl "BBL" \ # msg "Sender IP caught in SBL blacklist" #racl blacklist $usrRBL "NJABL" dnsrbl "NJABL" \ # msg "Sender IP caught in NJABL blacklist" #racl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d # ------------------------------------------------------------------------------ # Example of content filtering for fighting image SPAM #dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \ # msg "Sorry, We do not accept images embedded in HTML"