diff options
| author | kreon | 2015-07-07 02:17:51 +0300 |
|---|---|---|
| committer | kreon | 2015-07-07 02:20:05 +0300 |
| commit | 5cdb11c0710b4390efb62211af60762fbf1d942d (patch) | |
| tree | a6a08d7e9942d462256705b3c8d3a5b82f0f5c42 /greyd.conf | |
| download | aur-5cdb11c0710b4390efb62211af60762fbf1d942d.tar.gz | |
initial commit
Diffstat (limited to 'greyd.conf')
| -rw-r--r-- | greyd.conf | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/greyd.conf b/greyd.conf new file mode 100644 index 000000000000..b037db8c6716 --- /dev/null +++ b/greyd.conf @@ -0,0 +1,199 @@ +# +# Debugging options and more verbose logs. +# +debug = 1 +verbose = 1 +daemonize = 1 + +# +# Main daemon user to drop privileges to. +# +user = "greyd" + +# +# Address to listen on. +# +bind_address = "127.0.0.1" + +# +# Main greyd port. +# +port = 8025 + +# +# This will be obtained via "hostname" if not set. +# +#hostname = "greyd.org" + +# +# Enable listening on IPv6 socket. +# +enable_ipv6 = 0 +bind_address_ipv6 = "::1" + +# +# For blacklisted connections, the number of seconds between +# stuttered bytes. +# +stutter = 1 + +# +# Adjust the socket receive buffer to the specified number +# of bytes (window size). This slows down spammers even more. +# +# window = 1 + +# +# The banner message to be displayed to new connections. +# +banner = "greyd IP-based SPAM blocker" + +# +# The return code to show blacklisted spammers. +# +error_code = "450" + +# +# Chroot enable & location for main daemon. +# +chroot = 1 +chroot_dir = "/var/empty/greyd" + +# +# Pidfile locations for greyd & greylogd daemons. If +# chrooting, the greyd_pidfile must reside withing the +# chroot_dir, and the main greyd user must have permission +# to remove the file in the chroot directory. +# +greyd_pidfile = "/var/empty/greyd/greyd.pid" +greylogd_pidfile = "/var/empty/greyd/greylogd.pid" + +# +# The firewall configuration. +# +section firewall { + driver = "/usr/lib/greyd/greyd_netfilter.so", + + # Max. number of IPSET set elements. + max_elements = 1000000, + + # Max. IPSET hash size. + hash_size = 1048576, + + # + # Greylogd tracking via the iptables NFLOG target and + # corresponding --nflog-group. + # + track_outbound = 1, + inbound_group = 155, + outbound_group = 255 +} + +# +# The greylisting database configuration. +# +section database { + driver = "/usr/lib/greyd/greyd_bdb.so", + path = "/var/lib/greydb", + db_name = "greyd.db" +} + +# +# Sync configuration. +# +section sync { + enable = 0 + #hosts = [ "eth0:2", "jackiemclean.net" ], + #ttl = 2, + #port = 8025, + #verify = 1, + #key = "/etc/greyd/greyd.key", + #bind_address = "eth0:2", + #mcast_address = "224.0.1.241" +} + +# +# SPF validation +# +section spf { + enable = 1, + + # Whitelist hosts that pass SPF validation. + whitelist_on_pass = 1, + + # Trap hosts on softfail, in addition to + # hardfail. + trap_on_softfail = 1 +} + +# +# Greylist engine configuration. +# +section grey { + enable = 1, + user = "greyd", + traplist_name = "greyd-greytrap", + traplist_message = "Your address %A has mailed to spamtraps here", + whitelist_name = "greyd-whitelist", + whitelist_name_ipv6 = "greyd-whitelist-ipv6", + + # Specify the secondary MX server for auto-greytrapping. + #low_prio_mx = "10.10.20.30", + + # Kill stutter for new connections after so many seconds. + stutter = 5, + + # Various greylisting times (in seconds) + pass_time = 300, # 10 minutes. + grey_expiry = 14400, # 4 hours. + white_expiry = 2678400, # 31 days. + trap_expiry = 86400, # 1 day. + + # + # If this file is specified (and exists), any message received + # with a RCPT TO domain *not* matching an entry in the below file + # will be grey-trapped (ie blacklisted). + # + #permitted_domains = "/etc/greyd/permitted_domains" +} + +# +# The configuration section for greyd-setup. +# +section setup { + # + # Place blacklists & whitelists here. Note, the lists are applied + # in order. Whitelists are subtracted from the blacklists that + # come before them. + # + lists = [ "nixspam", "uatraps" ], + curl_path = "/usr/bin/curl" +} + +blacklist uatraps { + message = "Your address %A has sent mail to a ualberta.ca spamtrap\\\\n + within the last 24 hours", + method = "http", + file = "www.openbsd.org/spamd/traplist.gz" +} + +blacklist nixspam { + message = "Your address %A is in the nixspam list", + method = "http", + file = "www.openbsd.org/spamd/nixspam.gz" +} + +#whitelist test_exec_method { +# method = "exec", +# file = "cat /tmp/nixspam-traplist.gz" +#} + +#blacklist test_file_method { +# method = "file", +# file = "/tmp/nixspam-traplist.gz" +#} + +# +# Configuration may be recursively specified using globs. +# +#include "/etc/greyd/conf.d/*.conf" |