1greylist.conf(5) greylist.conf(5)
2
3
4
6 greylist.conf - milter-greylist configuration file
7
9 greylist.conf configures milter-greylist(8) operation. The format is
10 simple: each line contains a keyword and optional arguments. Any line
11 starting with a # is considered as a comment and is ignored. Blank
12 lines are ignored as well. Comments at the end of lines are accepted in
13 some situations, but do not take them as granted. A statement can be
14 continued on the next line by using a backslash. Anything after the
15 backslash will be ignored.
16
18 The primary use of greylist.conf is to setup milter-greylist(8)
19 whitelist. It also offers a handy blacklist feature. Access-lists
20 (ACL) are used to do that. ACL enable the administrator to specify com‐
21 plex conditions on sender IP, sender DNS address, sender e-mail
22 address, and recipient e-mail address. If support for DNSRBL was built-
23 in, it is even possible to use DNSRBL in ACL.
24
25 An access-list entry starts with the racl keyword followed by an
26 optional id quoted string, then the greylist, whitelist, or blacklist
27 keyword, and by any set of the following clauses: addr, domain, from,
28 rcpt, rcptcount, helo, sm_macro, time, auth, tls, spf (if build with
29 SPF support), geoip (if build with GeoIP support), p0f (if build with
30 p0f support), ldapcheck (if build with --with-openldap), urlcheck (if
31 built with --with-libcurl), and dnsrbl (if built with --enable-dnsrbl).
32 A message will match an ACL entry when it complies with all of its
33 clauses.
34
35 Clauses can be negated, by prefixing them by the not keyword.
36
37 addr This clause is used to specify a netblock of source IP
38 addresses. The syntax is an IP address followed by a slash and a
39 CIDR netmask. Here is an example:
40
41 racl whitelist addr 127.0.0.0/8
42 racl whitelist addr 192.168.3.0/24
43 racl whitelist addr ::1
44
45 If the netmask is ommitted, /32 is assumed for an IPv4 address
46 and /128 is assumed for an IPv6 address.
47
48 You should at least whitelist localhost (127.0.0.1/8), and if
49 you have some user clients connecting to the machine, you should
50 whitelist the addresses they connect from if you don't want them
51 to get error messages when sending e-mail.
52
53 domain This clause selects source machines based on their DNS name,
54 performing a suffix search. For instance, this will whitelist
55 any machine in the example.net domain:
56
57 racl whitelist domain example.net
58
59 Suffix search matching means, for example, that gle.com will
60 match google.com. If you want domain names to match on subdomain
61 boundaries (e.g. gle.com will match mail.gle.com and gle.com
62 but not google.com) then enable domainexact
63
64 The name resolution is made by Sendmail, which hands it to milter-
65 greylist(8). As a result, it is impossible to use DNS aliases here. On
66 the other hand, this will work even if your DNS resolver is not thread-
67 safe.
68
69 from This is used to select sender e-mail addresses. You should not
70 use that feature, because sender e-mail addresses can be triv‐
71 ially forged. Example:
72
73 racl whitelist from postmaster@example.com
74
75 rcpt This is used to select recipient addresses. Example:
76
77 racl greylist rcpt John.Doe@example.net
78
79 rcptcount
80 Followed by an operator and a recipient count, this is used to
81 select the amount of recipients. Example:
82
83 racl blacklist rcptcount >= 25 msg "No more than 25 recipi‐
84 ents, please"
85
86 helo Followed by a quoted string or a regular expression, this can be
87 used to filter on the HELO string.
88
89 sm_macro
90 This is used to select a Sendmail macro value. See the section
91 on that topic for more information.
92
93 time This is used to specify a time set. It should be followed by a
94 quoted string of crontab(5)-like time specification. Here is an
95 example that whitelists mail addressed to a single recipient
96 during office hours (from 8:00 to 16:59 from monday to friday):
97
98 racl whitelist time "* 8-16 * * 1-5" rcpt info@example.net
99
100 geoip This is used to specify a country, as reported by GeoIP. The
101 country code must be upper case, and is only available if mil‐
102 ter-greylist was built with GeoIP support. The geoipdb statement
103 can be used to specify the location of GeoIP database.
104
105 p0f This is used to match against the remote system OS fingerprint
106 genre and detail,obtained from p0f. It is only available if mil‐
107 ter-greylist was built with p0f support. p0f clauses can be
108 used with a quoted string for case-insensitive substring match,
109 or against regular expressions. The p0fsock statement can be
110 used to speficy the location of the p0f socket.
