greylist2.conf
#
# Greylisting config file with a lot of options explained
#
# $Id: greylist2.conf,v 1.1 2006/08/20 04:49:49 manu Exp $
#

# Uncomment this to enable debug output.
# Note that options appearing before the "verbose" option in this
# file will not be treated verbosely.
# May be overridden by the "-v" command line argument.
#verbose

# If you work with multiple MXs, list them with
# peer entries to enable greylist sync among the MXs.
#peer 192.0.2.17
#peer 192.0.2.18

# You may wish to use a specific local address or port for
# syncing between MXs. Of course one of your interfaces
# must have the address assigned. An '*' for the address
# means any address.
#syncaddr *
#syncaddr * port 7689
#syncaddr 192.0.2.2
#syncaddr 192.0.2.2 port 9785
#syncaddr 2001:db8::1:c3b5:123
#syncaddr 2001:db8::1:c3b5:123 port 1234

# Specific IP-Address for outbound sync-connections
# between MXs. If blank, system selects an ip.
# syncsrcaddr 123.45.678.9

# Greylisting your own MTA is a very bad idea: never
# comment this line, except for testing purposes.
acl whitelist addr 127.0.0.0/8

# If you use IPv6, uncomment this.
#acl whitelist addr ::1/128

# You will want to avoid greylisting your own clients
# as well, by filtering out your IP address blocks.
# Here is an example if you use 192.0.2.0/16.
#acl whitelist addr 192.0.2.0/16

# It is also possible to whitelist sender
# machines using their DNS names.
#acl whitelist domain example.net

# You can avoid greylisting by filtering on the sender
# envelope address, but this is not a good idea: it
# can be trivially forged.
#acl whitelist from friendly@example.com

# Some of your users do not get any spam because
# their addresses have never been collected by
# spammers. They will want to avoid the extra delivery
# delay caused by grey listing. You can filter on the
# recipient envelope address to achieve that.
#acl whitelist rcpt John.Doe@example.net

# It is possible to use regular expressions in domain, from
# and rcpt lines. The expression must be enclosed by
# slashes (/). Note that no escaping is available to
# provide slashes inside the regular expression.
#acl whitelist rcpt /.*@example\.net/

# This option tells milter-greylist when it should
# add an X-Greylist header. Default is all, which
# causes a header to always be added. Other possible
# values are none, delays and nodelays
#report all

# This option attempts to make milter-greylist more
# friendly with sender callback systems. When the
# message is from <>, it will be temporarily
# rejected at the DATA stage instead of the RCPT
# stage of the SMTP transaction. In the case of a
# multi recipient DSN, whitelisted recipient will
# not be honoured.
#delayedreject

# Uncomment if you want auto-whitelist to work for
# the IP rather than for the (IP, sender, receiver)
# tuple.
#lazyaw

# How often should we dump to the dumpfile (0: on each change, -1: never).
#dumpfreq 10m

# This option disables the conversion of the time specified in the
# integer format to humanly readable format in the comment of each
# line in the dumpfile.
# Time needed in order to dump large dumpfiles (several milion 
# entries/few 100's of MB) can be significantly improved.
#dump_no_time_translation

# This option causes greylist entries that expire to be logged via
# syslog.  This allows you to collect the IP addresses and sender
# names and use them for blacklisting, SPAM scoring, etc.
#logexpired
# How long will the greylist database retain tuples.
#timeout 5d

# Do not use ${greylist} macros from sendmail's access DB.
#noaccessdb

# Use extended regular expressions instead of basic
# regular expressions.
#extendedregex

#
# All of the following options have command-line equivalents.
# See greylist.conf(5) for the exact equivalences.
#

# How long a client has to wait before we accept
# the messages it retries to send. Here, 1 hour.
# May be overridden by the "-w greylist_delay" command line argument.
#greylist 1h

# How long does auto-whitelisting last (set it to 0
# to disable auto-whitelisting). Here, 3 days.
# May be overridden by the "-a autowhite_delay" command line argument.
#autowhite 3d

# Specify the netmask to be used when checking IPv4 addresses
# in the greylist.
# May be overridden by the "-L cidrmask" command line argument.
#subnetmatch /24

# Specify the netmask to be used when checking IPv6 addresses
# in the greylist.
# May be overridden by the "-M prefixlen" command line argument.
#subnetmatch6 /64

# Normally, clients that succeed SMTP AUTH are not
# greylisted. Uncomment this if you want to
# greylist them regardless of SMTP AUTH.
# May be overridden by the "-A" command line argument.
#noauth

# If milter-greylist was built with SPF support, then
# SPF-compliant senders are not greylisted. Uncomment
# this to greylist them regardless of SPF compliance.
# May be overridden by the "-S" command line argument.
#nospf

# If milter-greylist was built with DRAC support, 
# then DRAC DB location can be specified here
#drac db "/usr/local/etc/drac.db"

