head 1.127; access; symbols milter-greylist-4-5-13:1.127 milter-greylist-4-5-12:1.126 milter-greylist-4-5-11:1.126 milter-greylist-4-5-10:1.126 milter-greylist-4-9-10:1.126 milter-greylist-4-5-8:1.125 milter-greylist-4-5-9:1.126 milter-greylist-4-5-7:1.124 milter-greylist-4-5-6:1.124 milter-greylist-4-5:1.124 milter-greylist-4-5-5:1.123 milter-greylist-4-5-4:1.122 milter-greylist-4-5-3:1.119 milter-greylist-4-5-2:1.116 milter-greylist-4-5-1:1.115 milter-greylist-4-4-3:1.114 milter-greylist-4-4-2:1.113 milter-greylist-4-4-1:1.113 milter-greylist-4-4:1.113 milter-greylist-4-4-rc1:1.113 milter-greylist-4-4-alpha4:1.112 milter-greylist-4-4-alpha3:1.112 milter-greylist-4-4-alpha2:1.110 milter-greylist-4-4-alpha1:1.110 milter-greylist-4-2-7:1.94.2.6 milter-greylist-4-3-9:1.104 milter-greylist-4-2-6:1.94.2.6 milter-gresylit-4-2-6:1.94.2.6 milter-greylist-4-3-8:1.104 milter-greylist-4-3-7:1.103 milter-greylist-4-2-5:1.94.2.6 milter-greylist-4-3-6:1.102 milter-greylist-4-2-4:1.94.2.6 milter-greylist-4-3-5:1.98 milter-greylist-4-3-4:1.98 milter-greylist-4-2-3:1.94.2.4 milter-greylist-4-3-3:1.98 rmilter-greylist-4-2-3:1.94.2.4 milter-greylist-4-3-2:1.98 milter-greylist-4-3-1:1.98 milter-greylist-2-2-2:1.94.2.4 milter-greylist-4-2-2:1.94.2.4 milter-greylist-4-2-1:1.94.2.2 milter-greylist-4-2:1.94.2.1 milter-greylist-4-2-rc1:1.94 milter-greylist-4-2-beta1:1.94 milter-greylist-4-2-branch:1.94.0.2 milter-greylist-4-2-base:1.94 milter-greylist-4-2-0-base:1.94 milter-greylist-4-1-12:1.94 milter-greylist-4-1-11:1.94 milter-greylist-4-1-10:1.94 milter-greylist-4-1-9:1.94 milter-greylist-4-1-8:1.94 milter-greylist-4-1-7:1.93 milter-greylist-4-1-6:1.92 milter-greylist-4-0-1:1.77.2.3 milter-greylist-4-0-1-rc1:1.77.2.3 milter-greylist-4-1-5:1.87 milter-greylist-4-1-4:1.87 milter-greylist-4-1-3:1.86 milter-greylist-4-1-2:1.86 milter-greylist-4-1-1:1.85 milter-greylist-4-0-branch:1.77.0.2 milter-greylist-4-0-base:1.77 milter-greylist-4-0:1.77 milter-greylist-4-0-rc2:1.76 milter-greylist-4-0-rc1:1.75 milter-greylist-4-0-beta4:1.75 milter-greylist-4-0-beta3:1.74 milter-greylist-4-0-beta2:1.74 milter-greylist-4-0-beta1:1.73 milter-greylist-4-0-alpha6:1.73 milter-greylist-4-0-alpha5:1.73 milter-greylist-4-0-alpha4:1.73 milter-greylist-4-0-alpha3:1.73 milter-greylist-4-0-alpha2:1.72 milter-greylist-4-0-alpha1:1.72 milter-greylist-3-1-8:1.72 milter-greylist-3-1-7:1.72 milter-greylist-3-1-6:1.65 milter-greylist-3-1-5:1.64 milter-greylist-3-1-5-alpha1:1.61 milter-greylist-3-0-1-beta1:1.43.2.1 milter-greylist-3-1-4:1.55 milter-greylist-3-1-3:1.50 milter-greylist-3-1-2:1.50 milter-greylist-3-1-1:1.44 milter-greylist-3-0:1.43.2.1 milter-greylist-3-0-rc7:1.43.2.1 milter-greylist-3-0-rc6:1.43.2.1 milter-greylist-3-0-rc5:1.43.2.1 milter-greylist-3-0-rc4:1.43.2.1 milter-greylist-3-0-rc3:1.43.2.1 milter-greylist-3-0-rc2:1.43.2.1 milter-greylist-3-0-rc1:1.43.2.1 milter-greylist-3-0-alpha6:1.43 milter-greylist-3-0-branch:1.43.0.2 milter-greylist-3-0-base:1.43 milter-greylist-3-0-alpha5:1.43 milter-greylist-3-0-alpha4:1.42 milter-greylist-3-0-alpha3:1.42 milter-greylist-3-0-alpha2:1.40 milter-greylist-3-0-alpha1:1.38 milter-greylist-2-1-12:1.38 milter-greylist-2-1-11:1.37 milter-greylist-2-1-10:1.36 milter-greylist-2-1-9:1.35 milter-greylist-2-1-9a1:1.35 milter-greylist-2-1-8:1.35 milter-greylist-2-1-7:1.34 milter-greylist-2-1-6:1.33 milter-greylist-2-1-5:1.33 milter-greylist-2-1-4:1.33 milter-greylist-2-1-3:1.32 milter-greylist-2-1-2:1.31 milter-greylist-2-1-1:1.31 milter-greylist-2-0-2:1.29 milter-greylist-2-0-1:1.29 milter-greylist-2-0-1-b1:1.29 milter-greylist-2-0-release:1.29 milter-greylist-2-0-rc5:1.29 milter-greylist-2-0-rc4:1.28 milter-greylist-2-0-rc3:1.27 milter-grey-list-2-0-rc3:1.27 milter-grey-list-2-0-rc2:1.26 milter-grey-list-2-0-rc1:1.26 milter-greylist-2-0-beta7:1.26 milter-greylist-2-0-beta6:1.24 milter-gre-ylist-2-0-beta5:1.23 milter-greylist-2-0-beta5:1.23 milter-greylist-2-0-beta4:1.23 milter-greylist-2-0-beta3:1.23 milter-greylist-2-0-beta2:1.22 milter-greylist-2-0:1.22.0.2 milter-greylist-2-0-base:1.22 milter-greylist-2-0-beta1:1.22 milter-greylist-1-7-5:1.22 before_delayed_tempfail:1.21 milter-greylist-1-7-4:1.17 milter-greylist-1-7-3:1.17 milter-greylist-1-7-2:1.16 milter-greylist-1-6-0:1.14 milter-greylist-1-7-1:1.14 milter-greylist-1-6rc1:1.14 milter-greylist-1-6:1.14.0.2 milter-greylist-1-6-base:1.14 milter-greylist-1-5-12:1.14 milter-greylist-1-5-11:1.14 milter-greylist-1-5-10:1.13 milter-greylist-1-5-9:1.13 milter-greylist-1-5-8:1.12 milter-greylist-1-5-7:1.12 milter-greylist-1-5-6:1.12 milter-greylist-1-5-5:1.10 milter-greylist-1-5-4:1.10 milter-greylist-1-5-3:1.9 milter-greylist-1-5-2:1.9 milter-greylist-1-5-1:1.9 milter-greylist-1-4:1.8.0.2 milter-greylist-1-4-base:1.8 milter-greylist-1-3-9:1.8 milter-greylist-1-3-8:1.8 milter-greylist-1-3-7:1.8 milter-greylist-1-3-6:1.8 milter-greylist-1-3-5:1.8 milter-greylist-1-3-4:1.8 milter-greylist-1-3-3:1.6 BDB:1.5.0.4 BDB-base:1.5 before_BDB:1.5 milter-greylist-1-2-2:1.5 milter-greylist-1-3-2:1.5 milter-greylist-1-2-1:1.5 milter-greylist-1-2-0:1.5 milter-greylist-1-2:1.5.0.2 milter-greylist-1-2-base:1.5 milter-greylist-1-1-16:1.5 milter-greylist-1-1-15:1.5 milter-greylis-1-1-15:1.5 milter-greylis-1-1-16:1.5 milter-greylist-1-1-14:1.5 milter-greylist-1-1-13:1.4 milter-greylist-1-1-12:1.4 milter-greylist-1-1-11:1.4 milter-greylist-1-1-10:1.4 milter-greylist-1-10rc1:1.4 milter-greylist-1-1-9:1.3 milter-greylist-1-1-8:1.3 milter-greylist-1-1-7:1.2 milter-greylist-1-1-6:1.2 milter-greylist-1-1-5:1.2 milter-greylist-1-1-4:1.2; locks; strict; comment @.\" @; 1.127 date 2015.06.16.12.27.29; author manu; state Exp; branches; next 1.126; 1.126 date 2014.02.04.15.19.25; author manu; state Exp; branches; next 1.125; 1.125 date 2014.02.03.16.49.11; author manu; state Exp; branches; next 1.124; 1.124 date 2013.09.01.04.59.42; author manu; state Exp; branches; next 1.123; 1.123 date 2013.08.29.04.20.08; author manu; state Exp; branches; next 1.122; 1.122 date 2013.08.18.12.23.57; author manu; state Exp; branches; next 1.121; 1.121 date 2013.08.18.12.23.14; author manu; state Exp; branches; next 1.120; 1.120 date 2013.08.18.11.18.13; author manu; state Exp; branches; next 1.119; 1.119 date 2013.08.18.04.45.30; author manu; state Exp; branches; next 1.118; 1.118 date 2013.08.16.11.19.54; author manu; state Exp; branches; next 1.117; 1.117 date 2013.08.16.03.02.35; author manu; state Exp; branches; next 1.116; 1.116 date 2013.08.13.03.45.35; author manu; state Exp; branches; next 1.115; 1.115 date 2013.05.20.04.12.40; author manu; state Exp; branches; next 1.114; 1.114 date 2013.01.27.02.08.00; author manu; state Exp; branches; next 1.113; 1.113 date 2012.10.01.07.27.21; author manu; state Exp; branches; next 1.112; 1.112 date 2012.06.13.08.13.02; author manu; state Exp; branches; next 1.111; 1.111 date 2012.05.05.00.42.32; author manu; state Exp; branches; next 1.110; 1.110 date 2012.02.21.05.53.44; author manu; state Exp; branches; next 1.109; 1.109 date 2012.02.20.13.49.52; author manu; state Exp; branches; next 1.108; 1.108 date 2012.02.20.13.47.21; author manu; state Exp; branches; next 1.107; 1.107 date 2012.02.18.16.09.29; author manu; state Exp; branches; next 1.106; 1.106 date 2011.08.17.01.06.50; author manu; state Exp; branches; next 1.105; 1.105 date 2011.04.25.07.55.47; author manu; state Exp; branches; next 1.104; 1.104 date 2010.07.12.01.35.24; author manu; state Exp; branches; next 1.103; 1.103 date 2010.04.18.04.03.56; author manu; state Exp; branches; next 1.102; 1.102 date 2010.04.14.15.32.25; author manu; state Exp; branches; next 1.101; 1.101 date 2010.04.12.12.09.57; author manu; state Exp; branches; next 1.100; 1.100 date 2010.04.12.12.04.41; author manu; state Exp; branches; next 1.99; 1.99 date 2010.04.10.05.42.52; author manu; state Exp; branches; next 1.98; 1.98 date 2009.04.04.03.19.39; author manu; state Exp; branches; next 1.97; 1.97 date 2009.04.04.03.09.43; author manu; state Exp; branches; next 1.96; 1.96 date 2009.04.03.04.15.27; author manu; state Exp; branches; next 1.95; 1.95 date 2009.04.02.04.12.12; author manu; state Exp; branches; next 1.94; 1.94 date 2008.11.26.05.20.13; author manu; state Exp; branches 1.94.2.1; next 1.93; 1.93 date 2008.11.06.11.23.53; author manu; state Exp; branches; next 1.92; 1.92 date 2008.09.27.12.54.30; author manu; state Exp; branches; next 1.91; 1.91 date 2008.09.26.23.35.44; author manu; state Exp; branches; next 1.90; 1.90 date 2008.09.26.17.00.51; author manu; state Exp; branches; next 1.89; 1.89 date 2008.09.07.00.13.34; author manu; state Exp; branches; next 1.88; 1.88 date 2008.08.21.21.05.35; author manu; state Exp; branches; next 1.87; 1.87 date 2008.08.03.05.00.06; author manu; state Exp; branches; next 1.86; 1.86 date 2008.06.03.10.26.19; author manu; state Exp; branches; next 1.85; 1.85 date 2008.02.06.04.11.39; author manu; state Exp; branches; next 1.84; 1.84 date 2007.12.29.19.06.49; author manu; state Exp; branches; next 1.83; 1.83 date 2007.12.17.14.26.35; author manu; state Exp; branches; next 1.82; 1.82 date 2007.11.12.03.46.58; author manu; state Exp; branches; next 1.81; 1.81 date 2007.11.12.02.45.42; author manu; state Exp; branches; next 1.80; 1.80 date 2007.11.11.11.57.19; author manu; state Exp; branches; next 1.79; 1.79 date 2007.11.07.11.55.49; author manu; state Exp; branches; next 1.78; 1.78 date 2007.11.06.11.39.33; author manu; state Exp; branches; next 1.77; 1.77 date 2007.10.28.23.14.26; author manu; state Exp; branches 1.77.2.1; next 1.76; 1.76 date 2007.10.23.11.38.51; author manu; state Exp; branches; next 1.75; 1.75 date 2007.10.04.10.54.44; author manu; state Exp; branches; next 1.74; 1.74 date 2007.08.23.10.54.13; author manu; state Exp; branches; next 1.73; 1.73 date 2007.04.19.02.47.44; author manu; state Exp; branches; next 1.72; 1.72 date 2007.03.15.04.55.45; author manu; state Exp; branches; next 1.71; 1.71 date 2007.02.27.04.39.49; author manu; state Exp; branches; next 1.70; 1.70 date 2007.02.26.04.27.50; author manu; state Exp; branches; next 1.69; 1.69 date 2007.02.24.22.16.01; author manu; state Exp; branches; next 1.68; 1.68 date 2007.02.24.22.10.21; author manu; state Exp; branches; next 1.67; 1.67 date 2007.02.22.14.44.45; author manu; state Exp; branches; next 1.66; 1.66 date 2007.02.21.17.41.50; author manu; state Exp; branches; next 1.65; 1.65 date 2007.02.14.05.12.40; author manu; state Exp; branches; next 1.64; 1.64 date 2007.02.06.14.29.55; author manu; state Exp; branches; next 1.63; 1.63 date 2007.02.05.06.05.34; author manu; state Exp; branches; next 1.62; 1.62 date 2007.02.04.05.44.41; author manu; state Exp; branches; next 1.61; 1.61 date 2007.02.02.07.00.06; author manu; state Exp; branches; next 1.60; 1.60 date 2007.02.02.02.10.23; author manu; state Exp; branches; next 1.59; 1.59 date 2007.01.31.06.08.55; author manu; state Exp; branches; next 1.58; 1.58 date 2007.01.30.14.36.53; author manu; state Exp; branches; next 1.57; 1.57 date 2007.01.29.04.57.18; author manu; state Exp; branches; next 1.56; 1.56 date 2007.01.28.02.16.33; author manu; state Exp; branches; next 1.55; 1.55 date 2007.01.10.10.54.26; author manu; state Exp; branches; next 1.54; 1.54 date 2007.01.09.22.22.43; author manu; state Exp; branches; next 1.53; 1.53 date 2007.01.04.23.01.46; author manu; state Exp; branches; next 1.52; 1.52 date 2007.01.01.17.29.29; author manu; state Exp; branches; next 1.51; 1.51 date 2007.01.01.08.08.41; author manu; state Exp; branches; next 1.50; 1.50 date 2006.12.26.21.21.52; author manu; state Exp; branches; next 1.49; 1.49 date 2006.12.20.21.57.53; author manu; state Exp; branches; next 1.48; 1.48 date 2006.12.13.09.06.00; author manu; state Exp; branches; next 1.47; 1.47 date 2006.12.13.07.53.42; author manu; state Exp; branches; next 1.46; 1.46 date 2006.12.07.10.22.00; author manu; state Exp; branches; next 1.45; 1.45 date 2006.12.06.15.02.41; author manu; state Exp; branches; next 1.44; 1.44 date 2006.09.18.11.54.39; author manu; state Exp; branches; next 1.43; 1.43 date 2006.08.30.20.50.42; author manu; state Exp; branches 1.43.2.1; next 1.42; 1.42 date 2006.08.27.16.02.26; author manu; state Exp; branches; next 1.41; 1.41 date 2006.08.24.20.58.36; author manu; state Exp; branches; next 1.40; 1.40 date 2006.08.08.13.54.41; author manu; state Exp; branches; next 1.39; 1.39 date 2006.08.08.12.43.17; author manu; state Exp; branches; next 1.38; 1.38 date 2006.08.01.21.29.36; author manu; state Exp; branches; next 1.37; 1.37 date 2006.08.01.14.55.20; author manu; state Exp; branches; next 1.36; 1.36 date 2006.07.28.16.44.17; author manu; state Exp; branches; next 1.35; 1.35 date 2006.07.27.20.08.32; author manu; state Exp; branches; next 1.34; 1.34 date 2006.07.27.16.32.29; author manu; state Exp; branches; next 1.33; 1.33 date 2006.02.17.19.46.13; author manu; state Exp; branches; next 1.32; 1.32 date 2006.01.11.06.40.39; author manu; state Exp; branches; next 1.31; 1.31 date 2006.01.08.00.38.25; author manu; state Exp; branches; next 1.30; 1.30 date 2005.11.30.23.32.13; author manu; state Exp; branches; next 1.29; 1.29 date 2005.06.10.08.36.50; author manu; state Exp; branches; next 1.28; 1.28 date 2005.06.08.19.33.17; author manu; state Exp; branches; next 1.27; 1.27 date 2005.06.05.21.59.02; author manu; state Exp; branches; next 1.26; 1.26 date 2005.05.11.14.22.09; author manu; state Exp; branches; next 1.25; 1.25 date 2005.05.11.14.09.25; author manu; state Exp; branches; next 1.24; 1.24 date 2005.05.07.23.24.28; author manu; state Exp; branches; next 1.23; 1.23 date 