head 1.9; access; symbols OPENPKG_E1_MP:1.8 OPENPKG_E1_MP_HEAD:1.8; locks; strict; comment @# @; 1.9 date 2007.09.07.21.40.18; author rse; state Exp; branches; next 1.8; commitid PJdkfUW9qvINNQws; 1.8 date 2006.12.31.12.59.01; author rse; state Exp; branches; next 1.7; commitid rQGbP1Z3b6NbXF0s; 1.7 date 2006.12.31.12.31.31; author rse; state Exp; branches; next 1.6; commitid Io3QsEPTY8jKNF0s; 1.6 date 2006.12.31.12.00.27; author rse; state Exp; branches; next 1.5; commitid HXRzhals80t6DF0s; 1.5 date 2006.12.31.11.56.55; author rse; state Exp; branches; next 1.4; commitid BR3SFfbJg31TBF0s; 1.4 date 2006.12.31.10.36.41; author rse; state Exp; branches; next 1.3; commitid kHHXzKg03TNmaF0s; 1.3 date 2006.12.31.10.34.06; author rse; state Exp; branches; next 1.2; commitid n2CZCoujJNSt9F0s; 1.2 date 2006.12.31.10.00.44; author rse; state Exp; branches; next 1.1; commitid hEF0Opla8ME1YE0s; 1.1 date 2006.12.30.12.07.44; author rse; state Exp; branches; next ; commitid PuC7zHm85ESAHx0s; desc @@ 1.9 log @use shared MILTER socket directory @ text @## ## greylist.conf -- milter-greylist(8) configuration ## # daemon parameters user "@@l_rusr@@:@@l_mgrp@@" pidfile "@@l_prefix@@/var/milter-greylist/milter-greylist.pid" socket "@@l_prefix@@/var/milter/socket/milter-greylist" # database storage dumpfile "@@l_prefix@@/var/milter-greylist/milter-greylist.dump" dumpfreq 10m # database synchronization #syncaddr 192.168.0.1 port 5252 #syncsrcaddr 192.168.0.1 #peer 192.168.0.2 # greylisting behaviour extendedregex report delays greylist 5m autowhite 3d timeout 5d # access control list definition: my own networks (by address) list "my networks by address" addr { \ 127.0.0.1/8 \ # RFC1700: local host 10.0.0.0/8 \ # RFC1918: private address space 172.16.0.0/12 \ # RFC1918: private address space 192.168.0.0/16 \ # RFC1918: private address space 169.254.0.0/16 \ # RFC3330: link local 192.0.2.0/24 \ # RFC3330: test network } # access control list definition: broken MTAs that break with Greylisting (by domain) list "broken peers by domain" domain { \ /^.*-out-.*\.google\.com$/ \ # postgrey: google.com (big pool, reported by Matthias Dyer) /^fe\d+\.cox-internet\.com$/ \ # postgrey: cox-internet.com (no retry, reported by Rod Roark) /^fmr\d+\.intel\.com$/ \ # postgrey: intel.com (pool on different subnets) /^gateway\d+\.np4\.de$/ \ # postgrey: lufthansa (no retry, reported by Peter Bieringer) /^lake.*mta.*\.cox\.net$/ \ # postgrey: cox.net (no retry, reported by Duncan Hill) /^mail-in-\d+\.arcor-online\.net$/ \ # postgrey: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz) /^mail\d+\.messagelabs\.com$/ \ # postgrey: messagelabs.com (big pool, reported by John Tobin) /^mail\d+\.telekom\.de$/ \ # postgrey: telekom.de (slow: 6 hours) /^mail\d+\.usafisnews\.org$/ \ # postgrey: mail*.usafisnews.org (no retry, reported by Vito Robar) /^mailgw.*\.iai\.co\.il$/ \ # postgrey: mailgw*.iai.co.il (pool of several servers, reported by Vito Robar) /^ms-smtp.*\.rr\.com$/ \ # postgrey: rr.com (no retry, reported by Duncan Hill) /^mta[12].siol.net$/ \ # postgrey: mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar) /^odk.fdv.uni-lj.si$/ \ # postgrey: odk.fdv.uni-lj.si (no retry, reported by Vito Robar) /^p?smtp.