111
112 auth This is used to select a user that succeeded SMTP AUTH. In order
113 to select any user that succeeds SMTP AUTH, you can use a regu‐
114 lar expression matching, like below;
115
116 racl whitelist auth /.*/
117
118 Using such a clause automatically disable global STARTTLS and
119 SMTP AUTH whitelisting, like if the noauth keyword would have
120 been used.
121
122 tls This is used to select the distinguished name (DN) of a user
123 that succeeded STARTTLS. Using such a clause automatically dis‐
124 able global STARTTLS and SMTP AUTH whitelisting, like if the
125 noauth keyword would have been used.
126
127 spf This is used to test SPF status. Possible values are pass, soft‐
128 fail, fail, unknown, error, none, and self. The first six val‐
129 ues are plain SPF validation status. The self value is a special
130 test that checks the server's local IP address against the
131 sender's SPF record. If that test validates, odds are good that
132 the sender SPF record is wide open, and this is hint that SPF
133 should not be trusted.
134
135 Absence of any value after the spf keyword is a synonym for spf
136 pass. This is present for backward compatibility.
137
138 The spf clause is only available if SPF support was compiled in.
139 Using it will disable global SPF whitelisting, like if the nospf
140 keyword would have been used.
141
142 ldapcheck
143 This is used to query an LDAP directory. See the section on
144 that topic for more information.
145
146 urlcheck
147 This is used to query an external configuration source through
148 an URL. See the section on that topic for more information.
149
150 dnsrbl This is used to select a DNSRBL. See the section on that topic
151 for more information.
152
153 The domain, from, and rcpt clauses may be used with regular expres‐
154 sions. The regular expressions must be enclosed by slashes (/). No
155 escaping is available to provide a slash inside a regular expression,
156 so just do not use it. Regular expressions follow the format described
157 in re_format(7). Here is an example:
158
159 racl greylist rcpt /.*@example\.net/
160
161 When regular expressions are not used, from, and rcpt perform a case
162 insensitive substring match with leading and trailing brackets, spaces
163 and tabs stripped out. domain performs a case insensitive suffix
164 match. This means, for example, that gle.com will match google.com. If
165 you want domain names to match on subdomain boundaries (e.g. gle.com
166 will match mail.gle.com and gle.com but not google.com) then enable
167 domainexact
168
169 An ACL entry can also hold various optional parameter used on match:
170 delay, autowhite, flushaddr, nolog, code, ecode, report, addheader, and
171 msg
172
173 delay Specify the greylisting delay used before the message can be
174 accepted. This overrides the greylist global setting, and it
175 only makes sense on an racl greylist entry.
176
177 autowhite
178 Specify the autowhitelisting duration for messages matching this
179 ACL. This overrides the autowhite global setting, and it only
180 makes sense on an racl greylist entry. Example:
181
182 racl greylist rcpt JDoe@example.net delay 15m autowhite 3d
183 racl greylist rcpt root@example.net delay 1h autowhite 3d
184
185 flushaddr
186 If a message matches the rule, any entry in the greylist or
187 autowhite databases matching the sender IP is removed. Used with
188 a DNSRBL blacklist ACL, it is useful for freeing the database
189 from entries set up by a machine which is known to be a spamer.
190 Example:
191
192 racl blacklist dnsrbl "known-spamers" flushaddr
193
194 nolog Do not generate syslog message if this rule matches. Example:
195
196 racl whitelist default nolog
197
198 code
199
200 ecode
201
202 msg These 3 values can be used to choose the SMTP code, extended
203 code and reply message for temporary failures and rejects. Exam‐
204 ple:
205
206 racl blacklist dnsrbl "spamstomp" msg "IP caught by spamstomp"
207 racl greylist default code "451" ecode "4.7.1"
208
209 The msg strings accepts format string substitution as documented
210 in the FORMAT STRINGS section. For instance, %A gets substituted
211 by the ACL line number.
212
213 None of the last 3 values makes sense for a whitelist entry.
214
215 report This value overrides the text displayed in the X-Greylist
216 header, for messages that milter-greylist(8) lets pass through,
217 either because they are whitelisted, or because they passed
218 greylisting (see REPORTING). This string can be substituted as
219 documented in the FORMAT STRINGS section.
220
221 addheader
222 This quoted string is a RFC822 header that gets added to the
223 message. Format string substitution is supported. No check is
224 done for header length standard compliance, so make sure the
225 substituted string is shorter than 2048 characters.