2005.03.19.07.39.21; author manu; state Exp; branches; next 1.22; 1.22 date 2005.01.29.18.42.53; author manu; state Exp; branches; next 1.21; 1.21 date 2005.01.29.18.24.17; author manu; state Exp; branches; next 1.20; 1.20 date 2005.01.29.18.21.37; author manu; state Exp; branches; next 1.19; 1.19 date 2005.01.06.20.14.49; author manu; state Exp; branches; next 1.18; 1.18 date 2004.12.28.21.46.05; author manu; state Exp; branches; next 1.17; 1.17 date 2004.12.16.23.08.13; author manu; state Exp; branches; next 1.16; 1.16 date 2004.12.09.00.04.01; author manu; state Exp; branches; next 1.15; 1.15 date 2004.12.08.22.23.09; author manu; state Exp; branches; next 1.14; 1.14 date 2004.10.17.18.35.42; author manu; state Exp; branches; next 1.13; 1.13 date 2004.10.13.10.15.12; author manu; state Exp; branches; next 1.12; 1.12 date 2004.08.10.10.15.06; author manu; state Exp; branches; next 1.11; 1.11 date 2004.08.08.21.24.20; author manu; state Exp; branches; next 1.10; 1.10 date 2004.08.01.09.27.03; author manu; state Exp; branches; next 1.9; 1.9 date 2004.06.16.20.38.56; author manu; state Exp; branches; next 1.8; 1.8 date 2004.05.26.21.50.13; author manu; state Exp; branches; next 1.7; 1.7 date 2004.05.26.09.14.29; author manu; state Exp; branches; next 1.6; 1.6 date 2004.05.24.21.57.36; author manu; state Exp; branches; next 1.5; 1.5 date 2004.04.12.17.26.03; author manu; state Exp; branches; next 1.4; 1.4 date 2004.04.02.15.06.53; author manu; state Exp; branches; next 1.3; 1.3 date 2004.04.01.21.23.08; author manu; state Exp; branches; next 1.2; 1.2 date 2004.03.31.12.10.16; author manu; state Exp; branches; next 1.1; 1.1 date 2004.03.31.11.39.26; author manu; state Exp; branches; next ; 1.94.2.1 date 2009.04.02.04.09.28; author manu; state Exp; branches; next 1.94.2.2; 1.94.2.2 date 2009.04.03.04.16.33; author manu; state Exp; branches; next 1.94.2.3; 1.94.2.3 date 2009.04.04.03.20.26; author manu; state Exp; branches; next 1.94.2.4; 1.94.2.4 date 2009.04.04.03.21.02; author manu; state Exp; branches; next 1.94.2.5; 1.94.2.5 date 2010.04.14.04.41.22; author manu; state Exp; branches; next 1.94.2.6; 1.94.2.6 date 2010.04.14.15.32.49; author manu; state Exp; branches; next 1.94.2.7; 1.94.2.7 date 2011.04.25.07.56.47; author manu; state Exp; branches; next ; 1.77.2.1 date 2007.11.07.11.56.00; author manu; state Exp; branches; next 1.77.2.2; 1.77.2.2 date 2007.12.17.14.27.13; author manu; state Exp; branches; next 1.77.2.3; 1.77.2.3 date 2008.02.06.04.12.17; author manu; state Exp; branches; next ; 1.43.2.1 date 2006.09.18.18.04.33; author manu; state Exp; branches; next ; desc @@ 1.127 log @Support glob(7) pattern matching for properties @ text @.\" .\" $Id: greylist.conf.5,v 1.126 2014/02/04 15:19:25 manu Exp $ .\" .\" Copyright (c) 2004-2013 Emmanuel Dreyfus .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by Emmanuel Dreyfus .\" .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED .\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE .\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .TH "greylist.conf" "5" "May 10, 2005" "" "" .SH NAME .B greylist.conf - milter-greylist configuration file .SH DESCRIPTION .B greylist.conf configures .B milter-greylist(8) operation. The format is simple: each line contains a keyword and optional arguments. Any line starting with a # is considered as a comment and is ignored. Blank lines are ignored as well. Comments at the end of lines are accepted in some situations, but do not take them as granted. A statement can be continued on the next line by using a backslash. Anything after the backslash will be ignored. .SH WHITELIST The primary use of .B greylist.conf is to setup .B milter-greylist(8) whitelist. It also offers a handy blacklist feature. Access-lists (ACL) are used to do that. ACL enable the administrator to specify complex conditions on sender IP, sender DNS address, sender e-mail address, and recipient e-mail address. If support for DNSRBL was built-in, it is even possible to use DNSRBL in ACL. .PP An access-list entry starts with the .I racl keyword followed by an optional id quoted string, then the .I greylist\fR, .I whitelist\fR, .I blacklist\fR, or .I continue keyword, and by any set of the following clauses: .I addr\fR, .I domain\fR, .I from\fR, .I rcpt\fR, .I rcptcount\fR, .I helo\fR, .I sm_macro\fR, .I time\fR, .I auth\fR, .I tls\fR, .I spf\fR (if build with SPF support), .I geoip\fR (if build with GeoIP support), .I p0f\fR (if build with p0f support), .I ldapcheck\fR (if build with --with-openldap), .I urlcheck\fR (if built with --with-libcurl), .I dnsrbl\fR (if built with --enable-dnsrbl), and .I nsupdate\fR (if supported by the DNS resolver). A message will match an ACL entry when it complies with all of its clauses. .PP The .I greylist\fR, .I whitelist\fR, and .I blacklist keywords will cause the message to be respectively greylisted, accepted or rejected if all ACL clauses match, and ACL evaluation is terminated there. If an ACL with .I continue keyword does match, nothing is decided and next ACL are evaluated. .PP Clauses can be negated, by prefixing them by the .I not keyword. Here is the detail of all possible clauses. .TP .I addr This clause is used to specify a netblock of source IP addresses. The syntax is an IP address followed by a slash and a CIDR netmask. Here is an example: .IP racl whitelist addr 127.0.0.0/8 racl whitelist addr 192.168.3.0/24 racl whitelist addr ::1 .IP If the netmask is omitted, /32 is assumed for an IPv4 address and /128 is assumed for an IPv6 address. .IP You should at least whitelist localhost (127.0.0.1/8), and if you have some user clients connecting to the machine, you should whitelist the addresses they connect from if you don't want them to get error messages when sending e-mail. .TP .I domain This clause selects source machines based on their DNS name, performing a suffix search. For instance, this will whitelist any machine in the .I example.net domain: .IP racl whitelist domain example.net .IP Suffix search matching means, for example, that gle.com will match google.com. If you want domain names to match on subdomain boundaries (e.g. gle.com will match mail.gle.com and gle.com but not google.com) then enable .I domainexact .PP The name resolution is made by Sendmail, which hands it to .B milter-greylist(8)\fR. As a result, it is impossible to use DNS aliases here. On the other hand, this will work even if your DNS resolver is not thread-safe. .TP .I from This is used to select sender e-mail addresses. You should not use that feature, because sender e-mail addresses can be trivially forged. Example: .IP racl whitelist from postmaster@@example.com .TP .I rcpt This is used to select recipient addresses. Example: .IP racl greylist rcpt John.Doe@@example.net .TP .I rcptcount Followed by an operator and a recipient count, this is used to select the amount of recipients. Example: .IP racl blacklist rcptcount >= 25 msg "No more than 25 recipients, please" .TP .I helo Followed by a quoted string or a regular expression, this can be used to filter on the HELO string. .TP .I sm_macro This is used to select a Sendmail macro value. See the section on that topic for more information. .TP .I time This is used to specify a time set. It should be followed by a quoted string of .B crontab(5)\fR-like time specification. Here is an example that whitelists mail addressed to a single recipient during office hours (from 8:00 to 16:59 from monday to friday): .IP racl whitelist time "* 8-16 * * 1-5" rcpt info@@example.net .TP .I geoip This is used to specify a country, as reported by GeoIP. The country code must be upper case, and is only available if .B milter-greylist was built with GeoIP support. Special country code .B ZZ is used when the country cannot be determined (this happens for private addresses, for instance). The .I geoipdb statement can be used to specify the location of GeoIP database. .TP .I p0f This is used to match against the remote system OS fingerprint genre and detail,obtained from p0f. It is only available if .B milter-greylist was built with p0f support. .I p0f clauses can be used with a quoted string for case-insensitive substring match, or against regular expressions. The .I p0fsock statement can be used to specify the location of the p0f socket. .TP .I auth This is used to select a user that succeeded SMTP AUTH. In order to select any user that succeeds SMTP AUTH, you can use a regular expression matching, like below; .IP racl whitelist auth /.*/ .IP Using such a clause automatically disable global STARTTLS and SMTP AUTH whitelisting, like if the .I noauth keyword would have been used. .TP .I tls This is used to select the distinguished name (DN) of a user that succeeded STARTTLS. Using such a clause automatically disable global STARTTLS and SMTP AUTH whitelisting, like if the .I noauth keyword would have been used. .TP .I spf This is used to test SPF status. Possible values are .I pass\fR, .I softfail\fR, .I fail\fR, .I neutral\fR, .I unknown\fR, .I error\fR, .I none\fR, and .I self\fR. The first seven values are plain SPF validation status. The .I self value is a special test that checks the server's local IP address against the sender's SPF record. If that test validates, odds are good that the sender SPF record is wide open, and this is hint that SPF should not be trusted. .IP In order to use .I spf self\fR, Postfix users must specify the local address in the configuration file, using the .I localaddr option. .IP Absence of any value after the .I spf keyword is a synonym for .I spf pass\fR. This is present for backward compatibility. .IP The .I spf clause is only available if SPF support was compiled in. Using it will disable global SPF whitelisting, like if the .I nospf keyword would have been used. .TP .I ldapcheck This is used to query an LDAP directory. See the section on that topic for more information. .TP .I urlcheck This is used to query an external configuration source through an URL. See the section on that topic for more information. .TP .I dnsrbl This is used to select a DNSRBL. See the section on that topic for more information. .TP .I nsupdate This always-matching clause performs a DNS update, see the section on that topic for more information. .PP The .I domain\fR, .I from\fR, and .I rcpt clauses may be used with regular expressions. The regular expressions must be enclosed by slashes (/). No escaping is available to provide a slash inside a regular expression, so just do not use it. Regular expressions follow the format described in .B re_format(7)\fR. Here is an example: .PP racl greylist rcpt /@@example\\.net$/ .PP When regular expressions are not used, .I from\fR, and .I rcpt perform a case insensitive substring match with leading and trailing brackets, spaces and tabs stripped out. .I domain performs a case insensitive suffix match. This means, for example, that gle.com will match google.com. If you want domain names to match on subdomain boundaries (e.g. gle.com will match mail.gle.com and gle.com but not google.com) then enable .I domainexact .PP An ACL entry can also hold various optional parameter used on match: .I delay\fR, .I autowhite\fR, .I flushaddr\fR, .I nolog\fR, .I code\fR, .I ecode\fR, .I report\fR, .I maxpeek\fR, .I addheader\fR, .I addfooter\fR, and .I msg\fR .TP .I delay Specify the greylisting delay used before the message can be accepted. This overrides the .I greylist global setting, and it only makes sense on an .I racl greylist entry. .TP .I autowhite Specify the autowhitelisting duration for messages matching this ACL. This overrides the .I autowhite global setting, and it only makes sense on an .I racl greylist entry. Example: .IP racl greylist rcpt JDoe@@example.net delay 15m autowhite 3d racl greylist rcpt root@@example.net delay 1h autowhite 3d .TP .I flushaddr If a message matches the rule, any entry in the greylist or autowhite databases matching the sender IP is removed. Used with a DNSRBL blacklist ACL, it is useful for freeing the database from entries set up by a machine which is known to be a spammer. Example: .IP racl blacklist dnsrbl "known-spammer" flushaddr .TP .I nolog Do not generate syslog message if this rule matches. Example: .IP racl whitelist default nolog .TP .I code .TP .I ecode .TP .I msg These 3 values can be used to choose the SMTP code, extended code and reply message for temporary failures and rejects. Example: .IP racl blacklist dnsrbl "spamstomp" msg "IP caught by spamstomp" racl greylist default code "451" ecode "4.7.1" .IP The .I msg strings accepts format string substitution as documented in the .B FORMAT STRINGS section. For instance, .I %A gets substituted by the ACL line number. .IP None of the last 3 values makes sense for a whitelist entry. .TP .I report This value overrides the text displayed in the .I X-Greylist header, for messages that .B milter-greylist(8) lets pass through, either because they are whitelisted, or because they passed greylisting (see .B REPORTING\fR). This string can be substituted as documented in the .B FORMAT STRINGS section. .TP .I maxpeek This parameter only makes sense in a RCPT-stage ACL. It overrides the global .I maxpeek setting for DATA-stage handling of the message. It has no effect if global .I maxpeek is set to 0. .TP .I addheader This quoted string is a RFC822 header that gets added to the message. Format string substitution is supported. No check is done for header length standard compliance, so make sure the substituted string is shorter than 2048 characters. .TP .I addfooter Append a footer to the message. Usual escape sequences such as \\n can be used to get special characters. The string is subject to format string expantion as described in the .B FORMAT STRINGS section. The footer will not be append if .I milter-greylist was not able to capture the whole message, therefore .I maxpeek must be set approriately. .PP Entries in the access-list are evaluated sequentially, so order is very important. The first matching entry is used to decide if a message will be whitelisted or greylisted. A special .I default clause can be used in the last ACL entry as a wildcard. Here are a few complete ACL examples: .PP Example 1: .nf racl whitelist from friend@@toto.com rcpt grandma@@example.com racl whitelist from other.friend@@example.net rcpt grandma@@example.com racl greylist rcpt grandma@@example.com racl whitelist default .fi .PP Example 2: .nf racl whitelist addr 193.54.0.0/16 domain friendly.com racl greylist rcpt user1@@atmine.com racl greylist rcpt user2@@atmine.com racl greylist rcpt user3@@atmine.com racl whitelist default .fi .PP Example 3: .nf racl whitelist rcpt /@@.