*\.wxs\.nl$/ \ # postgrey: wxs.nl (no retry, reported by Johannes Fehr) /^pim-\d+-\d+\.quickinspirationsmail\.com$/ \ # postgrey: pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar) /^sc\d+pub\.verizon\.net$/ \ # postgrey: verizon.net (address verification, reported by Bill Moran and Eric) /^smtp\d+\.tiscali\.dk$/ \ # postgrey: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup) accor-hotels.com \ # postgrey: accor-hotels.com (slow: 6 hours) amazon.com \ # postgrey: greylisting.org: Amazon.com (unique sender with letters) ameritradeinfo.com \ # postgrey: greylisting.org: Ameritrade (no retry) berlin.ptb.de \ # postgrey: ptb.de (slow, reported by Joachim Schoenberg) brief.cw.reum.de \ # postgrey: brief.cw.reum.de (no retry, reported by Manuel Oetiker) cacert.org \ # postgrey: cacert.org (address verification, reported by Martin Lohmeier) cs.ciphire.net \ # postgrey: ciphirelabs.com (needs fast responses, reported by Sven Mueller) cs.columbia.edu \ # postgrey: cs.columbia.edu (no retry) domin.switch.ch \ # postgrey: switch.ch (works but personnel is confused by the error) flymonarch.com \ # postgrey: flymonarch (no retry, reported by Marko Djukic) freshmeat.net \ # postgrey: freshmeat.net (address verification) gnu.org \ # postgrey: gnu.org (address verification, reported by Martin Lohmeier) gw.bas.roche.com \ # postgrey: roche.com (no retry) gw.stud-serv-mb.si \ # postgrey: gw.stud-serv-mb.si (no retry, reported by Vito Robar) ibm.com \ # postgrey: ibm.com (big pool, reported by Casey Peel) isp.belgacom.be \ # postgrey: greylisting.org: isp.belgacom.be (wierd retry pattern) karger.ch \ # postgrey: karger.ch, no retry lockergnome.wc09.net \ # postgrey: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry) logismata.ch \ # postgrey: logismata.ch (no retry) mail.hhlaw.com \ # postgrey: newsletter (no retry) mail.polymed.ch \ # postgrey: polymed.ch (no retry) mail1.thurweb.ch \ # postgrey: rein.ch (no retry) mail2.alliancefr.be \ # postgrey: mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar) mot.com \ # postgrey: motorola.com (no retry) mx.dars.si \ # postgrey: dars.si (ocasionally no retry, reported by Vito Robar) netsolmail.com \ # postgrey: netsolmail.com (no retry, reported by Gareth Greenaway) nic.fr \ # postgrey: nic.fr (address verification, reported by Arnaud Launay) p01m168.mxlogic.net \ # postgrey: mxlogic.net (no retry, reported by Eric) p02m169.mxlogic.net \ # postgrey: mxlogic.net (no retry, reported by Eric) piggy.rz.tu-ilmenau.de \ # postgrey: tu-ilmenau.de (no retry) polytech.univ-mrs.fr \ # postgrey: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino) prd051.appliedbiosystems.com \ # postgrey: no retry (reported by Ralph Hildebrandt) proxy.gmail.com \ # postgrey: gmail.com (big pool, reported by Beat Mueller) qmail.ingeno.ch \ # postgrey: ingeno.ch (no retry) rak-gentoo-1.nameserver.de \ # postgrey: rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar) registrarmail.net \ # postgrey: registrarmail.net (unique sender names, reported by Simon Waters) returns.dowjones.com \ # postgrey: dowjones.com newsletter (unique sender with letters) rz.hu-berlin.de \ # postgrey: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg) scd.yahoo.com \ # postgrey: greylisting.org: Yahoo Groups servers (no retry) server-x001.hostpoint.ch \ # postgrey: lilys.ch, (slow: 4 hours) southwest.com \ # postgrey: greylisting.org: Southwest Airlines (unique sender, no retry) swissre.com \ # postgrey: swissre.com (no retry) tesla.vtszg.hr \ # postgrey: tesla.vtszg.hr (no retry, reported by Vito