1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
#
# Debugging options and more verbose logs.
#
debug = 1
verbose = 1
daemonize = 1
#
# Main daemon user to drop privileges to.
#
user = "greyd"
#
# Address to listen on.
#
bind_address = "127.0.0.1"
#
# Main greyd port.
#
port = 8025
#
# This will be obtained via "hostname" if not set.
#
#hostname = "greyd.org"
#
# Enable listening on IPv6 socket.
#
enable_ipv6 = 0
bind_address_ipv6 = "::1"
#
# For blacklisted connections, the number of seconds between
# stuttered bytes.
#
stutter = 1
#
# Adjust the socket receive buffer to the specified number
# of bytes (window size). This slows down spammers even more.
#
# window = 1
#
# The banner message to be displayed to new connections.
#
banner = "greyd IP-based SPAM blocker"
#
# The return code to show blacklisted spammers.
#
error_code = "450"
#
# Chroot enable & location for main daemon.
#
chroot = 1
chroot_dir = "/var/empty/greyd"
#
# Pidfile locations for greyd & greylogd daemons. If
# chrooting, the greyd_pidfile must reside withing the
# chroot_dir, and the main greyd user must have permission
# to remove the file in the chroot directory.
#
greyd_pidfile = "/var/empty/greyd/greyd.pid"
greylogd_pidfile = "/var/empty/greyd/greylogd.pid"
#
# The firewall configuration.
#
section firewall {
driver = "/usr/lib/greyd/greyd_netfilter.so",
# Max. number of IPSET set elements.
max_elements = 1000000,
# Max. IPSET hash size.
hash_size = 1048576,
#
# Greylogd tracking via the iptables NFLOG target and
# corresponding --nflog-group.
#
track_outbound = 1,
inbound_group = 155,
outbound_group = 255
}
#
# The greylisting database configuration.
#
section database {
driver = "/usr/lib/greyd/greyd_bdb.so",
path = "/var/lib/greydb",
db_name = "greyd.db"
}
#
# Sync configuration.
#
section sync {
enable = 0
#hosts = [ "eth0:2", "jackiemclean.net" ],
#ttl = 2,
#port = 8025,
#verify = 1,
#key = "/etc/greyd/greyd.key",
#bind_address = "eth0:2",
#mcast_address = "224.0.1.241"
}
#
# SPF validation
#
section spf {
enable = 1,
# Whitelist hosts that pass SPF validation.
whitelist_on_pass = 1,
# Trap hosts on softfail, in addition to
# hardfail.
trap_on_softfail = 1
}
#
# Greylist engine configuration.
#
section grey {
enable = 1,
user = "greyd",
traplist_name = "greyd-greytrap",
traplist_message = "Your address %A has mailed to spamtraps here",
whitelist_name = "greyd-whitelist",
whitelist_name_ipv6 = "greyd-whitelist-ipv6",
# Specify the secondary MX server for auto-greytrapping.
#low_prio_mx = "10.10.20.30",
# Kill stutter for new connections after so many seconds.
stutter = 5,
# Various greylisting times (in seconds)
pass_time = 300, # 10 minutes.
grey_expiry = 14400, # 4 hours.
white_expiry = 2678400, # 31 days.
trap_expiry = 86400, # 1 day.
#
# If this file is specified (and exists), any message received
# with a RCPT TO domain *not* matching an entry in the below file
# will be grey-trapped (ie blacklisted).
#
#permitted_domains = "/etc/greyd/permitted_domains"
}
#
# The configuration section for greyd-setup.
#
section setup {
#
# Place blacklists & whitelists here. Note, the lists are applied
# in order. Whitelists are subtracted from the blacklists that
# come before them.
#
lists = [ "nixspam", "uatraps" ],
curl_path = "/usr/bin/curl"
}
blacklist uatraps {
message = "Your address %A has sent mail to a ualberta.ca spamtrap\\\\n
within the last 24 hours",
method = "http",
file = "www.openbsd.org/spamd/traplist.gz"
}
blacklist nixspam {
message = "Your address %A is in the nixspam list",
method = "http",
file = "www.openbsd.org/spamd/nixspam.gz"
}
#whitelist test_exec_method {
# method = "exec",
# file = "cat /tmp/nixspam-traplist.gz"
#}
#blacklist test_file_method {
# method = "file",
# file = "/tmp/nixspam-traplist.gz"
#}
#
# Configuration may be recursively specified using globs.
#
#include "/etc/greyd/conf.d/*.conf"
|