*otherdomain\\.org$/ racl whitelist addr 192.168.42.0/24 rcpt user1@@mydomain.org racl whitelist from friend@@example.net rcpt /@@.*mydomain\\.org$/ racl whitelist rcpt user2@@mydomain.org racl greylist rcpt /@@.*mydomain\\.org$/ racl whitelist default .fi .SH DATA-STAGE ACL ACL using the .I racl keyword are evaluated at the RCPT stage of the SMTP transaction. It is also possible to have ACL evaluated at the DATA stage of the SMTP transaction, using the .I dacl keyword, provided the message went through RCPT-stage ACL, and possibly greylisting. Note that you cannot use the .I greylist action at DATA-stage if the RCPT-stage ACL that matched had a .I greylist action itself. The following clauses can be used to work on message content: .TP .I dkim DKIM status (if build with DKIM support). Possible values are .I pass\fR, .I fail\fR, .I unknown\fR, .I error\fR, and .I none\fR, .TP .I header String or regular expression searched in message headers .TP .I body String or regular expression searched in message body .TP .I msgsize Operator followed by a message size (k or M suffix allowed for kilobytes or megabytes). Example: .IP dacl blacklist msgsize >= 4M msg "No more than 4 MB please" .TP .I spamd SpamAssassin score (if build with SpamAssassin support). If used without comparison operator .I spamd is true if the score is above threshold. The .I spamdsock keyword can be used to specify the location of the spamd socket. .IP Example 1: .nf spamdsock unix "/var/spamassassin/spamd.sock" racl whitelist default dacl greylist spamd .fi .IP Example 2: .nf spamdsock inet "127.0.0.1:783" racl whitelist default dacl blacklist spamd > 15 msg "Your message is considered spam." dacl greylist spamd > 10 delay 2h dacl greylist spamd > 5 delay 1h .fi .PP Note that if there are multiple recipient, a .I rcpt clause at DATA stage evaluates to true if it matches any of them. If you want to match an exact set of recipients, you can use multiple .I rcpt clauses along with a .I rcptcount clause. .PP .SH LISTS It is often useful to group several users or sender IP addresses in a single ACL. This can be done with lists. Lists must be first defined and given a name before they can be used in ACL entries. Here is an example: .IP list "my users" rcpt { user1@@example.com user2@@example.com } list "local" addr { 192.0.2.0/24 10.0.0.0/8 } racl whitelist list "local" racl greylist list "my users" racl whitelist default .SH BACKWARD COMPATIBILITY Previous versions of .B milter-greylist(8) used .I addr\fR, .I domain\fR, .I from\fR, and .I rcpt lines, without the .I racl keyword. Access-list management is intended to replace them. These lines are still accepted by .B milter-greylist(8)\fR, but they are deprecated. .B milter-greylist(8) handles them as access-list entries with a single clause. They are added at the head of the access-list so the use of these keywords and access-lists may lead to unspecified behaviour. Do not mix them. .PP test mode (using .B -T\fR) is also deprecated. Access-list semantics do not depend on this flag. .PP .B milter-greylist(8) also used to only have a RCPT-stage ACL, which was configured through .I acl statements. These have been replaced by .I racl statements (as opposed to .I dacl statements for DATA-stage ACL). .I acl statements are still accepted for backward compatibility and are a synonym for .I racl statements. .SH MX SYNC Synchronization of the greylist among multiple MX is configured using the .I peer keyword. List each other MX IP addresses using the .I peer keyword. Here is an example: .PP peer 192.0.2.18 peer 192.0.2.17 peer 192.0.2.22 timeout 7 peer 192.0.2.38 timeout 5m .PP You can list the local machine in the peer statements, it will be ignored. .PP The .I timeout clause sets a peer communication timeout to have proper retrial in case of slow MX peer. The default value is 3 seconds. The special value of 0 disables the connection retrials. .PP By default, milter-greylist will listen on all interfaces using TCP port 5252 or the port number given by service named mxglsync if defined in .I /etc/services or other directory service. This behaviour can be changed by using the .I syncaddr keyword. Here are a few examples: .PP syncaddr * syncaddr * port 7689 syncaddr 192.0.2.2 port 9785 syncaddr 2001:db8::1:c3b5:123 syncaddr 2001:db8::1:c3b5:123 port 1234 .PP Using '*' as the address means to bind to all local interfaces' addresses. Note that if you are not using the default port, all MXs must use the same port number. .PP For outbound connections the system is selecting one of the possible addresses. If you want to use a specific IP you can use: .PP syncsrcaddr 123.456.78.9 .PP .SH TEXT DUMP .B milter-greylist(8) uses a text dump of its database to resume operation after a crash. The dump is performed at regular time interval, but as it is a heavy operation, you might want to configure a particular time interval, using the .I dumpfreq option. .PP If the .I dumpfreq value is too small, it will kill performance. If it is too high, you will loose a bigger part of the database on a crash. .PP Set .I dumpfreq to 0 to get a dump on each change (kills performance), Set it to -1 to never dump to a file (unsafe as you lose the whole greylist on each crash), or give a time value for the delay between dumps. The time is given in seconds, except if a unit is given: m for minutes, h for hours, and d for days. .PP You may further improve the performance of the dump operation at the expense of humanly readable timestamp which by default appears as a comment at the end of each line in the dumpfile. You may disable generation of this comment by specifying .I dump_no_time_translation option in the configuration file. This is specifically recommended if your dumpfile grows to 100's of megabytes - it can reduce the time needed for the dump operation by the order of magnitude! .SH REPORTING By default, .B milter-greylist(8) will add a .I X-Greylist header to any message it handles. The header shows what happened to the message: delayed or not delayed, and why. The following options can be used in .B greylist.conf to alter this behavior: .TP .I report none Never add a .I X-Greylist header. .TP .I report delays Only add a header if the message was delayed. .TP .I report nodelays Add a header if the message was not delayed. The header explains why the message was not delayed. .TP .I report all Always add a header. This is the default. .SH SENDER CALLBACK SYSTEMS Sender callback systems are another anti-spam measure that attempts to send a DSN to the sender address before accepting a message. If that fails, then the sender address is wrong and the message is rejected. Such systems usually stop their callback check at the RCPT stage of the SMTP transaction. .PP Greylisting temporarily rejects at the RCPT stage, so sender callback and greylisting love to fight each other. .B milter-greylist(8) proposes a workaround to that problem with the .I delayedreject option. For messages coming from <> (that is, for DSN), it will cause the temporary reject to happen at the DATA stage of the SMTP transaction instead of the RCPT stage. That way, .B milter-greylist(8) will cope much better with sender callback systems. .PP This has a minor drawback (and this is why it is not enabled by default): for a multi recipient DSN, whitelisted recipient will not be honoured: the message will be delayed for everyone. .SH SENDMAIL MACROS Any sendmail macro can be used as a clause in the access list. You need to define a (macro, value) pair using the .I sm_macro keyword before using it. Here is an example that uses the .I {client_resolve} macro to apply a larger greylisting delay to hosts that have a bogus reverse DNS: .IP sm_macro "maybe_forged" "{client_resolve}" "FORGED" racl greylist sm_macro "maybe_forged" delay 1h racl greylist default delay 15m .PP A regular expression can be used as the macro value. It must be surrounded with slashes and not by quotes. The special value .I unset can also be used to match an unset macro: .IP sm_macro "not_foo" "{foo}" unset .PP Note that any Sendmail macro that is not exported using the .I Milter.macros.envrcpt setting of .I sendmail.cf will be seen as unset from milter-greylist. .SH DNSRBL DNS Reverse Black List can be used to toggle an ACL. They must be defined and named before they can be used. Here is an example which uses a bigger greylisting delay for hosts caught in the SORBS dynamic pool DNRSBL (this will include DSL and cable customers pools, which are well known to be massively infected by spamwares): .IP dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10/32 racl greylist dnsrbl "SORBS DUN" delay 1h racl greylist default delay 15m .PP The definition of a DNSRBL starts by the .I dnsrbl keyword, followed by the quoted name of the DNSRBL, the DNS domain on which addresses should be looked up, and the answer we should consider as a positive hit. .PP DNSRBL support is only available if enabled through the --enable-dnsrbl config flag. Please make sure .B milter-greylist(8) is linked against a thread-safe DNS resolver, otherwise it shall crash. .SH DNS updates ACL are able to trigger a DNS update, which can be used to feed a DNSRBL. That functionnality is enabled at build time if the DNS resolver has DNS update support. .PP Configuration is done with the .I nsupdate statement, which may be used several times, and the optionnal .I tsig statement, if you want ot use authenticated DNS update. Here is an example syntax: .IP tsig "dns-update" "hmac-md5" "1B2M2Y8AsgTpgAmY7PhCfg==" nsupdate "bl.example.net" { rname "%j.bl.example.net" rvalue "127.0.0.2" tsig "dns-update" } .PP The options for .I nsupdate are: .TP .I rname Created record name, which uses format strings. .TP .I rvalue Created record value, which uses format strings. .TP .I servers Quoted comma-separated list of DNS server the update should be sent to. Default is to use the system confifugration, usualy from .I /etc/resolv.conf .TP .I ttl TTL of created DNS record. Default is 0 seconds. .TP .I class Created record class, as numeric value. Default is 1, for IN class. .TP .I type Created record type, as numeric value. Default is 1, for A type. .TP .I tsig The name of a .I tsig configuration, which must have been supplied before. If unspecified, unauthenticated DNS updates are performed. .PP Once configured, DNS updates can be used in any ACL: .IP racl blacklist rcpt spamtrap@@example.net nsupdate "bl.example.net" .PP .SH PROPERTIES Properties are variables that can be set, evaluated and printed in ACL. A property may be dropped once the current recipient is processed, or it can be retained until the message is processed. They can be created through the following always-matching ACL clauses: .TP .I set\~\[char36]name="value" This sets a property that will be retained for all next recipients. Right hand side of the clause may be a quoted string (which will be substituted using format strings, as described in the .B FORMAT STRINGS section), a number, or another property name (which will be substituted by the property value). .TP .I rset\~\[char36]name="value" Same as .I set clause, except that the property will be droped once the current user will have been processed. .TP .I urlcheck These clause will cause properties to be fetched from an external web service. See the .B URL checks section below for details. .TP .I ldapcheck These clause will cause properties to be fetched from a LDAP directory See the .B LDAP CHECKS section below for details. .PP Properties can be used as left-hand side part of ACL clauses: .IP racl blacklist $name "badvalue" racl blacklist $name /badregex/ .PP If used left-hand side and prefixed by a star, the property will be evaluated as a .B glob(7) pattern, In the example below, if sender DNS domain is .I test.example.net and .I $domain is .I *.example.net\fR, we get a match. .IP racl blacklist *$domain "%f" .PP They are also available as right-hand side of many ACL clauses: .IP racl continue set $badword="spam" racl blacklist body $badword .PP Values of properties can be obtained in any quoted string that is subject to format string expantion: .IP racl continue set $webmaster="webmaster@@example.net" racl blacklist domain evil.net msg "blacklisted, ask $P{webmaster} why" .PP When the property value is a number, it can be increased or decreased using this syntax: .IP racl continue set $score+=5 racl continue set $score-=5 .PP Here again, right hand side may be a quoted