226
227 Entries in the access-list are evaluated sequentially, so order is very
228 important. The first matching entry is used to decide if a message will
229 be whitelisted or greylisted. A special default clause can be used in
230 the last ACL entry as a wildcard. Here are a few complete ACL exam‐
231 ples:
232
233 Example 1:
234
235 racl whitelist from friend@toto.com rcpt grandma@example.com
236 racl whitelist from other.friend@example.net rcpt grandma@example.com
237 racl greylist rcpt grandma@example.com
238 racl whitelist default
239
240 Example 2:
241
242 racl whitelist addr 193.54.0.0/16 domain friendly.com
243 racl greylist rcpt user1@atmine.com
244 racl greylist rcpt user2@atmine.com
245 racl greylist rcpt user3@atmine.com
246 racl whitelist default
247
248 Example 3:
249
250 racl whitelist rcpt /.*@.*otherdomain\.org/
251 racl whitelist addr 192.168.42.0/24 rcpt user1@mydomain.org
252 racl whitelist from friend@example.net rcpt /.*@.*mydomain\.org/
253 racl whitelist rcpt user2@mydomain.org
254 racl greylist rcpt /.*@.*mydomain\.org/
255 racl whitelist default
256
258 ACL using the racl keyword are evaluated at the RCPT stage of the SMTP
259 transaction. It is also possible to have ACL evaluated at the DATA
260 stage of the SMTP transaction, using the dacl keyword, provided the
261 message went through RCPT-stage ACL, and possibly greylisting. Note
262 that you canot use the greylist action at DATA-stage if the RCPT-stage
263 ACL that matched had a greylist action itself. The following clauses
264 can be used to work on message content:
265
266 dkim DKIM status (if build with DKIM support). Possible values are
267 pass, fail, unknown, error, and none,
268
269 header String or regular expression searched in message headers
270
271 body String or regular expression searched in message body
272
273 msgsize
274 Operator followed by a message size (k or M suffix allowed for
275 kilobytes or megabytes). Example:
276
277 dacl blacklist msgsize >= 4M msg "No more than 4 MB please"
278
279 spamd SpamAssassin score (if build with SpamAssassin support). If used
280 without comparison operator spamd is true if the score is above
281 threshold. The spamdsock keyword can be used to specify the
282 location of the spamd socket.
283
284 Example 1:
285
286 spamdsock unix "/var/spamassassin/spamd.sock"
287 racl whitelist default
288 dacl greylist spamd
289
290 Example 2:
291
292 spamdsock inet "127.0.0.1:783"
293 racl whitelist default
294 dacl blacklist spamd > 15 msg "Your message is considered spam."
295 dacl greylist spamd > 10 delay 2h
296 dacl greylist spamd > 5 delay 1h
297
298 Note that if there are multiple recipient, a rcpt clause at DATA stage
299 evalutes to true if it matches any of them. If you want to match an
300 exact set of recipients, you can use multiple rcpt clauses along with a
301 rcptcount clause.
302
304 It is often useful to group several users or sender IP addresses in a
305 single ACL. This can be done with lists. Lists must be first defined
306 and given a name before they can be used in ACL entries. Here is an
307 example:
308
309 list "my users" rcpt { user1@example.com user2@example.com }
310 list "local" addr { 192.0.2.0/24 10.0.0.0/8 }
311
312 racl whitelist list "local"
313 racl greylist list "my users"
314 racl whitelist default
315
316
318 Previous versions of milter-greylist(8) used addr, domain, from, and
319 rcpt lines, without the racl keyword. Access-list management is
320 intended to replace them. These lines are still accepted by milter-
321 greylist(8), but they are deprecated. milter-greylist(8) handles them
322 as access-list entries with a single clause. They are added at the head
323 of the access-list so the use of these keywords and access-lists may
324 lead to unspecified behaviour. Do not mix them.
325
326 test mode (using -T) is also deprecated. Access-list semantics do not
327 depend on this flag.
328
329 milter-greylist(8) also used to only have a RCPT-stage ACL, which was
330 configured through acl statements. These have been replaced by racl
331 statements (as opposed to dacl statements for DATA-stage ACL). acl
332 statements are still accepted for backward compatibility and are a syn‐
333 onym for racl statements.