Robar) vger.kernel.org \ # postgrey: Linux kernel mailing-list (unique sender with letters) webserver.turboinstitut.si \ # postgrey: webserver.turboinstitut.si (no retry, reported by Vito Robar) zd-swx.com \ # postgrey: zd-swx.com (unique sender with letters, reported by Bill Landry) } # access control list definition: broken MTAs that break with Greylisting (by address) list "broken peers by address" addr { \ 12.107.209.244/32 \ # greylisting.org: kernel.org (unique sender) 12.107.209.250/32 \ # greylisting.org: sourceware.org (unique sender) 12.5.136.141/32 \ # greylisting.org: Southwest Airlines (unique sender) 12.5.136.142/32 \ # greylisting.org: Southwest Airlines 12.5.136.143/32 \ # greylisting.org: Southwest Airlines 12.5.136.144/32 \ # greylisting.org: Southwest Airlines 63.169.44.143/32 \ # greylisting.org: Southwest Airlines 63.169.44.144/32 \ # greylisting.org: Southwest Airlines 63.82.37.110/32 \ # greylisting.org: SLmail 64.12.136.0/24 \ # greylisting.org: AOL (common pool) 64.12.137.0/24 \ # greylisting.org: AOL 64.12.138.0/24 \ # greylisting.org: AOL 64.124.204.39 \ # greylisting.org: moveon.org (unique sender) 64.125.132.254/32 \ # greylisting.org: collab.net (unique sender) 64.7.153.18/32 \ # greylisting.org: sentex.ca (common pool) 66.100.210.82/32 \ # greylisting.org: Groupwise? 66.135.192.0/19 \ # greylisting.org: Ebay 66.162.216.166/32 \ # greylisting.org: Groupwise? 66.206.22.82/32 \ # greylisting.org: Plexor 66.206.22.83/32 \ # greylisting.org: Plexor 66.206.22.84/32 \ # greylisting.org: Plexor 66.206.22.85/32 \ # greylisting.org: Plexor 66.216.126.174/32 \ # postgrey: papersinvited.com (no retry) 66.218.66.0/23 \ # greylisting.org: Yahoo Groups servers (common pool) 66.218.67.0/23 \ # greylisting.org: Yahoo Groups servers (common pool) 66.218.68.0/23 \ # greylisting.org: Yahoo Groups servers (common pool) 66.218.69.0/23 \ # greylisting.org: Yahoo Groups servers (common pool) 66.27.51.218/32 \ # greylisting.org: ljbtc.com (Groupwise) 66.94.237.16/28 \ # greylisting.org: Yahoo Groups servers (common pool) 66.94.237.32/28 \ # greylisting.org: Yahoo Groups servers (common pool) 66.94.237.48/30 \ # greylisting.org: Yahoo Groups servers (common pool) 80.200.249.216/32 \ # postgrey: mail.resotel.be (ocasionally no retry, reported by Vito Robar) 152.163.225.0/24 \ # greylisting.org: AOL 193.191.218.141/32 \ # postgrey: mil.be (pool of different servers, reported by Vito Robar) 193.191.218.142/32 \ # postgrey: mil.be (pool of different servers, reported by Vito Robar) 193.191.218.143/32 \ # postgrey: mil.be (pool of different servers, reported by Vito Robar) 193.77.126.208/32 \ # postgrey: mail.esimit-tech.si (no retry, reported by Vito Robar) 193.77.153.67/32 \ # postgrey: mail.likopris.si (no retry, reported by Vito Robar) 193.81.20.195/32 \ # postgrey: duropack.co.at (no retry, reported by Vito Robar) 194.245.101.88/32 \ # greylisting.org: Joker.com 194.7.234.141/32 \ # postgrey: mil.be (pool of different servers, reported by Vito Robar) 194.7.234.142/32 \ # postgrey: mil.be (pool of different servers, reported by Vito Robar) 194.7.234.143/32 \ # postgrey: mil.be (pool of different servers, reported by Vito Robar) 195.235.39.0/24 \ # postgrey: jcsw.nato.int (several servers, no retry, reported by Vito Robar) 195.235.39.19/32 \ # greylisting.org: Tid InfoMail Exchanger v2.20 195.238.2.0/24 \ # greylisting.org: skynet.be (wierd retry