string, a number or another property. For the quoted string and property cases, a conversion is first made to an integer, using 0 as a value on failure. Note that no arithmetic evaluation occurs. For instance, the quoted string .I \[char34]1 + 1\[char34] will be evaluated as 0. .PP The .B log ACL clause can be helpful when one need to figure what happens to property values during the ACL flow. See the .B CUSTOM REPORT section for more details. .SH URL checks .B milter-greylist(8) is able to query external sources of information through various URL, if it was built with --with-libcurl. Here is an example: .IP urlcheck "glusr" "http://www.example.net/mgl-config?rcpt=%r" 5 racl greylist urlcheck "glusr" delay 15m racl whitelist default .PP The trailing 5 at the end of the .I urlcheck definition is the maximum number of simultaneous connections we want to launch on this URL. For each message, the URL will be queried, with % format tags being substituted. For instance, .I %r is substituted by the recipient. See the .B FORMAT STRINGS section for the complete list of substitutions. .PP .B milter-greylist(8) expects an answer containing a list of \\n terminated lines, with .I key: value pairs. The most basic answer to get a match is: .IP milterGreylistStatus: Ok .PP .I TRUE can be used as an alias for .I Ok here. .PP The answer can be more complex, with keys that will overload the ACL settings: .TP .I milterGreylistDelay The greylisting delay to use (time unit suffix allowed). .TP .I milterGreylistAutowhite The autowhite delay to use (time unit suffix allowed). .TP .I milterGreylistFlushAddr The value is ignored. If this key is present, then the IP address for the sender machine will be flushed from greylist and autowhite databases. .TP .I milterGreylistCode The SMTP code to return (e.g.: 551). .TP .I milterGreylistECode The SMTP extended code to return (e.g.: 5.7.1) .TP .I milterGreylistMsg The string to return with SMTP codes. .TP .I milterGreylistReport The string to display in the .I X-Greylist header. .TP .I milterGreylistIgnore This line will be ignored, without warnings in the logs. .TP .I milterGreylistAction This feature is nifty but use it with caution, as it makes the access list a bit difficult to understand. By specifying the values .I greylist\fR, .I whitelist\fR, or .I blacklist\fR, it is possible to overload the ACL action itself. .PP The ACL will match if any of the above key is returned: .I milterGreylistStatus is not mandatory. .PP Optional keywords can be appended to a .I urlcheck definition: .TP .I postmsg On DATA-stage ACL, This causes the message to be sent (up to .I maxpeek bytes) in a POST request. Here is an example: .IP urlcheck "extfilter" "http://www.example.net/f.cgi" 5 postmsg dacl blacklist urlcheck "extfilter" dacl whitelist default .PP .TP .I getprop Gather the properties returned by the URL and reuse them in the ACL. The gathered properties can be accessed in the current and following ACL by prefixing them by a dollar ($). .TP .I clear This causes gathered properties to be cleared on each new recipient. This avoids properties for several recipients to mix. .TP .I fork Tells .B milter-greylist(8) to fork a separate instance of itself for performing the queries. Use it if you encounter thread-safety problems. .I fork is not compatible with .I postmsg\fR. .TP .I domatch Cause the ldapcheck clause to be evaluated in ACL. Default behavior is to ignore the result and just fecth properties, except if the LDAP directory is unreachecable, in which case a temporary failure occurs. The .I fixldapcheck gloabal settings may also be used to globaly cause all .I ldapcheck and .I urlcheck clauses to match. .PP Here is an example that will use various DNSRBL depending on a per-recipient setting stored in the .I dnsrbl attribute of a LDAP directory. .IP dnsrbl "RBL2" "rbl.example.net" "127.0.0.2" dnsrbl "RBL3" "rbl.example.net" "127.0.0.3" dnsrbl "RBL4" "rbl.example.net" "127.0.0.4" urlcheck "userconf" "ldap://localhost/dc=example,dc=net?milterGreylistStatus,dnsrbl?one?mail=%r" 5 getprop clear racl blacklist urlcheck "userconf" $dnsrbl "RBL2" dnsrbl "RBL2" racl blacklist $dnsrbl "RBL3" dnsrbl "RBL3" racl blacklist $dnsrbl "RBL4" dnsrbl "RBL4" .PP Note that when matching gathered properties, format strings and regex can be used. .PP .SH LDAP CHECKS If milter-greylist was built with --with-openldap, then you can also use .I ldapcheck for pulling information from an LDAP directory. This works exactly like .I urlcheck\fR, except that properties are always collected: The .I getprop option is implicit. .PP A list of LDAP URL to use can be specified with the .I ldapconf keyword. The network timeout is optional. .IP ldapconf "ldap://localhost ldaps://ldap.example.net" timeout 2s .PP When .I ldaps:// is used, the system's .I ldap.conf file is used to locate x509 certificates. .PP When defining LDAP queries with the .I ldapcheck statement, note that the scheme and host part of the URL are ignored. Servers listed in .I ldapconf are used instead. .PP .SH RATE LIMIT The .I ratelimit keyword specifies a ratelimit configuration to be used in access lists. It must be followed by the rate limit configuration name, what is being accounted (i.e.: .I session for SMTP sessions, .I rcpt for recipients, .I data for bytes in body and headers), the actual limit, and the sampling period. Example: .IP ratelimit "internalclients" rcpt 10 / 1m racl blacklist addr 192.0.2.0/24 ratelimit "internalclients" \\ msg "you speak too much" .PP The .I ratelimit keyword can also have an option .I key statement, which determine the set of key for message accounting. The default is .I %i for per IP address accounting (see the .B FORMAT STRINGS sections for the possible syntax of this field). Here is an example that configures a rate limit of 100 messages per hour for each individual recipient-IP set. .IP ratelimit "internalclients" rcpt 100 / 1h key "%r%i" racl blacklist addr 192.0.2.0/24 ratelimit "internalclients" \\ msg "you speak too much" .PP .SH CUSTOM REPORTS The .I stat keyword can be used to specify a custom report for milter-greylist activity. It should be supplied with an output (either file or external command) and a format string. Here is an example: .IP stat ">>/var/log/milter-greylist.log" "%T{%T},%i,%f,%r,%A\\n" .PP If the output starts by .I >> or .I > then it is a file. Use .I >> to append to an existing file, and use .I > to overwrite it. If the output starts by a .I | then the output is a shell command, like in the example below: .IP stat "|logger -p local7.info" "%T{%T},%i,%f,%r,%A\\n" .PP The format string gets substituted as URL checks format string: %r gets substituted by the recipient, %f by the sender, and so on. See the .B FORMAT STRINGS section for a complete list of available substitutions. .PP There is also an always-matching .I log ACL clause that can be used to send a formated string to syslog with .I LOG_INFO level. Here is an example: .IP racl continue rcpt /@@example\\.com$/ log "I was here" .PP .SH COMMAND-LINE FLAG EQUIVALENTS Most .B milter-greylist(8) command-line options have equivalent options that can be set in the configuration file. Note that if a command line option is supplied, it will always override the configuration file. .PP If a command-line equivalent keyword is used more than once, the last keyword will override the previous ones. .TP .I verbose Enable debug output. This is equivalent to the .B -v flag. .TP .I quiet Do not tell clients how much time remains before their e-mail will be accepted. This is equivalent to the .B -q flag. .TP .I nodetach Do not fork and go into the background. This is equivalent to the .B -D flag. .TP .I noauth Greylist clients regardless if they succeeded SMTP AUTH or STARTTLS. Equivalent to the .B -A flag. .TP .I noaccessdb Normally .B milter-greylist(8) will whitelist a message if .B sendmail(8) defines a ${greylist} macro set to WHITE. This enables complex whitelisting rules based on the Sendmail access DB. This option inhibits this behavior. .TP .I nospf Greylist clients regardless if they are SPF-compliant. Equivalent to the .B -S flag. .TP .I testmode Enable test mode. Equivalent to the .B -T flag. This option is deprecated. .TP .I greylist The argument sets how much time .B milter-greylist(8) will want the client to wait between the first attempt and the time the message is accepted. The time is given in seconds, except if a unit is given: m for minutes, h for hours, and d for days. The .I greylist keyword is equivalent to the .B -w option. Here is an example that sets the delay to 45 minutes: .IP greylist 45m .TP .I autowhite This sets the auto-whitelisting duration, equivalent to the .B -a command-line option. As for the .I greylist keyword, units can be supplied. Here is an example for a 3 day long auto-whitelisting: .IP autowhite 3d .TP .I pidfile This causes .B milter-greylist(8) to write its PID into the file given as argument, like the .B -P command line argument does. The path to the file must be absolute and it must be enclosed in quotes. Here is an example: .IP pidfile "/var/run/greylist.pid" .TP .I dumpfile This chooses the location of the greylist dump file, like the .B -d command line option does. The path must be absolute and enclosed in quotes. It can optionally be followed by an octal permission mode. Example: .IP dumpfile "/var/milter-greylist/greylist.db" 640 .TP .I subnetmatch This is equivalent to the .B -L command line option. It takes a slash followed by a CIDR mask as argument, and it commands the subnet matching feature. Example, for a class C wide matching: .IP subnetmatch /24 .TP .I subnetmatch6 This is equivalent to the .B -M command line option. It takes a slash followed by a prefixlen as argument, and it commands the subnet matching feature. Example, for a subnet wide matching: .IP subnetmatch6 /64 .TP .I socket Like the .B -p command line option, this keyword is used to specify the socket used to communicate with .B sendmail(8)\fR. It must be enclosed in quotes and can optionally be followed by an octal permission mode (valid values are 666, 660 or 600, other values cause an error): .IP socket "/var/milter-greylist/milter-greylist.sock" 660 .TP .I user This keyword should be followed by a quoted user login and optionally a colon followed by a groupname. Like the .B -u option, this is used to run .B milter-greylist(8) as a non root user. Here is an example: .IP user "smmsp" .SH MISCELLANEOUS These options have no command line equivalent: .TP .I logfac Sets the syslog facility for messages. Can be set to any of the standard facilities: .I kern\fR, .I user\fR, .I mail\fR, .I daemon\fR, .I auth\fR, .I syslog\fR, .I lpr\fR, .I news\fR, .I uucp\fR, .I cron\fR, .I authpriv\fR, .I ftp\fR, .I local0\fR, .I local1\fR, .I local2\fR, .I local3\fR, .I local4\fR, .I local5\fR, .I local6\fR, .I local7\fR. Can also be set to .I none to disable syslog output completely. .TP .I timeout is used to control how long greylist tuples are retained in the database. Value is in seconds, except if a suffix is given (m for minutes, h for hours, d for days). Default is 5 days. .TP .I extendedregex Use extended regular expressions instead of basic regular expressions. .TP .I unbracket Attempt to resolve sender address when the MTA handed it as bracketed IP address (e.g.: .I [192.0.2.18]\fR ). Default is to leave it as is. .TP .I maxpeek Limit (in bytes) how much of messages are examined for header and body searches. .TP .I lazyaw Make auto-whitelist look at just the IP instead of the (sender IP, sender e-mail address, recipient e-mail address) tuple. .TP .I domainexact match on subdomain boundaries instead of the default suffix matching. E.g. if .I domainexact is not enabled (the default) then gle.com will match google.com in addition to gle.com. If .I domainexact is enabled then, domain names will match on subdomain boundaries (e.g. gle.com will match mail.gle.com and gle.com but not google.com) .TP .I drac db Tell where the DRAC DB file is. This is only available if DRAC support was compiled in. Here is an example: .IP drac db "/usr/local/etc/drac.db" .TP .I nodrac Disable DRAC. .TP .I logexpired This option causes greylist entries that expire to be logged via syslog. This allows you to easily collect the IP addresses and sender names and use them for blacklisting, SPAM scoring, etc. Normally, expiration's are only logged if the .B debug option is set, but that generates a lot of extra messages. .TP .I localaddr This keyword can be used to manually define the local MTA's IP address for such uses as .I spf self and .I p0f in absence of the milter-API .I {if_addr} macro support in your MTA (Postfix, Sun/Oracle CommSuite Messaging Server). This is not so useful when using Sendmail, since it serves the macro and the local address can be detected automatically. .PP The configuration file is reloaded automatically once it is modified when new e-mail arrives. Most configuration keywords will take effect immediately, except the following, which will only take effect after a restart of .B milter-greylist(8)\fR: .I nodetach\fR, .I pidfile\fR, .I socket\fR, and .I user\fR. .PP The .I dumpfreq option can be changed dynamically, but the change will only take effect after the next dump. .TP .I multiracl By default, once a RCPT-stage ACL whitelists a recipient, next recipient gets automatically whitelisted. This historical behavior can be considered a bug, and this option disables it. .SH FORMAT STRINGS Various statements in the configuration file accept format strings, where the