334
336 Synchronization of the greylist among multiple MX is configured using
337 the peer keyword. List each other MX IP addresses using the peer key‐
338 word. Here is an example:
339
340 peer 192.0.2.18
341 peer 192.0.2.17
342 peer 192.0.2.22 timeout 7
343 peer 192.0.2.38 timeout 5m
344
345 You can list the local machine in the peer statements, it will be
346 ignored.
347
348 The timeout clause sets a peer communication timeout to have proper
349 retrial in case of slow MX peer. The default value is 3 seconds. The
350 special value of 0 disables the connection retrials.
351
352 By default, milter-greylist will listen on all interfaces using TCP
353 port 5252 or the port number given by service named mxglsync if defined
354 in /etc/services or other directory service. This behaviour can be
355 changed by using the syncaddr keyword. Here are a few examples:
356
357 syncaddr *
358 syncaddr * port 7689
359 syncaddr 192.0.2.2 port 9785
360 syncaddr 2001:db8::1:c3b5:123
361 syncaddr 2001:db8::1:c3b5:123 port 1234
362
363 Using '*' as the address means to bind to all local interfaces'
364 addresses. Note that if you are not using the default port, all MXs
365 must use the same port number.
366
367 For outbound connections the system is selecting one of the possible
368 adresses. If you want to use a specific ip you can use:
369
370 syncsrcaddr 123.456.78.9
371
373 milter-greylist(8) uses a text dump of its database to resume operation
374 after a crash. The dump is performed at regular time interval, but as
375 it is a heavy operation, you might want to configure a particular time
376 interval, using the dumpfreq option.
377
378 If the dumpfreq value is too small, it will kill performance. If it is
379 too high, you will loose a bigger part of the database on a crash.
380
381 Set dumpfreq to 0 to get a dump on each change (kills performance), Set
382 it to -1 to never dump to a file (unsafe as you lose the whole greylist
383 on each crash), or give a time value for the delay between dumps. The
384 time is given in seconds, except if a unit is given: m for minutes, h
385 for hours, and d for days.
386
387 You may further improve the performance of the dump operation at the
388 expense of humanly readable timestamp which by default appears as a
389 comment at the end of each line in the dumpfile. You may disable gener‐
390 ation of this comment by specifying dump_no_time_translation option in
391 the configuration file. This is specifficaly recommended if your dump‐
392 file grows to 100's of megabytes - it can reduce the time needed for
393 the dump operation by the order of magnitude!
394
396 By default, milter-greylist(8) will add a X-Greylist header to any mes‐
397 sage it handles. The header shows what happened to the message: delayed
398 or not delayed, and why. The following options can be used in
399 greylist.conf to alter this behavior:
400
401 report none
402 Never add a X-Greylist header.
403
404 report delays
405 Only add a header if the message was delayed.
406
407 report nodelays
408 Add a header if the message was not delayed. The header explains
409 why the message was not delayed.
410
411 report all
412 Always add a header. This is the default.
413
415 Sender callback systems are another anti-spam measure that attempts to
416 send a DSN to the sender address before accepting a message. If that
417 fails, then the sender address is wrong and the message is rejected.
418 Such systems usually stop their callback check at the RCPT stage of the
419 SMTP transaction.
420
421 Greylisting temporarily rejects at the RCPT stage, so sender callback
422 and greylisting love to fight each other. milter-greylist(8) proposes
423 a workaround to that problem with the delayedreject option. For mes‐
424 sages coming from <> (that is, for DSN), it will cause the temporary
425 reject to happen at the DATA stage of the SMTP transaction instead of
426 the RCPT stage. That way, milter-greylist(8) will cope much better with
427 sender callback systems.
428
429 This has a minor drawback (and this is why it is not enabled by
430 default): for a multi recipient DSN, whitelisted recipient will not be
431 honoured: the message will be delayed for everyone.
432
434 Any sendmail macro can be used as a clause in the access list. You need
435 to define a (macro, value) pair using the sm_macro keyword before using
436 it. Here is an example that uses the {client_resolve} macro to apply a
437 larger greylisting delay to hosts that have a bogus reverse DNS:
438
439 sm_macro "maybe_forged" "{client_resolve}" "FORGED"
440
441 racl greylist sm_macro "maybe_forged" delay 1h
442 racl greylist default delay 15m
443
444 A regular expression can be used as the macro value. It must be sur‐
445 rounded with slashes and not by quotes. The special value unset can
446 also be used to match an unset macro:
447
448 sm_macro "not_foo" "{foo}" unset
449
450 Note that any Sendmail macro that is not exported using the Mil‐
451 ter.macros.envrcpt setting of sendmail.cf will be seen as unset from
452 milter-greylist.