# Uncomment this to disable DRAC
#nodrac

# Uncomment if you want milter-greylist to remain
# in the foreground (no daemon).
# May be overridden by the "-D" command line argument.
#nodetach

# Uncomment this if you do not want milter-greylist
# to tell its clients how long they are greylisted.
# May be overridden by the "-q" command line argument.
#quiet

# You can specify a file where milter-greylist will
# store its PID.
# May be overridden by the "-P pidfile" command line argument.
#pidfile "/var/run/milter-greylist.pid"

# You can specify the socket file used to communicate
# with sendmail.
# May be overridden by the "-p socket" command line argument.
#socket "/var/milter-greylist/milter-greylist.sock"

# The dumpfile location.
# May be overridden by the "-d dumpfile" command line argument.
#dumpfile "/var/milter-greylist/greylist.db"

# The user the milter should run as.
# May be overridden by the "-u username" command line argument.
#user "smmsp"

# This is a list of broken MTAs that break with greylisting. Copied from
# http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.12
acl whitelist addr 12.5.136.141/32    # Southwest Airlines (unique sender)
acl whitelist addr 12.5.136.142/32    # Southwest Airlines
acl whitelist addr 12.5.136.143/32    # Southwest Airlines
acl whitelist addr 12.5.136.144/32    # Southwest Airlines
acl whitelist addr 12.107.209.244/32  # kernel.org (unique sender)
acl whitelist addr 12.107.209.250/32  # sourceware.org (unique sender)
acl whitelist addr 63.82.37.110/32    # SLmail
acl whitelist addr 64.7.153.18/32     # sentex.ca (common pool)
acl whitelist addr 64.12.136.0/24     # AOL (common pool)
acl whitelist addr 64.12.137.0/24     # AOL
acl whitelist addr 64.12.138.0/24     # AOL
acl whitelist addr 64.124.204.39      # moveon.org (unique sender)
acl whitelist addr 64.125.132.254/32  # collab.net (unique sender)
acl whitelist addr 66.94.237.16/28    # Yahoo Groups servers (common pool)
acl whitelist addr 66.94.237.32/28    # Yahoo Groups servers (common pool)
acl whitelist addr 66.94.237.48/30    # Yahoo Groups servers (common pool)
acl whitelist addr 66.100.210.82/32   # Groupwise?
acl whitelist addr 66.135.192.0/19    # Ebay
acl whitelist addr 66.162.216.166/32  # Groupwise?
acl whitelist addr 66.206.22.82/32    # Plexor
acl whitelist addr 66.206.22.83/32    # Plexor
acl whitelist addr 66.206.22.84/32    # Plexor
acl whitelist addr 66.206.22.85/32    # Plexor
acl whitelist addr 66.218.66.0/23     # Yahoo Groups servers (common pool)
acl whitelist addr 66.218.67.0/23     # Yahoo Groups servers (common pool)
acl whitelist addr 66.218.68.0/23     # Yahoo Groups servers (common pool)
acl whitelist addr 66.27.51.218/32    # ljbtc.com (Groupwise)
acl whitelist addr 152.163.225.0/24   # AOL
acl whitelist addr 194.245.101.88/32  # Joker.com
acl whitelist addr 195.235.39.19/32   # Tid InfoMail Exchanger v2.20
acl whitelist addr 195.46.220.208/32  # mgn.net
acl whitelist addr 195.46.220.209/32  # mgn.net
acl whitelist addr 195.46.220.210/32  # mgn.net
acl whitelist addr 195.46.220.211/32  # mgn.net
acl whitelist addr 195.46.220.221/32  # mgn.net
acl whitelist addr 195.46.220.222/32  # mgn.net
acl whitelist addr 195.238.2.0/24     # skynet.be (wierd retry pattern)
acl whitelist addr 195.238.3.0/24     # skynet.be
acl whitelist addr 204.107.120.10/32  # Ameritrade (no retry)
acl whitelist addr 205.188.0.0/16     # AOL
acl whitelist addr 205.206.231.0/24   # SecurityFocus.com (unique sender)
acl whitelist addr 207.115.63.0/24    # Prodigy - retries continually
acl whitelist addr 207.171.168.0/24   # Amazon.com
acl whitelist addr 207.171.180.0/24   # Amazon.com
acl whitelist addr 207.171.187.0/24   # Amazon.com
acl whitelist addr 207.171.188.0/24   # Amazon.com
acl whitelist addr 207.171.190.0/24   # Amazon.com
acl whitelist addr 211.29.132.0/24    # optusnet.com.au (wierd retry pattern)
acl whitelist addr 213.136.52.31/32   # Mysql.com (unique sender)
acl whitelist addr 216.33.244.0/24    # Ebay
acl whitelist addr 217.158.50.178/32  # AXKit mailing list (unique sender)
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License