following % prefixed tokens are substituted. Here is the complete list of available substitutions (Note that some substitutions are not relevant in any context). .TP .I %r the message recipient e-mail address. This is not substituted for DATA stage ACL since there can be multiple recipients for the message. .TP .I %f the message sender e-mail address .TP .I %i the sender machine IP address .TP .I %j the reversed sender machine IP address. For instance, 192.0.2.12 becomes 12.2.0.192. .TP .I %I the sender machine IP address masked by a CIDR. Example: .I %I{/24} .TP .I %d the sender machine DNS address .TP .I %h the SMTP transaction HELO string .TP .I %mr the mailbox part of %r (before the @@ sign). This is not substituted for DATA stage ACL since there can be multiple recipients for the message. .TP .I %sr the site part of %r (after the @@ sign). This is not substituted for DATA stage ACL since there can be multiple recipients for the message. .TP .I %mf the mailbox part of %f (before the @@ sign) .TP .I %sf the site part of %f (after the @@ sign) .TP .I %md the machine part of %d (before the first . sign) .TP .I %sd the site part of %d (after the first . sign) .TP .I %Xc the SMTP code returned .TP .I %Xe the SMTP extended code returned .TP .I %Xm the SMTP message returned .TP .I %Xh the message displayed in the X-Greylist header .TP .I %D Comma-separated list of DNSRBL for which the sender host matched .TP .I %M a sendmail macro value. Examples: .I %Mj or .I %M{if_addr} .TP .I %g a regex back reference. For instance, .I %g{\\\\2} is substituted by the string matching the second parenthesis group in all ACL regex clauses .TP .I %T a brace-enclosed .B strftime(3) format string that will be substituted by the system time. Example: .I %T{%Y%m%d:%H%M%S} .TP .I %v milter-greylist's version .TP .I %G Offset to GMT (e.g.: -0100) .TP .I %C Sender IP country code, as reported by GeoIP. This is only available if .B milter-greylist was built with GeoIP support .TP .I %Fx p0f OS fingerprint genre and detail. This is only available if .B milter-greylist was built with p0f support. .TP .I %V Shortcut to "milter-greylist-%v (%Mj [%M{if_addr}]); %T{%a, %d %b %Y %T} %G (%T{%Z})" .TP .I %S the action performed: .I accept\fR, .I tempfail\fR, or .I reject\fR. .TP .I %A the line number of the ACL that caused the action. .TP .I %a the id string of the ACL that caused the action. If no id was given, the line number is used instead. .TP .I %cA the line number of the ACL being evaluated, whether it matches or not. .TP .I %ca the id string of the ACL being avaluated, whether it matches or not. If no id was given, the line number is used instead. .TP .I %Et total elapsed time in seconds before a greylisted message has been accepted .TP .I %Eh hours elapsed .TP .I %Em minutes elapsed (modulo one hour) .TP .I %Es seconds elapsed (modulo one minute) .TP .I %E shortcut to %Eh:%Em:Es .TP .I %Rt total remaining time in seconds before a greylisted message will be accepted .TP .I %Rh hours remaining .TP .I %Rm minutes remaining (modulo one hour) .TP .I %Rs seconds remaining (modulo one minute) .TP .I %R shortcut to %Rh:%Rm:Rs .TP .I %Hs SpamAssassin score (if build with SpamAssassin support) .TP .I %pn Name of last LDAP or CURL gathered property that matched an ACL. .TP .I %pv Value of last LDAP or CURL gathered property that matched an ACL. .TP .I %pr Recipient that caused storage of the last matching LDAP or CURL gathered property. .I %P a LDAP or CURL gathered propery. Example: .I %P{mail} Note that this copes very badly with multivalued properties. .TP .I %% a single % character .PP .SH AUTHORS Emmanuel Dreyfus .PP .B milter-greylist received many contributions from (in alphabetical order): Adrian Dabrowski, Aida Shinra, Adam Katz, Alexander Lobodzinski, Alexandre Cherif, Alexey Popov, Andrew McGill, Attila Bruncsak, Benoit Branciard, Bernhard Schneider, Bob Smith, Constantine A. Murenin, Christian Pelissier, Cyril Guibourg, Dan Hollis, Denis Solovyov, Elrond, Enrico Scholz, Eugene Crosser, Fabien Tassin, Fredrik Pettai, Gary Aitken, Georg Horn, Gert Doering, Greg Troxel, Guido Kerkewitz, Hajimu Umemoto, Hideki ONO, Ivan F. Martinez, Jacques Beigbeder, Jean Benoit, Jean-Jacques Puig, Jeff Rife, Jim Klimov, Jobst Schmalenbach, Joe Pruett, Joel Bertrand, Johann E. Klasek, Johann Klasek, John Thiltges, John Wood, Jorgen Lundman, Klas Heggemann, Kouhei Sutou, Laurence Moindrot, Lev Walkin, Manuel Badzong, Martin Paul, Matt Kettler, Mattheu Herrb, Matthias Scheler, Matthieu Herrb, Michael Fromme, Moritz Both, Nerijus Baliunas, Ole Hansen, Pavel Cahyna, Pascal Lalonde, Per Holm, Petr Kristof, Piotr Wadas, R P Herrold, Ralf S. Engelschall, Ranko Zivojnovic, Remy Card, Rick Adams, Rogier Maas, Romain Kang, Rudy Eschauzier, Stephane Lentz, Thomas Scheunemann, Tim Mooney, Wolfgang Solfrank, and Yaroslav Boychuk. .PP Thanks to Helmut Messerer and Thomas Pfau for their feedback on the first releases of this software. .SH SEE ALSO milter-greylist(8), sendmail(8), syslogd(8). .TP Evan Harris's paper: .I http://projects.puremagic.com/greylisting/ .TP milter-greylist's web site: .I http://hcpnet.free.fr/milter-greylist/ @ 1.126 log @multiracl option to disable sticky whitelisting among recipients @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.125 2014/02/03 16:49:11 manu Exp $ d815 13 @ 1.125 log @Fix maxpeek usage for body matching clauses (Jean-Jacques Puig) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.124 2013/09/01 04:59:42 manu Exp $ d1325 5 @ 1.124 log @ Add %cA and %ca to report current ACL line number and id Increase format string maximum length to 4096 Break long SMTP replies in mutiple lines @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.123 2013/08/29 04:20:08 manu Exp $ d1533 1 @ 1.123 log @doc update: note that %r is not substituted at DATA stage ACL @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.122 2013/08/18 12:23:57 manu Exp $ d1440 7 @ 1.122 log @typo @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.121 2013/08/18 12:23:14 manu Exp $ d1332 2 a1333 1 the message recipient e-mail address d1355 2 a1356 1 the mailbox part of %r (before the @@ sign) d1359 2 a1360 1 the site part of %r (after the @@ sign) @ 1.121 log @Typos in man page, style (Jim Klimov) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.120 2013/08/18 11:18:13 manu Exp $ d805 1 a805 1 These clause will cause properties to be fetch from a LDAP directory @ 1.120 log @Updated AUTHORS in man page @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.119 2013/08/18 04:45:30 manu Exp $ d799 1 a799 1 These clause will cause properties to be fetch from an external web service. d820 1 a820 1 And properties values can be obtained in any quoted string that is d826 1 a826 1 When the property value is a number, it can be increased or decreased usint @ 1.119 log @set ACL clause to set/increment/decrement properties log ACL clause to send formatted string to syslog @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.116 2013/08/13 03:45:35 manu Exp $ d1492 1 d1507 1 d1524 1 d1531 2 d1534 1 d1546 1 d1548 1 d1551 2 @ 1.118 log @typo @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.117 2013/08/16 03:02:35 manu Exp $ d778 67 d1076 9 @ 1.117 log @unbracket option to resolved MTA-passed bracketed unresolved IP @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.116 2013/08/13 03:45:35 manu Exp $ d772 1 a772 1 unauthenticated DNS update are performed. @ 1.116 log @Use localaddr for p0f and %V format string (Jim Klimov) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.115 2013/05/20 04:12:40 manu Exp $ d1181 6 @ 1.115 log @nsupdate support @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.114 2013/01/27 02:08:00 manu Exp $ d1217 2 a1218 1 Specify the machine IP address, so that the d1220 7 a1226 2 clause can use it when using Postfix. This is not useful when using Sendmail, since it can be detected automatically. @ 1.114 log @Use ZZ for unknown GeoIP country @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.113 2012/10/01 07:27:21 manu Exp $ d4 1 a4 1 .\" Copyright (c) 2004-2012 Emmanuel Dreyfus d84 1 a84 1 (if built with --with-libcurl), and d86 3 a88 1 (if built with --enable-dnsrbl). d268 4 d729 49 d1252 3 @ 1.113 log @layout improvmeents in doc @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.112 2012/06/13 08:13:02 manu Exp $ d180 4 a183 1 was built with GeoIP support. The @ 1.112 log @Documentation fix on SPF (Attila Bruncsak) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.111 2012/05/05 00:42:32 manu Exp $ d796 4 a799 2 If you use an URL check in a DATA stage ACL, you can post the message header and body to the URL. This is done by appending the d801 4 a804 3 keyword to the .I urlcheck statement, like in the example above: d811 1 a811 2 It is also possible to gather the properties returned by the URL and reuse them in the ACL. This behavior is enabled by the d813 4 a816 5 keyword at the end of .I urlcheck definition. If this option is enabled, the gathered properties can be accessed in the current and following ACL by prefixing them by a dollar ($). If the d818 3 a820 3 keyword is added, then properties will be cleaned up before handling a new recipient. This avoids properties for several recipients to mix. The d822 1 a822 1 keyword instructs d829 1 a829 4 The ldapcheck clause never match. It just fetches properties, causing a temporary failure if the LDAP directory is unreachable. In order to actually match when an object if returned by the LDAP directory, append the d831 4 a834 1 keyword. The d836 1 a836 1 gloabal settings wan also be used to globaly cause d838 2 d864 3 a866 2 except that properties are always collected: the only available option is .I clear\fR. @ 1.111 log @Improve regex examples in documentation @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.110 2012/02/21 05:53:44 manu Exp $ d219 1 d225 1 a225 1 The first six values are plain SPF validation status. The @ 1.110 log @p0f v3 support bump to 4.4a1 @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.106 2011/08/17 01:06:50 manu Exp $ d275 1 a275 1 racl greylist rcpt /.*@@example\\.net/ d424 1 a424 1 racl whitelist rcpt /.*@@.*otherdomain\\.org/ d426 1 a426 1 racl whitelist from friend@@example.net rcpt /.*@@.*mydomain\\.org/ d428 1 a428 1 racl greylist rcpt /.*@@.*mydomain\\.org/ @ 1.109 log @Add continue type AC @ text @d4 1 a4 1 .\" Copyright (c) 2004-2010 Emmanuel Dreyfus @ 1.108 log @- Add a addfooter action clause in ACL, to add mail a footer - Allow per-dacl maxpeek setting, set by maxpeer action clause in racl - Add LDAP or CURL gathered property substitution in format strings @ text @d61 1 d63 1 a63 1 .I blacklist d89 11 d102 1 a102 1 keyword. d832 5 a836 1 keyword. @ 1.107 log @Add format string to report last matching LDAP or CURL propery Fix memory corruption bug Refactor prop_clear*() into a ingle function @ text @d286 1 d288 1 d357 9 d371 11 d1309 4 @ 1.106 log @localaddr option so that Postifix user can use spf self @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.105 2011/04/25 07:55:47 manu Exp $ d1278 10 @ 1.105 log @Typo fixes in man pages (Bernhard Schneider) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.104 2010/07/12 01:35:24 manu Exp $ d217 7 d1114 6 @ 1.104 log @Format string for SpamAssassin score @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.103 2010/04/18 04:03:56 manu Exp $ d101 1 a101 1 If the netmask is ommitted, /32 is assumed for an IPv4 address and d181 1 a181 1 statement can be used to speficy the location of the p0f socket. d306 1 a306 1 machine which is known to be a spamer. Example: d308 1 a308 1 racl blacklist dnsrbl "known-spamers" flushaddr d398 1 a398 1 greylisting. Note that you canot use the d454 1 a454 1 clause at DATA stage evalutes to true if it matches any of them. d549 2 a550 2 For outbound connections the system is selecting one of the possible adresses. If you want to use a specific ip you can use: d580 1 a580 1 option in the configuration file. This is specifficaly recommended if d692 2 a693 2 launch on this URL. For each message, the URL will be querried, with % format tags being subtituted. For instance, d1086 1 a1086 1 addtion to gle.com. If d1103 1 a1103 1 use them for blacklisting, SPAM scoring, etc. Normally, expirations are d1188 1 a1188 1 a regex backreference. For instance, d1190 1 a1190 1 is substituted by the string maching the second parenthesis group in all @ 1.103 log @More ratelimits: SMTP sessions and data payloads (headers + body) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.102 2010/04/14 15:32:25 manu Exp $ d1262 3 @ 1.102 log @Add a specifier for what is being accounted in ratelimit statement. For now onky recipients (rcpt) are available, but we will have SMTP sessions, messages and amount of daya (in bytes) later. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.101 2010/04/12 12:09:57 manu Exp $ d842 7 a848 1 accounted (for now only recipients) the maximum of messages, the sampling @ 1.101 log @Better example for rateelimit in the man page @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.100 2010/04/12 12:04:41 manu Exp $ d841 3 a843 2 must be followed by the rate limit configuration name, the maximum of messages, the sampling period. Example: d845 1 a845 1 ratelimit "internalclients" 10 / 1m d863 1 a863 1 ratelimit "internalclients" 100 / 1h key "%r%i" @ 1.100 log @New rate limiting feature. Account by IP, by recipient, account by whatever you want! @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.99 2010/04/10 05:42:52 manu Exp $ d844 4 a847 1 ratelimit "internalclients" 100 / 1m d862 4 a865 1 ratelimit "internalclients" 100 / 1h key "%r%i" @ 1.99 log @Add a domatch keyword to ldapconf to enable ldapcheck matches @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.98 2009/04/04 03:19:39 manu Exp $ d4 1 a4 1 .