453
455 DNS Reverse Black List can be used to toggle an ACL. They must be
456 defined and named before they can be used. Here is an example which
457 uses a bigger greylisting delay for hosts caught in the SORBS dynamic
458 pool DNRSBL (this will include DSL and cable customers pools, which are
459 well known to be massively infected by spamwares):
460
461 dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10/32
462
463 racl greylist dnsrbl "SORBS DUN" delay 1h
464 racl greylist default delay 15m
465
466 The definition of a DNSRBL starts by the dnsrbl keyword, followed by
467 the quoted name of the DNSRBL, the DNS domain on which addresses should
468 be looked up, and the answer we should consider as a positive hit.
469
470 DNSRBL support is only available if enabled through the --enable-dnsrbl
471 config flag. Please make sure milter-greylist(8) is linked against a
472 thread-safe DNS resolver, otherwise it shall crash.
473
475 milter-greylist(8) is able to query external sources of information
476 through various URL, if it was built with --with-libcurl. Here is an
477 example:
478
479 urlcheck "glusr" "http://www.example.net/mgl-config?rcpt=%r" 5
480
481 racl greylist urlcheck "glusr" delay 15m
482 racl whitelist default
483
484 The trailing 5 at the end of the urlcheck definition is the maximum
485 number of simultaneous connections we want to launch on this URL. For
486 each message, the URL will be querried, with % format tags being sub‐
487 tituted. For instance, %r is substituted by the recipient. See the FOR‐
488 MAT STRINGS section for the complete list of substitutions.
489
490 milter-greylist(8) expects an answer containing a list of \n terminated
491 lines, with key: value pairs. The most basic answer to get a match is:
492
493 milterGreylistStatus: Ok
494
495 TRUE can be used as an alias for Ok here.
496
497 The answer can be more complex, with keys that will overload the ACL
498 settings:
499
500 milterGreylistDelay
501 The greylisting delay to use (time unit suffix allowed).
502
503 milterGreylistAutowhite
504 The autowhite delay to use (time unit suffix allowed).
505
506 milterGreylistFlushAddr
507 The value is ignored. If this key is present, then the IP
508 address for the sender machine will be flushed from greylist and
509 autowhite databases.
510
511 milterGreylistCode
512 The SMTP code to return (e.g.: 551).
513
514 milterGreylistECode
515 The SMTP extended code to return (e.g.: 5.7.1)
516
517 milterGreylistMsg
518 The string to return with SMTP codes.
519
520 milterGreylistReport
521 The string to display in the X-Greylist header.
522
523 milterGreylistIgnore
524 This line will be ignored, without warnings in the logs.
525
526 milterGreylistAction
527 This feature is nifty but use it with caution, as it makes the
528 access list a bit difficult to understand. By specifying the
529 values greylist, whitelist, or blacklist, it is possible to
530 overload the ACL action itself.
531
532 The ACL will match if any of the above key is returned: milterGreylist‐
533 Status is not mandatory.
534
535 If you use an URL check in a DATA stage ACL, you can post the message
536 header and body to the URL. This is done by appending the postmsg key‐
537 word to the urlcheck statement, like in the example above:
538
539 urlcheck "extfilter" "http://www.example.net/f.cgi" 5 postmsg
540
541 dacl blacklist urlcheck "extfilter"
542 dacl whitelist default
543
544 It is also possible to gather the properties returned by the URL and
545 reuse them in the ACL. This behavior is enabled by the getprop keyword
546 at the end of urlcheck definition. If this option is enabled, the gath‐
547 ered properties can be accessed in the current and following ACL by
548 prefixing them by a dollar ($). If the clear keyword is added, then
549 properties will be cleaned up before handling a new recipient. This
550 avoids properties for several recipients to mix. Finally, the fork
551 keyword instructs milter-greylist(8) to fork a separate instance of
552 itself for performing the queries. Use it if you encounter thread-
553 safety problems. fork is not compatible with postmsg.
554
555 Here is an example that will use various DNSRBL depending on a per-
556 recipient setting stored in the dnsrbl attribute of a LDAP directory.