pattern) 195.238.2.0/24 \ # greylisting.org: skynet.be (wierd retry pattern, common pool) 195.238.3.0/24 \ # greylisting.org: skynet.be 195.238.3.0/24 \ # greylisting.org: skynet.be 195.46.220.208/32 \ # greylisting.org: mgn.net 195.46.220.209/32 \ # greylisting.org: mgn.net 195.46.220.210/32 \ # greylisting.org: mgn.net 195.46.220.211/32 \ # greylisting.org: mgn.net 195.46.220.221/32 \ # greylisting.org: mgn.net 195.46.220.222/32 \ # greylisting.org: mgn.net 204.107.120.10/32 \ # greylisting.org: Ameritrade (no retry) 205.188.0.0/16 \ # greylisting.org: AOL 205.206.231.0/24 \ # greylisting.org: SecurityFocus.com (unique sender) 207.115.63.0/24 \ # greylisting.org: Prodigy - retries continually 207.171.168.0/24 \ # greylisting.org: Amazon.com 207.171.180.0/24 \ # greylisting.org: Amazon.com 207.171.187.0/24 \ # greylisting.org: Amazon.com 207.171.188.0/24 \ # greylisting.org: Amazon.com 207.171.190.0/24 \ # greylisting.org: Amazon.com 209.132.176.174/32 \ # greylisting.org: sourceware.org mailing lists (unique sender) 211.29.132.0/24 \ # greylisting.org: optusnet.com.au (wierd retry pattern) 213.136.52.31/32 \ # greylisting.org: Mysql.com (unique sender) 213.143.66.210/32 \ # postgrey: cosis.si (no retry, reported by Vito Robar) 216.238.112.99/32 \ # postgrey: mail.commandtech.com (no retry, reported by Vito Robar) 216.33.244.0/24 \ # greylisting.org: Ebay 217.158.50.178/32 \ # greylisting.org: AXKit mailing list (unique sender) } # access control list definition: users who want NO Greylisting list "non-greylisted recipients" rcpt { \ user1@@example.com \ user2@@example.com \ user3@@example.com \ } # access control list # (first successful match stops processing) racl whitelist list "my networks by address" racl whitelist list "broken peers by domain" racl whitelist list "broken peers by address" racl whitelist list "non-greylisted recipients" racl greylist default @ 1.8 log @Berkeley-DB is required for DRAC only (which we don't use); use PCRE for regex matching; configure timeouts @ text @d8 1 a8 1 socket "@@l_prefix@@/var/milter-greylist/milter-greylist.socket" @ 1.7 log @report the delays with a X-Greylist header @ text @d6 7 a12 4 user "@@l_rusr@@:@@l_mgrp@@" pidfile "@@l_prefix@@/var/milter-greylist/milter-greylist.pid" socket "@@l_prefix@@/var/milter-greylist/milter-greylist.socket" dumpfile "@@l_prefix@@/var/milter-greylist/milter-greylist.db" d15 10 a24 7 #syncaddr 192.168.0.1 port 5252 #syncsrcaddr 192.168.0.1 #peer 192.168.0.2 # run-time behaviour #quiet report delays d191 1 a191 1 racl greylist default delay 5m autowhite 3d @ 1.6 log @align with Postgrey's 5 minute default time @ text @a16 1 #verbose d18 1 @ 1.5 log @do not complain if macro {i} cannot be resolved early (as this fails in Postfix) and instead retry later (when it works also in Postfix); enable Greylisting by default and allow one to ignore particular users only (as this is more useful in practice) @ text @d185 1 a185 1 racl greylist default delay 10m autowhite 3d @ 1.4 log @ops, revert my idea: the RFC2606 addresses too easy can be forged, so they are not suitable for greylist exceptions @ text @d172 2 a173 2 # access control list definition: of users that want Greylisting list "greylisted recipients" rcpt { \ d180 1 d184 2 a185 2 racl greylist list "greylisted recipients" delay 10m autowhite 3d racl whitelist default @ 1.3 log @extend the greylisting exception list with