# # Debugging options and more verbose logs. # debug = 1 verbose = 1 daemonize = 1 # # Main daemon user to drop privileges to. # user = "greyd" # # Address to listen on. # bind_address = "127.0.0.1" # # Main greyd port. # port = 8025 # # This will be obtained via "hostname" if not set. # #hostname = "greyd.org" # # Enable listening on IPv6 socket. # enable_ipv6 = 0 bind_address_ipv6 = "::1" # # For blacklisted connections, the number of seconds between # stuttered bytes. # stutter = 1 # # Adjust the socket receive buffer to the specified number # of bytes (window size). This slows down spammers even more. # # window = 1 # # The banner message to be displayed to new connections. # banner = "greyd IP-based SPAM blocker" # # The return code to show blacklisted spammers. # error_code = "450" # # Chroot enable & location for main daemon. # chroot = 1 chroot_dir = "/var/empty/greyd" # # Pidfile locations for greyd & greylogd daemons. If # chrooting, the greyd_pidfile must reside withing the # chroot_dir, and the main greyd user must have permission # to remove the file in the chroot directory. # greyd_pidfile = "/var/empty/greyd/greyd.pid" greylogd_pidfile = "/var/empty/greyd/greylogd.pid" # # The firewall configuration. # section firewall { driver = "/usr/lib/greyd/greyd_netfilter.so", # Max. number of IPSET set elements. max_elements = 1000000, # Max. IPSET hash size. hash_size = 1048576, # # Greylogd tracking via the iptables NFLOG target and # corresponding --nflog-group. # track_outbound = 1, inbound_group = 155, outbound_group = 255 } # # The greylisting database configuration. # section database { driver = "/usr/lib/greyd/greyd_bdb.so", path = "/var/lib/greydb", db_name = "greyd.db" } # # Sync configuration. # section sync { enable = 0 #hosts = [ "eth0:2", "jackiemclean.net" ], #ttl = 2, #port = 8025, #verify = 1, #key = "/etc/greyd/greyd.key", #bind_address = "eth0:2", #mcast_address = "224.0.1.241" } # # SPF validation # section spf { enable = 1, # Whitelist hosts that pass SPF validation. whitelist_on_pass = 1, # Trap hosts on softfail, in addition to # hardfail. trap_on_softfail = 1 } # # Greylist engine configuration. # section grey { enable = 1, user = "greyd", traplist_name = "greyd-greytrap", traplist_message = "Your address %A has mailed to spamtraps here", whitelist_name = "greyd-whitelist", whitelist_name_ipv6 = "greyd-whitelist-ipv6", # Specify the secondary MX server for auto-greytrapping. #low_prio_mx = "10.10.20.30", # Kill stutter for new connections after so many seconds. stutter = 5, # Various greylisting times (in seconds) pass_time = 300, # 10 minutes. grey_expiry = 14400, # 4 hours. white_expiry = 2678400, # 31 days. trap_expiry = 86400, # 1 day. # # If this file is specified (and exists), any message received # with a RCPT TO domain *not* matching an entry in the below file # will be grey-trapped (ie blacklisted). # #permitted_domains = "/etc/greyd/permitted_domains" } # # The configuration section for greyd-setup. # section setup { # # Place blacklists & whitelists here. Note, the lists are applied # in order. Whitelists are subtracted from the blacklists that # come before them. # lists = [ "nixspam", "uatraps" ], curl_path = "/usr/bin/curl" } blacklist uatraps { message = "Your address %A has sent mail to a ualberta.ca spamtrap\\\\n within the last 24 hours", method = "http", file = "www.openbsd.org/spamd/traplist.gz" } blacklist nixspam { message = "Your address %A is in the nixspam list", method = "http", file = "www.openbsd.org/spamd/nixspam.gz" } #whitelist test_exec_method { # method = "exec", # file = "cat /tmp/nixspam-traplist.gz" #} #blacklist test_file_method { # method = "file", # file = "/tmp/nixspam-traplist.gz" #} # # Configuration may be recursively specified using globs. # #include "/etc/greyd/conf.d/*.conf"