557
558 dnsrbl "RBL2" "rbl.example.net" "127.0.0.2"
559 dnsrbl "RBL3" "rbl.example.net" "127.0.0.3"
560 dnsrbl "RBL4" "rbl.example.net" "127.0.0.4"
561 urlcheck "userconf" "ldap://localhost/dc=example,dc=net?mil‐
562 terGreylistStatus,dnsrbl?one?mail=%r" 5 getprop clear
563
564 racl blacklist urlcheck "userconf" $dnsrbl "RBL2" dnsrbl
565 "RBL2"
566 racl blacklist $dnsrbl "RBL3" dnsrbl "RBL3"
567 racl blacklist $dnsrbl "RBL4" dnsrbl "RBL4"
568
569 Note that when matching gathered properties, format strings and regex
570 can be used.
571
573 If milter-greylist was built with --with-openldap, then you can also
574 use ldapcheck for pulling information from an LDAP directory. This
575 works exactly like urlcheck, except that properties are always col‐
576 lected: the only available option is clear.
577
578 A list of LDAP URL to use can be specified with the ldapconf keyword.
579 The network timeout is optional.
580
581 ldapconf "ldap://localhost ldaps://ldap.example.net" timeout
582 2s
583
584 When ldaps:// is used, the system's ldap.conf file is used to locate
585 x509 certificates.
586
587 When defining LDAP queries with the ldapcheck statement, note that the
588 scheme and host part of the URL are ignored. Servers listed in ldap‐
589 conf are used instead.
590
592 The ratelimit keyword specifies a ratelimit configuration to be used in
593 access lists. It must be followed by the rate limit configuration name,
594 what is being accounted (for now only recipients) the maximum of mes‐
595 sages, the sampling period. Example:
596
597 ratelimit "internalclients" rcpt 10 / 1m
598
599 racl blacklist addr 192.0.2.0/24 ratelimit "internalclients" \
600 msg "you speak too much"
601
602 The ratelimit keyword can also have an option key statement, which
603 determine the set of key for message accounting. The default is %i for
604 per IP address accounting (see the FORMAT STRINGS sections for the pos‐
605 sible syntax of this field). Here is an example that configures a rate
606 limit of 100 messages per hour for each individual recipient-IP set.
607
608 ratelimit "internalclients" rcpt 100 / 1h key "%r%i"
609
610 racl blacklist addr 192.0.2.0/24 ratelimit "internalclients" \
611 msg "you speak too much"
612
614 The stat keyword can be used to specify a custom report for milter-
615 greylist activity. It should be supplied with an output (either file
616 or external command) and a format string. Here is an example:
617
618 stat ">>/var/log/milter-greylist.log" "%T{%T},%i,%f,%r,%A\n"
619
620 If the output starts by >> or > then it is a file. Use >> to append to
621 an existing file, and use > to overwrite it. If the output starts by a
622 | then the output is a shell command, like in the example below:
623
624 stat "|logger -p local7.info" "%T{%T},%i,%f,%r,%A\n"
625
626 The format string gets substituted as URL checks format string: %r gets
627 substituted by the recipient, %f by the sender, and so on. See the FOR‐
628 MAT STRINGS section for a complete list of available substitutions.
629
631 Most milter-greylist(8) command-line options have equivalent options
632 that can be set in the configuration file. Note that if a command line
633 option is supplied, it will always override the configuration file.
634
635 If a command-line equivalent keyword is used more than once, the last
636 keyword will override the previous ones.
637
638 verbose
639 Enable debug output. This is equivalent to the -v flag.
640
641 quiet Do not tell clients how much time remains before their e-mail
642 will be accepted. This is equivalent to the -q flag.
643
644 nodetach
645 Do not fork and go into the background. This is equivalent to
646 the -D flag.
647
648 noauth Greylist clients regardless if they succeeded SMTP AUTH or
649 STARTTLS. Equivalent to the -A flag.
650
651 noaccessdb
652 Normally milter-greylist(8) will whitelist a message if send‐
653 mail(8) defines a ${greylist} macro set to WHITE. This enables
654 complex whitelisting rules based on the Sendmail access DB. This
655 option inhibits this behavior.
656
657 nospf Greylist clients regardless if they are SPF-compliant. Equiva‐
658 lent to the -S flag.
659
660 testmode
661 Enable test mode. Equivalent to the -T flag. This option is dep‐
662 recated.