the data from Postgrey plus RSE's RFC stuff @ text @a19 11 # access control list definition: my own networks (by domain) list "my networks by domain" domain { \ test \ # RFC2606: reserved top-level domain example \ # RFC2606: reserved top-level domain invalid \ # RFC2606: reserved top-level domain localhost \ # RFC2606: reserved top-level domain example.com \ # RFC2606: reserved second-level domain example.net \ # RFC2606: reserved second-level domain example.org \ # RFC2606: reserved second-level domain } a179 1 racl whitelist list "my networks by domain" @ 1.2 log @make cURL and SPF support optional @ text @d20 9 a28 6 # access control list definition: my own networks list "my networks" addr { \ 127.0.0.1/8 \ 10.0.0.0/8 \ 172.16.0.0/12 \ 192.168.0.0/16 \ d31 150 a180 60 # access control list definition: broken MTAs that break with Greylisting # (http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16) list "broken peers" addr { \ 12.5.136.141/32 \ # Southwest Airlines (unique sender) 12.5.136.142/32 \ # Southwest Airlines 12.5.136.143/32 \ # Southwest Airlines 12.5.136.144/32 \ # Southwest Airlines 12.107.209.244/32 \ # kernel.org (unique sender) 12.107.209.250/32 \ # sourceware.org (unique sender) 63.82.37.110/32 \ # SLmail 63.169.44.143/32 \ # Southwest Airlines 63.169.44.144/32 \ # Southwest Airlines 64.7.153.18/32 \ # sentex.ca (common pool) 64.12.136.0/24 \ # AOL (common pool) 64.12.137.0/24 \ # AOL 64.12.138.0/24 \ # AOL 64.124.204.39 \ # moveon.org (unique sender) 64.125.132.254/32 \ # collab.net (unique sender) 66.94.237.16/28 \ # Yahoo Groups servers (common pool) 66.94.237.32/28 \ # Yahoo Groups servers (common pool) 66.94.237.48/30 \ # Yahoo Groups servers (common pool) 66.100.210.82/32 \ # Groupwise? 66.135.192.0/19 \ # Ebay 66.162.216.166/32 \ # Groupwise? 66.206.22.82/32 \ # Plexor 66.206.22.83/32 \ # Plexor 66.206.22.84/32 \ # Plexor 66.206.22.85/32 \ # Plexor 66.218.66.0/23 \ # Yahoo Groups servers (common pool) 66.218.67.0/23 \ # Yahoo Groups servers (common pool) 66.218.68.0/23 \ # Yahoo Groups servers (common pool) 66.218.69.0/23 \ # Yahoo Groups servers (common pool) 66.27.51.218/32 \ # ljbtc.com (Groupwise) 152.163.225.0/24 \ # AOL 194.245.101.88/32 \ # Joker.com 195.235.39.19/32 \ # Tid InfoMail Exchanger v2.20 195.238.2.0/24 \ # skynet.be (wierd retry pattern, common pool) 195.238.3.0/24 \ # skynet.be 195.46.220.208/32 \ # mgn.net 195.46.220.209/32 \ # mgn.net 195.46.220.210/32 \ # mgn.net 195.46.220.211/32 \ # mgn.net 195.46.220.221/32 \ # mgn.net 195.46.220.222/32 \ # mgn.net 195.238.2.0/24 \ # skynet.be (wierd retry pattern) 195.238.3.0/24 \ # skynet.be 204.107.120.10/32 \ # Ameritrade (no retry) 205.188.0.0/16 \ # AOL 205.206.231.0/24 \ # SecurityFocus.com (unique sender) 207.115.63.0/24 \ # Prodigy - retries continually 207.171.168.0/24 \ # Amazon.com 207.171.180.0/24 \ # Amazon.com 207.171.187.0/24 \ # Amazon.com 207.171.188.0/24 \ # Amazon.com 207.171.190.0/24 \ # Amazon.com 209.132.176.174/32 \ # sourceware.org mailing lists (unique sender) 211.29.132.0/24 \ # optusnet.com.au (wierd retry pattern) 213.136.52.31/32 \ # Mysql.com (unique sender) 216.33.244.0/24 \ # Ebay 217.158.50.178/32 \ # AXKit mailing list (unique sender) d191 4 a194 2 racl whitelist list "my networks" racl whitelist list "broken peers" @ 1.1 log @new package: milter-greylist 3.1.2 (Mail Filter for Greylisting) @ text @a18 2 nospf nodrac @