milter-greylist(8)

1milter-greylist(8)                                          milter-greylist(8)
2
3
4

NAME

6       milter-greylist - grey listing filter for sendmail
7

SYNOPSIS

9       milter-greylist  [-A]  [-a autowhite_delay] [-c] [-D] [-d dumpfile] [-f
10       configfile] [-h] [-l] [-q]  [-r]  [-S]  [-T]  [-u  username]  [-v]  [-w
11       greylist_delay] [-L cidrmask] [-M prefixlen] [-P pidfile] -p socket
12

DESCRIPTION

14       milter-greylist  is  a  mail  filter  for sendmail that implements grey
15       listing, a spam filtering technique proposed by Evan Harris.
16
17       Grey listing works by assuming that contrarily to legitimate MTA,  spam
18       engines  will  not  retry sending their junk mail on a temporary error.
19       The filter will always temporarily reject mail on a first attempt,  and
20       accept it after some time has elapsed.
21
22       If  spammers  ever  try to resend rejected messages, we can assume they
23       will not stay idle between the two sends. Odds are good that the  spam‐
24       mer  will  send a mail to an honey pot address and get blacklisted in a
25       distributed black list before the second attempt.
26
27       Of course, the filter can be configured to not apply  grey  listing  to
28       some  hosts  or  networks. You can whitelist friendly SMTP servers, and
29       you should whitelist your own network, otherwise your SMTP clients will
30       have  real  trouble  to  send  e-mail. Whitelisting localhost is also a
31       must.
32
33       milter-greylist works with two files.  greylist.conf is the  configura‐
34       tion  file.  It  holds  the whitelist of addresses that will not suffer
35       grey list filtering.  It is read  once  upon  milter-greylist  startup,
36       then  it  will be automatically reloaded whenever a new message gets in
37       and if it had been modified. You should not send milter-greylist a kill
38       -1 as it will just terminate it (libmilter works that way).
39
40       See greylist.conf(5) for documentation on the file's format.
41
42       The  second  file  is greylist.db.  milter-greylist will regularly dump
43       its grey list database into this file, which  is  used  on  startup  to
44       restore  the previous grey list state. If the file does not exist or is
45       unreadable, milter-greylist will start with an empty grey list.
46
47       The default location for the grey list database and the socket for com‐
48       municating with sendmail is /var/milter-greylist/.  That directory must
49       be owned and writeable by the user id under which milter-greylist runs.
50
51       The following options are available; if present,  they  override  their
52       equivalents specified in the configuration file:
53
54       -A     Normally,  milter-greylist  does  not greylist senders that suc‐
55              ceeded SMTP AUTH. This option disables that feature  and  causes
56              authentication  to  be ignored.  Equivalent to the noauth option
57              in the configuration file.
58
59       -a autowhite_delay
60              Configure auto-whitelisting. After a tuple (sender IP, sender e-
61              mail,  recipient  e-mail)  has  been  accepted,  other identical
62              tuples will get accepted for autowhite_delay.   The  default  is
63              one day. Use zero to disable auto-whitelisting.  A suffix can be
64              added to specify seconds (s), minutes (m), hours (h),  days  (d)
65              or weeks (w). Without any suffix, values are treated as seconds.
66              Equivalent to the autowhite option in the configuration file.
67
68       -c     Only check the configuration file and exit. Return value is 0 if
69              the  configuration  is  valid, or an error code from <sysexit.h>
70              otherwise.
71
72       -D     Do not fork; run in the foreground instead. Without  this  flag,
73              milter-greylist  will  become a daemon.  Equivalent to the node‐
74              tach option in the configuration file.
75
76       -d dumpfile
77              Location  of  the  dump  file.   Default   is   /var/lib/milter-
78              greylist/db/greylist.db.   Equivalent  to the dumpfile option in
79              the configuration file.
80
81       -f configfile
82              Location of the config file. Default is /etc/mail/greylist.conf.
83
84       -h     Show usage information.
85
86       -L cidrmask
87              Use cidrmask as a matching mask  when  checking  IPv4  addresses
88              entries  in  the greylist. This is aimed as a workaround to mail
89              farms that re-emit messages from different IP addresses. With -L
90              24, the matching mask is 255.255.255.0, and all addresses within
91              the same class C network are considered the same. Default is  -L
92              32, which corresponds to all addresses considered different.
93
94       -M prefixlen
95              Use  prefixlen  as  a matching mask when checking IPv6 addresses
96              entries in the greylist. This is aimed as a workaround  to  mail
97              farms that re-emit messages from different IP addresses. With -M
98              64,  the  matching  mask  is  ffff:ffff:ffff:ffff::,   and   all
99              addresses  within  the  same  subnet  are  considered  the same.
100              Default is -M 128, which corresponds to all IPv6 addresses  con‐
101              sidered different.
102
103       -l     Enable debug output in the access-list management code.
104
105       -P pidfile
106              write  the  daemon's  PID to pidfile.  Equivalent to the pidfile
107              option in the configuration file.
108
109       -p socket
110              Use socket as the socket used by sendmail(8) to communicate with
111              milter-greylist.
112
113       -q     Quiet mode.  milter-greylist will not tell SMTP clients how much
114              time they have to wait before  the  message  will  be  accepted.
115              Equivalent to the quiet option in the configuration file.
116
117       -r     Display  milter-greylist  version  and  build  environment, then
118              exit.
119
120       -S     If milter-greylist was built with SPF support, then  SPF-compli‐
121              ant senders bypass greylisting.  This flag causes messages to be
122              greylisted regardless of whether they are SPF-compliant or  not.
123              Equivalent to the nospf option in the configuration file.
124
125       -T     Enable  test  mode.  This  alters  the  meaning of rcpt lines in
126              greylist.conf, so that only messages sent to recipient  adresses
127              listed  there  are selected for greylisting. This option and the
128              rcpt lines have been deprecated in favor of ACL, so do  not  use
129              it.
130
131       -u username
132              Drop  root  privileges and switch to username credentials.  Make
133              sure this user has write access to greylist.db.   Equivalent  to
134              the user option in the configuration file.
135
136       -v     Enable  debug  output.   milter-greylist will send messages (and
137              debug output if it is given the  -v  flag)  to  syslogd(8)  with
138              facility LOG_MAIL.  Equivalent to the verbose option in the con‐
139              figuration file.
140
141       -w greylist_delay
142              sets the minimum delay between the first attempt  and  the  time
143              the  message  can  be accepted. Default is 30 minutes.  A suffix
144              can be added to specify seconds (s),  minutes  (m),  hours  (h),
145              days  (d)  or weeks (w). Whithout any suffix, values are treated
146              as seconds.  Equivalent to the greylist option in the configura‐
147              tion file.
148