663
664 greylist
665 The argument sets how much time milter-greylist(8) will want the
666 client to wait between the first attempt and the time the mes‐
667 sage is accepted. The time is given in seconds, except if a unit
668 is given: m for minutes, h for hours, and d for days. The
669 greylist keyword is equivalent to the -w option. Here is an
670 example that sets the delay to 45 minutes:
671
672 greylist 45m
673
674 autowhite
675 This sets the auto-whitelisting duration, equivalent to the -a
676 command-line option. As for the greylist keyword, units can be
677 supplied. Here is an example for a 3 day long auto-whitelisting:
678
679 autowhite 3d
680
681 pidfile
682 This causes milter-greylist(8) to write its PID into the file
683 given as argument, like the -P command line argument does. The
684 path to the file must be absolute and it must be enclosed in
685 quotes. Here is an example:
686
687 pidfile "/var/run/greylist.pid"
688
689 dumpfile
690 This chooses the location of the greylist dump file, like the -d
691 command line option does. The path must be absolute and enclosed
692 in quotes. It can optionally be followed by an octal permission
693 mode. Example:
694
695 dumpfile "/var/lib/milter-greylist/db/greylist.db" 640
696
697 subnetmatch
698 This is equivalent to the -L command line option. It takes a
699 slash followed by a CIDR mask as argument, and it commands the
700 subnet matching feature. Example, for a class C wide matching:
701
702 subnetmatch /24
703
704 subnetmatch6
705 This is equivalent to the -M command line option. It takes a
706 slash followed by a prefixlen as argument, and it commands the
707 subnet matching feature. Example, for a subnet wide matching:
708
709 subnetmatch6 /64
710
711 socket Like the -p command line option, this keyword is used to specify
712 the socket used to communicate with sendmail(8). It must be
713 enclosed in quotes and can optionally be followed by an octal
714 permission mode (valid values are 666, 660 or 600, other values
715 cause an error):
716
717 socket "/var/run/milter-greylist/milter-greylist.sock" 660
718
719 user This keyword should be followed by a quoted user login and
720 optionally a colon followed by a groupname. Like the -u option,
721 this is used to run milter-greylist(8) as a non root user. Here
722 is an example:
723
724 user "smmsp"
725
727 These options have no command line equivalent:
728
729 logfac Sets the syslog facility for messages. Can be set to any of the
730 standard facilities: kern, user, mail, daemon, auth, syslog,
731 lpr, news, uucp, cron, authpriv, ftp, local0, local1, local2,
732 local3, local4, local5, local6, local7. Can also be set to none
733 to disable syslog output completely.
734
735 timeout
736 is used to control how long greylist tuples are retained in the
737 database. Value is in seconds, except if a suffix is given (m
738 for minutes, h for hours, d for days). Default is 5 days.
739
740 extendedregex
741 Use extended regular expressions instead of basic regular
742 expressions.
743
744 maxpeek
745 Limit (in bytes) how much of messages are examined for header
746 and body searches.
747
748 lazyaw Make auto-whitelist look at just the IP instead of the (sender
749 IP, sender e-mail address, recipient e-mail address) tuple.
750
751 domainexact
752 match on subdomain boundaries instead of the default suffix
753 matching. E.g. if domainexact is not enabled (the default) then
754 gle.com will match google.com in addtion to gle.com. If
755 domainexact is enabled then, domain names will match on subdo‐
756 main boundaries (e.g. gle.com will match mail.gle.com and
757 gle.com but not google.com)
758
759 drac db
760 Tell where the DRAC DB file is. This is only available if DRAC
761 support was compiled in. Here is an example:
762
763 drac db "/usr/local/etc/drac.db"
764
765 nodrac Disable DRAC.
766
767 logexpired
768 This option causes greylist entries that expire to be logged via
769 syslog. This allows you to easily collect the IP addresses and
770 sender names and use them for blacklisting, SPAM scoring, etc.
771 Normally, expirations are only logged if the debug option is
772 set, but that generates a lot of extra messages.
773
774 The configuration file is reloaded automatically once it is modified
775 when new e-mail arrives. Most configuration keywords will take effect
776 immediately, except the following, which will only take effect after a
777 restart of milter-greylist(8): nodetach, pidfile, socket, and user.
778
779 The dumpfreq option can be changed dynamically, but the change will
780 only take effect after the next dump.
781
783 Various statements in the configuration file accept format strings,
784 where the following % prefixed tokens are substituted. Here is the com‐
785 plete list of available substitutions (Note that some substitutions are
786 not relevant in any context).