GREYLIST MX SYNC

150       milter-greylist  is  now able to sync the greylist between multiple MX.
151       In order to enable this feature, you need  to  list  the  peer  MXs  in
152       greylist.conf(5) like this:
153
154         peer 192.0.2.17
155         peer 192.0.2.18
156
157       When  peers  are  configured,  milter-greylist  will listen on the port
158       defined for the mxglsync service in /etc/services (defaults  to  5252),
159       and  it will connect to peers at this port. Each time an entry is added
160       or deleted on one MX, it will be propagated to the others.
161
162       The protocol is quite simple, just telnet to your MX at port 5252,  and
163       type  help  to  see  how  it  works. Note that connections will only be
164       accepted from peer MXs, even localhost will be rejected (and don't ever
165       add  localhost  as  a peer for MX sync, as you will cause each entry in
166       the greylist to be added twice).
167
168       If an MX is down, changes to the greylist will be queued until it  gets
169       back  up  again. The queue length is limited (default is 1024 entries),
170       and if it overflows, newer entries will be discarded.
171

AUTHORS

173       Emmanuel Dreyfus <manu@netbsd.org>
174
175       milter-greylist  received  many  contributions  from  (in  alphabetical
176       order):  Aida  Shinra  Gary  Aitken, Joel Bertrand, Moritz Both, Attila
177       Bruncsak, Pavel Cahyna, Remy Card, Alexandre  Cherif,  Eugene  Crosser,
178       Elrond, Cyril Guibourg, Klas Heggemann, Matthieu Herrb, Dan Hollis, Per
179       Holm,  Romain  Kang,  Guido  Kerkewitz,  Matt  Kettler,  Petr  Kristof,
180       Stephane  Lentz,  Alexander Lobodzinski, Ivan F. Martinez, Martin Paul,
181       Christian Pelissier, Fredrik Pettai, Alexey Popov, Jeff Rife,  Matthias
182       Scheler,  Jobst  Schmalenbach,  Thomas  Scheunemann, Wolfgang Solfrank,
183       Fabien Tassin, Hajimu Umemoto, Lev Walkin, and Ranko Zivojnovic
184
185       Thanks to Helmut Messerer and Thomas Pfau for  their  feedback  on  the
186       first releases of this software.
187

NAME

SYNOPSIS

DESCRIPTION

GREYLIST MX SYNC

AUTHORS

SEE ALSO