787
788 %r the message recipient e-mail address
789
790 %f the message sender e-mail address
791
792 %i the sender machine IP address
793
794 %I the sender machine IP address masked by a CIDR. Example: %I{/24}
795
796 %d the sender machine DNS address
797
798 %h the SMTP transaction HELO string
799
800 %mr the mailbox part of %r (before the @ sign)
801
802 %sr the site part of %r (after the @ sign)
803
804 %mf the mailbox part of %f (before the @ sign)
805
806 %sf the site part of %f (after the @ sign)
807
808 %md the machine part of %d (before the first . sign)
809
810 %sd the site part of %d (after the first . sign)
811
812 %Xc the SMTP code returned
813
814 %Xe the SMTP extended code returned
815
816 %Xm the SMTP message returned
817
818 %Xh the message displayed in the X-Greylist header
819
820 %D Comma-separated list of DNSRBL for which the sender host matched
821
822 %M a sendmail macro value. Examples: %Mj or %M{if_addr}
823
824 %g a regex backreference. For instance, %g{\2} is substituted by
825 the string maching the second parenthesis group in all ACL regex
826 clauses
827
828 %T a brace-enclosed strftime(3) format string that will be substi‐
829 tuted by the system time. Example: %T{%Y%m%d:%H%M%S}
830
831 %v milter-greylist's version
832
833 %G Offset to GMT (e.g.: -0100)
834
835 %C Sender IP country code, as reported by GeoIP. This is only
836 available if milter-greylist was built with GeoIP support
837
838 %Fx p0f OS fingerprint genre and detail. This is only available if
839 milter-greylist was built with p0f support.
840
841 %V Shortcut to "milter-greylist-%v (%Mj [%M{if_addr}]); %T{%a, %d
842 %b %Y %T} %G (%T{%Z})"
843
844 %S the action performed: accept, tempfail, or reject.
845
846 %A the line number of the ACL that caused the action.
847
848 %a the id string of the ACL that caused the action. If no id was
849 given, the line number is used instead.
850
851 %Et total elapsed time in seconds before a greylisted message has
852 been accepted
853
854 %Eh hours elapsed
855
856 %Em minutes elapsed (modulo one hour)
857
858 %Es seconds elapsed (modulo one minute)
859
860 %E shortcut to %Eh:%Em:Es
861
862 %Rt total remaining time in seconds before a greylisted message will
863 be accepted
864
865 %Rh hours remaining
866
867 %Rm minutes remaining (modulo one hour)
868
869 %Rs seconds remaining (modulo one minute)
870
871 %R shortcut to %Rh:%Rm:Rs
872
873 %% a single % character
874
876 Emmanuel Dreyfus <manu@netbsd.org>
877
878 milter-greylist received many contributions from (in alphabetical
879 order): Aida Shinra, Adam Katz, Alexander Lobodzinski, Alexandre
880 Cherif, Alexey Popov, Andrew McGill, Attila Bruncsak, Benoit Branciard,
881 Bernhard Schneider, Bob Smith, Constantine A. Murenin, Christian
882 Pelissier, Cyril Guibourg, Dan Hollis, Elrond, Enrico Scholz, Eugene
883 Crosser, Fabien Tassin, Fredrik Pettai, Gary Aitken, Georg Horn, Gert
884 Doering, Greg Troxel, Guido Kerkewitz, Hajimu Umemoto, Hideki ONO, Ivan
885 F. Martinez, Jacques Beigbeder, Jean Benoit, Jeff Rife, Jobst Schmalen‐
886 bach, Joe Pruett, Joel Bertrand, Johann E. Klasek, Johann Klasek, John
887 Thiltges, Klas Heggemann, Laurence Moindrot, Lev Walkin, Manuel Bad‐
888 zong, Martin Paul, Matt Kettler, Mattheu Herrb, Matthias Scheler,
889 Matthieu Herrb, Michael Fromme, Moritz Both, Nerijus Baliunas, Pavel
890 Cahyna, Per Holm, Petr Kristof, Ralf S. Engelschall, Ranko Zivojnovic,
891 Remy Card, Rick Adams, Rogier Maas, Romain Kang, Rudy Eschauzier,
892 Stephane Lentz, Thomas Scheunemann, Tim Mooney, Wolfgang Solfrank, and
893 Yaroslav Boychuk.
894
895 Thanks to Helmut Messerer and Thomas Pfau for their feedback on the
896 first releases of this software.
897
899 milter-greylist(8), sendmail(8), syslogd(8).
900
901 Evan Harris's paper:
902 http://projects.puremagic.com/greylisting/
903
904 milter-greylist's web site:
905 http://hcpnet.free.fr/milter-greylist/
906
907
908
909 May 10, 2005 greylist.conf(5)