\" Copyright (c) 2004-2009 Emmanuel Dreyfus d837 24 @ 1.98 log @Make LDAP querries timeout configurable @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.97 2009/04/04 03:09:43 manu Exp $ d777 1 a777 1 Finally, the d786 6 @ 1.97 log @Make MX sync timeout peer-configurable (Attila Bruncsak) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.96 2009/04/03 04:15:27 manu Exp $ d814 1 a814 1 keyword: d816 1 a816 1 ldapconf "ldap://localhost ldaps://ldap.example.net" a817 3 If one of the server goes down, milter-greylist will try the next one. An optional network timeout, in seconds, can be appended after the quoted string. @ 1.96 log @Fix a crash when LDAP server is down @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.95 2009/04/02 04:12:12 manu Exp $ d521 2 d526 6 @ 1.95 log @Update contributor list @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94.2.1 2009/04/02 04:09:28 manu Exp $ d810 3 a812 1 If one of the server goes down, milter-greylist will try the next one. @ 1.94 log @Allow regex on properties Allow extended regex substitution Custom headers can now be added to the message Bump to 4.1.8 @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.93 2008/11/06 11:23:53 manu Exp $ d4 1 a4 1 .\" Copyright (c) 2004-2008 Emmanuel Dreyfus d1221 1 d1229 2 d1235 1 d1242 1 d1248 1 d1251 1 d1254 1 d1257 1 d1259 1 d1262 1 d1274 1 @ 1.94.2.1 log @Update contributor list @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94 2008/11/26 05:20:13 manu Exp $ d4 1 a4 1 .\" Copyright (c) 2004-2009 Emmanuel Dreyfus a1220 1 Adam Katz, a1227 2 Bob Smith, Constantine A. Murenin, a1231 1 Enrico Scholz, a1237 1 Greg Troxel, a1242 1 Jean Benoit, a1244 1 Joe Pruett, a1246 1 Johann Klasek, a1248 1 Laurence Moindrot, a1249 1 Manuel Badzong, a1251 1 Mattheu Herrb, a1262 1 Rick Adams, @ 1.94.2.2 log @Fix a crash when LDAP server is down @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94.2.1 2009/04/02 04:09:28 manu Exp $ d810 1 a810 3 If one of the server goes down, milter-greylist will try the next one. An optional network timeout, in seconds, can be appended after the quoted string. @ 1.94.2.3 log @Make MX sync timeout peer-configurable (Attila Bruncsak) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94.2.2 2009/04/03 04:16:33 manu Exp $ a520 2 peer 192.0.2.22 timeout 7 peer 192.0.2.38 timeout 5m a523 6 The .I timeout clause sets a peer communication timeout to have proper retrial in case of slow MX peer. The default value is 3 seconds. The special value of 0 disables the connection retrials. .PP @ 1.94.2.4 log @Make LDAP querries timeout configurable @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94.2.3 2009/04/04 03:20:26 manu Exp $ d814 1 a814 1 keyword. The network timeout is optional. d816 1 a816 1 ldapconf "ldap://localhost ldaps://ldap.example.net" timeout 2s d818 3 @ 1.94.2.5 log @New ratelimit feature @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94.2.4 2009/04/04 03:21:02 manu Exp $ d4 1 a4 1 .\" Copyright (c) 2004-2010 Emmanuel Dreyfus a830 30 .SH RATE LIMIT The .I ratelimit keyword specifies a ratelimit configuration to be used in access lists. It must be followed by the rate limit configuration name, the maximum of messages, the sampling period. Example: .IP ratelimit "internalclients" 10 / 1m racl blacklist addr 192.0.2.0/24 ratelimit "internalclients" \\ msg "you speak too much" .PP The .I ratelimit keyword can also have an option .I key statement, which determine the set of key for message accounting. The default is .I %i for per IP address accounting (see the .B FORMAT STRINGS sections for the possible syntax of this field). Here is an example that configures a rate limit of 100 messages per hour for each individual recipient-IP set. .IP ratelimit "internalclients" 100 / 1h key "%r%i" racl blacklist addr 192.0.2.0/24 ratelimit "internalclients" \\ msg "you speak too much" .PP @ 1.94.2.6 log @Add a specifier for what is being accounted in ratelimit statement. For now onky recipients (rcpt) are available, but we will have SMTP sessions, messages and amount of daya (in bytes) later. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94.2.5 2010/04/14 04:41:22 manu Exp $ d835 2 a836 3 must be followed by the rate limit configuration name, what is being accounted (for now only recipients) the maximum of messages, the sampling period. Example: d838 1 a838 1 ratelimit "internalclients" rcpt 10 / 1m d856 1 a856 1 ratelimit "internalclients" rcpt 100 / 1h key "%r%i" @ 1.94.2.7 log @Typo fixes in man pages (Bernhard Schneider) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.94.2.6 2010/04/14 15:32:49 manu Exp $ d101 1 a101 1 If the netmask is omitted, /32 is assumed for an IPv4 address and d181 1 a181 1 statement can be used to specify the location of the p0f socket. d306 1 a306 1 machine which is known to be a spammer. Example: d308 1 a308 1 racl blacklist dnsrbl "known-spammer" flushaddr d398 1 a398 1 greylisting. Note that you cannot use the d454 1 a454 1 clause at DATA stage evaluates to true if it matches any of them. d549 2 a550 2 For outbound connections the system is selecting one of the possible addresses. If you want to use a specific IP you can use: d580 1 a580 1 option in the configuration file. This is specifically recommended if d692 2 a693 2 launch on this URL. For each message, the URL will be queried, with % format tags being substituted. For instance, d1074 1 a1074 1 addition to gle.com. If d1091 1 a1091 1 use them for blacklisting, SPAM scoring, etc. Normally, expiration's are d1176 1 a1176 1 a regex back reference. For instance, d1178 1 a1178 1 is substituted by the string matching the second parenthesis group in all @ 1.93 log @Add option to match exact domain instead of substrings (Rick Adams) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.92 2008/09/27 12:54:30 manu Exp $ d279 1 d347 6 @ 1.92 log @Refine documentation @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.91 2008/09/26 23:35:44 manu Exp $ d118 6 d262 2 a263 2 perform a case insensitive substring match with leading and trailing brackets, spaces and tabs stripped out. d265 5 a269 1 performs a case insensitive suffix match. d1024 10 @ 1.91 log @Spamassassin support and DATA-stage greylisting (Manuel Badzong) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.90 2008/09/26 17:00:51 manu Exp $ d380 2 a381 1 keyword. DATA-stage ACL can only use the d383 3 a385 1 action if the RCPT stage exits on whitelist default. The following d435 1 a435 1 Note that at DATA stage, the d437 2 a438 2 clause will match if any of the recipients match the clause. If you want to match an exact set of recipients, you can use multiple @ 1.90 log @ Allow syslog facility to be configured (Joe Pruett) Allow logging to be disabled on a per-ACL basis (Joe Pruett)v @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.89 2008/09/07 00:13:34 manu Exp $ d380 1 a380 1 keyword. DATA-stage ACL cannot use the d382 2 a383 2 action, on the other hand, the following clauses can be used to work on message content: d405 26 d440 1 @ 1.89 log @Experimental p0f support Fix a memory leak in GeoIP code Fix a memory leak in DKIM code Bump to revision to 4.1.6 (but no tag yet) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.88 2008/08/21 21:05:35 manu Exp $ d265 1 d299 5 d941 27 @ 1.88 log @Exprimental DKIM support @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.87 2008/08/03 05:00:06 manu Exp $ d78 2 d166 11 d1070 5 @ 1.87 log @Native LDAP support through OpenLDAP bump to 4.1.4 @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.86 2008/06/03 10:26:19 manu Exp $ d366 9 @ 1.86 log @typos @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.85 2008/02/06 04:11:39 manu Exp $ d4 1 a4 1 .\" Copyright (c) 2004-2007 Emmanuel Dreyfus d78 2 d213 4 d721 28 @ 1.85 log @Document the helo clause @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.84 2007/12/29 19:06:49 manu Exp $ d602 1 a602 1 definition is the maximum number of simultaneous connexions we want to @ 1.84 log @Add configurable dumpfile permissions @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.83 2007/12/17 14:26:35 manu Exp $ d69 1 d137 4 @ 1.83 log @fix typo @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.82 2007/11/12 03:46:58 manu Exp $ d826 1 d829 1 a829 1 dumpfile "/var/milter-greylist/greylist.db" d855 2 a856 1 It must be enclosed in quotes and can optionally be followed by a permission mode @ 1.82 log @fix typo @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.81 2007/11/12 02:45:42 manu Exp $ d522 1 a522 1 and greylisting love to fight each others. @ 1.81 log @Fix wrong change in doc @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.80 2007/11/11 11:57:19 manu Exp $ d352 1 a352 1 cction, on the other hand, the following clauses can be used to work on message @ 1.80 log @Add ACL id string @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.79 2007/11/07 11:55:49 manu Exp $ d349 1 a349 1 .I racl @ 1.79 log @Documentation fixes @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.78 2007/11/06 11:39:33 manu Exp $ d58 1 a58 1 keyword followed by the d1020 4 @ 1.78 log @Add SPF status selection to ACL @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.77 2007/10/28 23:14:26 manu Exp $ d252 1 a252 1 .I acl greylist d260 1 a260 1 .I acl greylist d349 1 a349 1 .I dacl d397 1 a397 1 .I acl d422 1 a422 1 synonyl for @ 1.77 log @Explicitely state that noauth disables global STRATTLS whitelisting. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.76 2007/10/23 11:38:51 manu Exp $ d177 24 a200 1 This is used to select transactions with a valid SPF status. This clause @ 1.77.2.1 log @Documentation fixes @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.77 2007/10/28 23:14:26 manu Exp $ d229 1 a229 1 .I racl greylist d237 1 a237 1 .I racl greylist d326 1 a326 1 .I racl d374 1 a374 1 .I racl d391 1 a391 1 .I racl d399 1 a399 1 synonym for @ 1.77.2.2 log @fix typo @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.77.2.1 2007/11/07 11:56:00 manu Exp $ d499 1 a499 1 and greylisting love to fight each other. @ 1.77.2.3 log @Document the helo clause @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.77.2.2 2007/12/17 14:27:13 manu Exp $ a68 1 .I helo\fR, a135 4 .I helo Followed by a quoted string or a regular expression, this can be used to filter on the HELO string. .TP @ 1.76 log @Update contributor list @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.75 2007/10/04 10:54:44 manu Exp $ d741 2 a742 1 Greylist clients regardless if they succeeded SMTP AUTH. Equivalent to the @ 1.75 log @Documentation fix @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.74 2007/08/23 10:54:13 manu Exp $ d52 1 a52 1 to specify complex conditions on sender IP, sender DNS address, d74 1 a74 1 (if build with SPF support), d159 1 a159 1 any user that succeeds SMTP AUTH, you can use a regular expression matching, d205 1 a205 1 When regular expressions are not used, d266 1 a266 1 section. For instance, d324 1 a324 1 also possible to have ACL evaluated at the DATA stage of the SMTP transaction, d447 1 a447 1 value is too small, it will kill performance. If it is too high, d455 1 a455 1 The time is given in seconds, except if a unit is given: m for minutes, d467 1 a467 1 By default, d576 1 a576 1 tags being subtituted. For instance, d782 1 a782 1 keyword, d809 1 a809 1 command line option. It takes a slash followed by a CIDR mask as argument, d1035 14 d1050 9 d1060 9 d1070 1 a1070 1 Attila Bruncsak, d1072 4 d1077 1 a1077 8 Alexandre Cherif, Eugene Crosser, Elrond, Cyril Guibourg, Klas Heggemann, Matthieu Herrb, Dan Hollis, Per Holm, d1079 1 a1079 3 Guido Kerkewitz, Matt Kettler, Petr Kristof, a1080 9 Alexander Lobodzinski, Ivan F. Martinez, Martin Paul, Christian Pelissier, Fredrik Pettai, Alexey Popov, Jeff Rife, Matthias Scheler, Jobst Schmalenbach, d1082 3 a1084 5 Wolfgang Solfrank, Fabien Tassin, Hajimu Umemoto, Lev Walkin, and Ranko Zivojnovic d1093 1 a1093 1 sendmail(8), @ 1.74 log @Fix configure LDFLAG generation, -R was missing (Mattheu Herrb) Documentation typo fix @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.73 2007/04/19 02:47:44 manu Exp $ d524 1 a524 1 racl greylist default 15m @ 1.73 log @Add an urlcheck reply which is ignored: milterGreylistIgnore @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.72 2007/03/15 04:55:45 manu Exp $ d162 1 a162 1 racl whiteliste auth /.*/ @ 1.72 log @milter-greylist uses libcurl to fetch ldap URL. libcurl uses libldap_r from OpenLDAP. libldap_r is not garanteed to be thread-safe. At mine, fetching two ldap URL at once cause a crash. Add a fork option to urlcheck to perform all urlchecks from a forked instance of milter-greylist. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.71 2007/02/27 04:39:49 manu Exp $ d621 3 @ 1.71 log @Option to clear urlcheck prop before handling a new recipient @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.70 2007/02/26 04:27:50 manu Exp $ d654 1 a654 2 .I clear d657 9 @ 1.70 log @- %D format string for getting the list of matching DNSRBL - Avoid performing multiple DNSRBL checks for the same IP @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.69 2007/02/24 22:16:01 manu Exp $ d653 5 d667 1 a667 1 urlcheck "userconf" "ldap://localhost/dc=example,dc=net?milterGreylistStatus,dnsrbl?one?mail=%r" 5 getprop @ 1.69 log @Doc bug @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.68 2007/02/24 22:10:21 manu Exp $ d935 3 @ 1.68 log @Allow reusing in the ACL of properties gathered from urlcheck @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.67 2007/02/22 14:44:45 manu Exp $ d662 1 a662 3 urlcheck "userconf" \\ "ldap://localhost/dc=example,dc=net?dnsrbl?one?mail=%r" \\ 5 getprop @ 1.67 log @Fix a documentation bug: sender e-mail is %f, not %s @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.66 2007/02/21 17:41:50 manu Exp $ d646 27 @ 1.66 log @Fix wrong display of %Xc %Xe and %Xh substitutions Fix documentation: %Xh instead of %Xr @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.65 2007/02/14 05:12:40 manu Exp $ d653 1 a653 1 stat ">>/var/log/milter-greylist.log" "%T{%T},%i,%s,%r,%A\\n" d667 1 a667 1 stat "|logger -p local7.info" "%T{%T},%i,%s,%r,%A\\n" @ 1.65 log @More format strings that can be used for the stat statement: %Xc SMTP code %Xe SMTP ectended code %Xm SMTP message %Xh X-Greylist message @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.64 2007/02/06 14:29:55 manu Exp $ d907 1 a907 1 .I %Xr @ 1.64 log @Allow specifying socket mode in config file @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.63 2007/02/05 06:05:34 manu Exp $ d898 12 @ 1.63 log @%g for substitution by regex back references %I for susbtitution by sender IP masked by a CIDR @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.62 2007/02/04 05:44:41 manu Exp $ d789 2 a790 1 It must be enclosed in quotes: d792 1 a792 1 socket "/var/milter-greylist/milter-greylist.sock" @ 1.62 log @typo @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.61 2007/02/02 07:00:06 manu Exp $ d869 4 d903 6 @ 1.61 log @Add GeoIP support @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.60 2007/02/02 02:10:23 manu Exp $ d150 1 a150 1 This is used to specify a country, ad reported by GeoIP. The country code @ 1.60 log @Add a time clause to match against time sets @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.59 2007/01/31 06:08:55 manu Exp $ d75 2 d149 8 d911 5 @ 1.59 log @Missing commits @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.58 2007/01/30 14:36:53 manu Exp $ d70 1 d138 9 d606 5 @ 1.58 log @document user:group value in user statement @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.57 2007/01/29 04:57:18 manu Exp $ d769 2 a770 1 This keyword should be followed by a quoted user login and optionally a coloon followed by a groupname. @ 1.57 log @msg clauses in ACL can use format strings substitution Add an ACL clause to customize X-Greylist header @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.56 2007/01/28 02:16:33 manu Exp $ d769 2 a770 1 This keyword should be followed by a quoted user login. Like the @ 1.56 log @ACL clauses can now be negated @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.55 2007/01/10 10:54:26 manu Exp $ d200 1 d241 10 d252 11 a262 1 None of the last 3 values makes sense for a whitelist entry. d368 14 d556 5 a560 49 tags being subtituted by the following parameters: .TP .I %r the message recipient e-mail address .TP .I %f the message sender e-mail address .TP .I %i the sender machine IP address .TP .I %d the sender machine DNS address .TP .I %h the SMTP transaction HELO string .TP .I %mr the mailbox part of %r (before the @@ sign) .TP .I %sr the site part of %r (after the @@ sign) .TP .I %mf the mailbox part of %f (before the @@ sign) .TP .I %sf the site part of %f (after the @@ sign) .TP .I %md the machine part of %d (before the first . sign) .TP .I %sd the site part of %d (after the first . sign) .TP .I %M a sendmail macro value. Examples: .I %Mj or .I %M{if_addr} .TP .I %T a brace-enclosed .B strftime(3) format string that will be substituted by the system time. Example: .I %T{%Y%m%d:%H%M%S} .TP .I %% a single % character d645 3 a647 13 substituted by the recipient, %f by the sender, and so on. There are a few additionnal substitutions that can be interesting here: .TP .I %S the action performed: .I accept\fR, .I tempfail\fR, or .I reject\fR. .TP .I %A the line number of the ACL that caused the action. .PP d827 103 @ 1.55 log @Add msgsize and rcptcount clauses to ACL Allow rcpt clause at DATA stage ACL @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.54 2007/01/09 22:22:43 manu Exp $ d4 1 a4 1 .\" Copyright (c) 2004 Emmanuel Dreyfus d79 4 @ 1.54 log @Add SPF, SMTP AUTH and STARTTLS to the ACL. This has not been tested at all, but at least it should not break existing setups if people do not use the new features. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.53 2007/01/04 23:01:46 manu Exp $ d68 1 d123 6 d282 4 a285 5 keyword. DATA-stage ACL have limitations: their action cannot be .I greylist\fR, and they cannot use the .I rcpt clauses. On the other hand, the following clauses can be used: d292 15 @ 1.53 log @Optionnaly post the message body to an URL check at DATA stage (see postmsg in greylist.conf(5) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.52 2007/01/01 17:29:29 manu Exp $ d69 4 d126 26 @ 1.52 log @Add custom logs of milter-greylist actions, see stat in greylist.conf(5) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.51 2007/01/01 08:08:41 manu Exp $ d562 13 @ 1.51 log @Add substitutions for sendmail macro and strftime in URL checks @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.50 2006/12/26 21:21:52 manu Exp $ d562 37 @ 1.50 log @Allow header and body searches in DATA-stage ACL Allow CIDR match for DNSRBL (not tested) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.49 2006/12/20 21:57:53 manu Exp $ d501 12 @ 1.49 log @DATA stage ACL, with some limitations: only whitelist or blacklist, and no access to rcpt. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.48 2006/12/13 09:06:00 manu Exp $ d249 7 a255 1 clauses. d436 1 a436 1 dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10 d689 4 @ 1.48 log @in milterGreylistStatus, TRUE can be used in place of Ok. That will be useful for interfacing with LDAP. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.47 2006/12/13 07:53:42 manu Exp $ d57 1 a57 1 .I acl d80 3 a82 3 acl whitelist addr 127.0.0.0/8 acl whitelist addr 192.168.3.0/24 acl whitelist addr ::1 d99 1 a99 1 acl whitelist domain example.net d111 1 a111 1 acl whitelist from postmaster@@example.com d116 1 a116 1 acl greylist rcpt John.Doe@@example.net d142 1 a142 1 acl greylist rcpt /.*@@example\\.net/ d178 2 a179 2 acl greylist rcpt JDoe@@example.net delay 15m autowhite 3d acl greylist rcpt root@@example.net delay 1h autowhite 3d d187 1 a187 1 acl blacklist dnsrbl "known-spamers" flushaddr d197 2 a198 2 acl blacklist dnsrbl "spamstomp" msg "IP caught by spamstomp" acl greylist default code "451" ecode "4.7.1" d212 4 a215 4 acl whitelist from friend@@toto.com rcpt grandma@@example.com acl whitelist from other.friend@@example.net rcpt grandma@@example.com acl greylist rcpt grandma@@example.com acl whitelist default d221 5 a225 5 acl whitelist addr 193.54.0.0/16 domain friendly.com acl greylist rcpt user1@@atmine.com acl greylist rcpt user2@@atmine.com acl greylist rcpt user3@@atmine.com acl whitelist default d231 6 a236 6 acl whitelist rcpt /.*@@.*otherdomain\\.org/ acl whitelist addr 192.168.42.0/24 rcpt user1@@mydomain.org acl whitelist from friend@@example.net rcpt /.*@@.*mydomain\\.org/ acl whitelist rcpt user2@@mydomain.org acl greylist rcpt /.*@@.*mydomain\\.org/ acl whitelist default d238 12 d258 3 a260 3 acl whitelist list "local" acl greylist list "my users" acl whitelist default d407 2 a408 2 acl greylist sm_macro "maybe_forged" delay 1h acl greylist default 15m d432 2 a433 2 acl greylist dnsrbl "SORBS DUN" delay 1h acl greylist default delay 15m d453 2 a454 2 acl greylist urlcheck "glusr" delay 15m acl whitelist default @ 1.47 log @Add more substitution strings in url checks: %mf mbox part of sender e-mail address (before @@) %sf site part of sender e-mail address (after @@) %mr mbox part of recipient e-mail address (before @@) %sr site part of recipient e-mail address (after @@) %md machine part of sender DNS name (before first .) %sd domain part of sender DNS name (after first .) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.46 2006/12/07 10:22:00 manu Exp $ d493 5 @ 1.46 log @Add connexion pools for URL queries to enable connexion reuse @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.45 2006/12/06 15:02:41 manu Exp $ d465 18 @ 1.45 log @Add URL check feature Bump to 3.1.2 @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.44 2006/09/18 11:54:39 manu Exp $ d439 1 a439 1 urlcheck "glusr" "http://www.example.net/mgl-config?rcpt=%r" d444 5 a448 2 For each message, the URL will be querried, with % format tags being subtituted by the following parameters: @ 1.44 log @Documentation fix @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.43 2006/08/30 20:50:42 manu Exp $ d63 1 a63 1 keyword, and by any set of the 6 clauses: d69 4 a72 2 and (if built with --enable-dnsrbl) .I dnsrbl\fR. d122 4 d433 73 @ 1.43 log @clear macro and list too @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.42 2006/08/27 16:02:26 manu Exp $ d172 2 a173 2 acl greylist rcpt JDoe@@example.net greylist 15m autowhite 3d acl greylist rcpt root@@example.net greylist 1h autowhite 3d @ 1.43.2.1 log @Small doc fix @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.43 2006/08/30 20:50:42 manu Exp $ d172 2 a173 2 acl greylist rcpt JDoe@@example.net delay 15m autowhite 3d acl greylist rcpt root@@example.net delay 1h autowhite 3d @ 1.42 log @Add support to use Sendmail macros in the ACL @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.41 2006/08/24 20:58:36 manu Exp $ d607 1 @ 1.41 log @Contributor list update @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.40 2006/08/08 13:54:41 manu Exp $ d63 1 a63 1 keyword, and by any set of the 5 clauses: d68 1 d116 4 d378 27 @ 1.40 log @Mising \ in sample config @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.39 2006/08/08 12:43:17 manu Exp $ d575 1 a575 1 Gary Aitkeno, d586 1 a586 1 Mattieu Herrb, d590 1 a591 1 Guido Kerkewitz, d594 1 d597 1 a598 1 Christian Pelissier, d600 1 d602 1 d605 1 d607 2 a608 2 and Lev Walkin. @ 1.39 log @typo @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.38 2006/08/01 21:29:36 manu Exp $ d131 1 a131 1 acl greylist rcpt /.*@@example\.net/ d220 1 a220 1 acl whitelist rcpt /.*@@.*otherdomain\.org/ d222 1 a222 1 acl whitelist from friend@@example.net rcpt /.*@@.*mydomain\.org/ d224 1 a224 1 acl greylist rcpt /.*@@.*mydomain\.org/ @ 1.38 log @per-ACL code and SMTP replies @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.37 2006/08/01 14:55:20 manu Exp $ d233 1 a233 1 list "local addr { 192.0.2.0/24 10.0.0.0/8 } @ 1.37 log @flushaddr @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.36 2006/07/28 16:44:17 manu Exp $ a70 12 .PP An .I acl greylist entry can also carry the greylisting and autowhitelisiting delays that will be applied to messages matching the entry. This is done with the 2 clauses .I delay\fR, and .I autowhite\fR. There is also a .I flushaddr flag, which can be used to flush the sender IP from the database. d118 32 d177 13 a189 22 .PP .I domain\fR, .I from\fR, and .I rcpt may be used with regular expressions. The regular expressions must be enclosed by slashes (/). No escaping is available to provide a slash inside a regular expression, so just do not use it. Regular expressions follow the format described in .B re_format(7)\fR. Here is an example: .PP acl greylist rcpt /.*@@example\.net/ .PP When regular expressions are not used, .I from\fR, and .I rcpt perform a case insensitive substring match with leading and trailing brackets, spaces and tabs stripped out. .I domain performs a case insensitive suffix match. @ 1.36 log @Multi-line statements. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.35 2006/07/27 20:08:32 manu Exp $ d80 3 d149 8 @ 1.35 log @cvs blacklist feature @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.33 2006/02/17 19:46:13 manu Exp $ d43 2 @ 1.34 log @Documpentation update @ text @d48 1 a48 1 whitelist. d57 2 a58 1 .I greylist d60 2 a61 2 .I whitelist keyword, and by any set of the 4 clauses: d70 3 a72 1 An ACL entry can also carry the greylisting and autowhitelisiting delays @ 1.33 log @Option to log expired entries (Jeff Rife) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.32 2006/01/11 06:40:39 manu Exp $ d51 2 a52 1 sender e-mail address, and recipient e-mail address. d64 9 d74 1 a74 2 .I rcpt\fR. A message will match an ACL entry when it complies with all of its clauses. d118 23 d200 12 d346 22 @ 1.32 log @Selectable MX sync source address @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.31 2006/01/08 00:38:25 manu Exp $ d453 8 @ 1.31 log @From Ranko Zivojnovic : * Bucketed search of autowhitelisted and pending entries rather than write-locked only-one-at-the-time search * Large buffer for writing the dump file * Disabled having the time comment by default next to each line in the dump (improves dump performance by order of magnitude on my Solaris). If "verbose" enabled - behavior will be as before * 'mxsync' client connection is set non-blocking, but there were no checks if fprintf actually delivers the complete sync message to the peer or just the part of it. * Also, when reading the 'mxsync' client connection, being non- blocking, fgets() can bail out with NULL and EAGAIN which is not fatal error for the connection. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.30 2005/11/30 23:32:13 manu Exp $ d221 6 d490 1 d499 1 @ 1.30 log @DRAC support @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.29 2005/06/10 08:36:50 manu Exp $ d241 9 @ 1.29 log @Fix suffix match for domain clause @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.28 2005/06/08 19:33:17 manu Exp $ d429 9 d463 1 d473 1 d481 1 @ 1.28 log @Perfom suffix match for the domain clause @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.27 2005/06/05 21:59:02 manu Exp $ d123 1 a123 1 When regluar expressions are not used, d127 1 a127 1 perform a case insensitive exact match with leading and trailing brackets, @ 1.27 log @Missing options in usage (Martin Paul) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.26 2005/05/11 14:22:09 manu Exp $ d85 2 a86 1 This clause selects source machines based on their DNS name. d123 9 @ 1.26 log @Updates contributor list in man page @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.25 2005/05/11 14:09:25 manu Exp $ d289 1 a289 1 .B -d d415 4 @ 1.25 log @nroff man pages @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.24 2005/05/07 23:24:28 manu Exp $ d443 1 d449 2 d453 2 @ 1.24 log @Install preformatted man pages that Solaris can display @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.23 2005/03/19 07:39:21 manu Exp $ d31 6 a36 8 .Dd Mar 31, 2004 .Dt greylist.conf 5 .Os .Sh NAME .Nm greylist.conf .Nd milter-greylist configuration file .Sh DESCRIPTION .Nm d38 1 a38 1 .Xr milter-greylist 8 d40 1 a40 1 optionnal arguments. Any line starting with a # is considered as a comment d42 2 a43 2 are accepted in some situations, but do not take them as granted. .Sh WHITELIST d45 1 a45 1 .Nm d47 1 a47 1 .Xr milter-greylist 8 d52 1 a52 1 .Pp d54 1 a54 1 .Ar acl d56 1 a56 1 .Ar greylist d58 1 a58 1 .Ar whitelist d60 3 a62 3 .Ar addr , .Ar domain , .Ar from d64 1 a64 1 .Ar rcpt . d66 2 a67 2 .Bl -tag -width flag .It Ar addr d71 5 a75 3 .Dl acl whitelist addr 127.0.0.0/8 .Dl acl whitelist addr 192.168.3.0/24 .Dl acl whitelist addr ::1 d78 1 a78 1 .Pp d83 9 a91 5 .It Ar domain This clause selects sources machines based on their DNS name. For instance, this will whitelist any machine in the example.net domain: .Dl acl whitelist domain example.net .Pp d93 1 a93 1 .Xr milter-greylist 8 . d96 2 a97 1 .It Ar from d101 4 a104 2 .Dl acl whitelist from postmaster@@example.com .It Ar rcpt d106 5 a110 5 .Dl acl greylist rcpt John.Doe@@example.net .El .Pp .Ar domain , .Ar from d112 1 a112 1 .Ar rcpt d117 1 a117 1 .Xr re_format 7 . d119 4 a122 3 .Dl acl greylist rcpt /.*@@example\.net/ .Pp Entries in the access-list are evaluated sequentialy, so order is d125 1 a125 1 .Ar default d128 1 a128 1 .Pp d130 8 a137 5 .Dl acl whitelist from friend@@toto.com rcpt grandma@@example.com .Dl acl whitelist from other.friend@@example.net rcpt grandma@@example.com .Dl acl greylist rcpt grandma@@example.com .Dl acl whitelist default .Pp d139 9 a147 6 .Dl acl whitelist addr 193.54.0.0/16 domain friendly.com .Dl acl greylist rcpt user1@@atmine.com .Dl acl greylist rcpt user2@@atmine.com .Dl acl greylist rcpt user3@@atmine.com .Dl acl whitelist default .Pp d149 10 a158 8 .Dl acl whitelist rcpt /.*@@.*otherdomain\.org/ .Dl acl whitelist addr 192.168.42.0/24 rcpt user1@@mydomain.org .Dl acl whitelist from friend@@example.net rcpt /.*@@.*mydomain\.org/ .Dl acl whitelist rcpt user2@@mydomain.org .Dl acl greylist rcpt /.*@@.*mydomain\.org/ .Dl acl whitelist default .Pp .Sh BACKWARD COMPATIBILITY d160 1 a160 1 .Xr milter-greylist 8 d162 3 a164 3 .Ar addr , .Ar domain , .Ar from d166 1 a166 1 .Ar rcpt d168 1 a168 1 .Ar acl d170 1 a170 1 Access-list management is intented to replace them. d172 1 a172 1 .Xr milter-greylist 8 , d174 2 a175 2 .Xr milter-greylist 8 handle them as access-list entries with a single clause. They are added d178 1 a178 1 .Pp d180 3 a182 3 .Fl T ) is also deprecated. Access-list semantics does not depend on this flag. .Sh MX SYNC d184 1 a184 1 .Ar peer d186 1 a186 1 .Ar peer d189 4 a192 3 .Dl peer 192.0.2.18 .Dl peer 192.0.2.17 .Pp d194 1 a194 1 .Pp d196 2 a197 1 5252 or port number given by service named mxglsync if defined in /etc/services d199 1 a199 1 .Ar syncaddr d201 7 a207 6 .Dl syncaddr * .Dl syncaddr * port 7689 .Dl syncaddr 192.0.2.2 port 9785 .Dl syncaddr 2001:db8::1:c3b5:123 .Dl syncaddr 2001:db8::1:c3b5:123 port 1234 .Pp d209 1 a209 1 Note that if you are not using the default port, all MX must use the same d211 2 a212 2 .Sh TEXT DUMP .Xr milter-greylist 8 d216 1 a216 1 .Ar dumpfreq d218 1 a218 1 .Pp d220 1 a220 1 .Ar dumpfreq d223 1 a223 1 .Pp d225 1 a225 1 .Ar dumpfreq d227 1 a227 1 Set it to -1 to never dump to a file (unsafe as you loose the whole d230 2 a231 2 h pour hours, and d for day. .Sh REPORTING d233 1 a233 1 .Xr milter-greylist 8 d235 2 a236 2 .Ar X-Greylist header to any message it handles. The header shows what happenned to the d239 1 a239 1 .Nm d241 2 a242 2 .Bl -tag -width flag .It Ar report none d244 1 a244 1 .Ar X-Greylist d246 6 a251 4 .It Ar report delays Only add a header when the message was delayed. .It Ar report nodelays Add a header when the message was not delayed. The header explains why d253 2 a254 1 .It Ar report all d256 1 a256 2 .El .Sh SENDER CALLBACK SYSTEMS d262 2 a263 2 .Pp Greylisting temporarilly rejects at the RCPT stage, so sender callback d265 3 a267 3 .Xr milter-greylist 8 proposes a work around to that problem with the .Ar delayedreject d271 1 a271 1 .Xr milter-greylist 8 d273 1 a273 1 .Pp d277 1 a277 1 .Sh COMMAND-LINE FLAG EQUIVALENTS d279 1 a279 1 .Xr milter-greylist 8 d283 1 a283 1 .Pp d286 2 a287 2 .Bl -tag -width flag .It Ar verbose d289 1 a289 1 .Fl d d291 3 a293 2 .It Ar quiet Do not tell clients how many time remains before their e-mail will d295 1 a295 1 .Fl q d297 12 a308 7 .It Ar nodetach Do not fork and go into the background. This is equivalent to .Fl D . .It Ar noauth Greylist clients regardless if they succeeded SMTP AUTH. Equivalent to .Fl A . .It Ar noaccessdb d310 1 a310 1 .Xr milter-greylist 8 d312 15 a326 11 .Xr sendmail 8 defines a ${greylist} macro set to WHITE. This enable complex whitelisting rules based on the Sendmail access DB. This option inhibit this behavior. .It Ar nospf Greylist clients regardless if they are SPF-compliant. Equivalent to .Fl S . .It Ar testmode Enable test mode. Equivalent to .Fl T . This option is deprecated. .It Ar greylist d328 1 a328 1 .Xr milter-greylist 8 d331 1 a331 1 unit is given: m for minutes, h pour hours, and d for day. d333 1 a333 1 .Ar greylist d335 1 a335 1 .Fl w d337 4 a340 2 .Dl greylist 45m .It Ar autowhite d342 1 a342 1 .Fl a d344 2 a345 1 .Ar greylist keywords , d347 9 a355 7 supplied. Here is an example for a 3 days long auto-whitelisting: .Dl autowhite 3d .It Ar pidfile This cause .Xr milter-greylist 8 to write its PID in the file given in argument, like the .Fl P d357 5 a361 3 must be absolute and it must be enclosed with quotes. Here is an example: .Dl pidfile Qq /var/run/greylist.pid .It Ar dumpfile d363 2 a364 2 .Fl d command line option does. The path must be absolute and enclosed by quotes. d366 4 a369 2 .Dl dumpfile Qq /var/milter-greylist/greylist.db .It Ar subnetmatch d371 1 a371 1 .Fl L d375 4 a378 2 .Dl subnetmatch /24 .It Ar subnetmatch6 d380 1 a380 1 .Fl M d384 4 a387 2 .Dl subnetmatch6 /64 .It Ar socket d389 1 a389 1 .Fl p d392 6 a397 4 .Xr sendmail 8 . It must be enclosed with quotes: .Dl socket Qq /var/milter-greylist/milter-greylist.sock .It Ar user d399 1 a399 1 .Fl u d401 1 a401 1 .Xr milter-greylist 8 d403 6 a408 6 .Dl user Qq smmsp .El .Sh MISCELANEOUS This option has no command line equivalent: .Bl -tag -width flag .It Ar timeout d412 2 a413 1 .It Ar extendedregex d415 1 a415 2 .El .Pp d417 2 a418 2 a new e-mail arrives. Most configuration keywords will take effect immediatly, except the following, which will only take effect after d420 4 a423 4 .Xr milter-greylist 8 : .Ar nodetach , .Ar pidfile , .Ar socket , d425 2 a426 2 .Ar user . .Pp d428 2 a429 2 .Ar dumpfreq option can be dynamically changed, but the change will only take effect d431 23 a453 23 .Sh AUTHORS .An Emmanuel Dreyfus Aq manu@@netbsd.org .Pp milter-greylist received many contributions from (in alphabetic order): .An Gary Aitkeno , .An Joel Bertrand , .An Moritz Both , .An Attila Bruncsak , .An Remy Card , .An Alexandre Cherif , .An Eugene Crosser , .An Cyril Guibourg , .An Klas Heggemann , .An Mattieu Herrb , .An Dan Hollis , .An Per Holm , .An Stephane Lentz , .An Ivan F. Martinez , .An Christian Pelissier , .An Matthias Scheler , .An Wolfgang Solfrank , .An Hajimu Umemoto , d455 2 a456 2 .An Lev Walkin . .Pp d458 1 a458 1 .An Helmut Messerer d460 10 a469 10 .An Thomas Pfau for their feebacks on the first releases of this software. .Sh SEE ALSO .Xr milter-greylist 8 , .Xr sendmail 8 , .Xr syslogd 8 . .Pp Evan Harris's paper .Pa http://projects.puremagic.com/greylisting .Pp d471 1 a471 1 .Pa http://hcpnet.free.fr/milter-greylist @ 1.23 log @extendedregex for extended regex @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.22 2005/01/29 18:42:53 manu Exp $ a30 1 @ 1.22 log @Delayed reject for <> sender to cope better with sender callback (Moritz Both) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.21 2005/01/29 18:24:17 manu Exp $ a113 1 d367 2 @ 1.21 log @One more contributor @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.20 2005/01/29 18:21:37 manu Exp $ d237 21 @ 1.20 log @Update contributor list @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.19 2005/01/06 20:14:49 manu Exp $ d371 1 @ 1.19 log @Doc fixes by Per Holm @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.18 2004/12/28 21:46:05 manu Exp $ d369 2 d374 1 d376 1 d379 3 d385 1 d387 1 a387 1 .An Hajimu Umemoto . @ 1.18 log @More dc fixes from Gary Aitken @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.17 2004/12/16 23:08:13 manu Exp $ d42 2 a43 2 operation. The format is simple: each line contains a keyword and an optionnal argument. Any line starting with a # is considered as a comment d76 1 a76 1 .Dl awl whitelist addr ::1 d107 1 a107 1 may be used with regulax expressions. The regular expressions must be @ 1.17 log @Use Sendmail DB as a whitelist source: if ${greylist} is defined as WHITE, assume whitelist. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.16 2004/12/09 00:04:01 manu Exp $ d202 1 a202 1 If d204 1 a204 1 value is too small, it will kill performances. If it is too high, d240 1 a240 1 command-line options have equivalent that can be used in the d277 1 a277 1 The argument sets how many time d289 1 a289 1 This sets the auto-whitelisting duration, like the d327 1 a327 1 command line option, this keywords is used to specify the socket used d337 1 a337 1 as a non root user. here is an example: d349 2 a350 2 The configuration file is reloaded automatically once it is modified and a new e-mail gets in. Most configuration keywords will take effect d362 1 a362 1 option can be dynamically changed, but change will only take effect @ 1.16 log @Documentation cleanup @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.15 2004/12/08 22:23:09 manu Exp $ d262 7 @ 1.15 log @New ACL framework for whitelist and greylist (Remy Card) Tell MX peers about autowhitelist prolongation (Remy Card) @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.14 2004/10/17 18:35:42 manu Exp $ d51 18 a68 1 white list. This is done with four keywords: d71 1 a71 1 This keyword is used to specify a netblock of whitelisted source IP d74 3 a76 3 .Dl addr 127.0.0.0/8 .Dl addr 192.168.3.0/24 .Dl addr ::1 d85 1 a85 1 This keyword enable whitelisting of machines based on their DNS name. d87 1 a87 1 .Dl domain example.net d94 1 a94 1 This is used to whitelist sender e-mail addresses. You should not use d97 1 a97 2 .Dl from postmaster@@example.com d99 2 a100 10 This is used to configure what recipient addresses will have their incoming e-mail whitelisted. When running in testmode (The .Fl T command-line option), addresses listed with the rcpt keyword will have their incoming e-mail greylisted. Without testmode, addresses listed with the .Ar rcpt keyword will not have their incoming e-mail greylisted. Example: .Dl rcpt John.Doe@@example.net d113 9 a121 19 .Dl rcpt /.*@@example\.net/ .Sh ACCESS LIST Starting with version 1.7, .Xr milter-greylist 8 handles an access-list that can be used to combinate .Ar addr , .Ar domain , .Ar from and .Ar rcpt clauses. An access-list entry starts with the .Ar acl keyword followed by the .Ar greylist or .Ar whitelist keyword. Entries in the access-list are evaluated sequentialy, so order is very important. d144 4 a147 1 Access-list management is intented to replace the d153 7 a159 3 keywords that will be phased out in a future version of .Xr milter-greylist 8 . These deprecated keywords are still accepted by d161 7 a167 10 and are handled as simple access-list entries. They are added at the head of the access-list so the use of these keywords and access-lists may lead to unspecified behaviour. .Pp Access-list handling does not depend on the running mode (testmode or not) since entries explicitely contain the .Ar greylist or .Ar whitelist keyword. d268 1 @ 1.14 log @Update the documentation for the localhost peer exclusion. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.13 2004/10/13 10:15:12 manu Exp $ d51 1 a51 1 white list. This is done with three keywords: d102 1 a102 1 follow the format desribed in d106 60 @ 1.13 log @Give credtis to the various contributors in the man pages. @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.12 2004/08/10 10:15:06 manu Exp $ d116 1 a116 2 Do not ever list localhost as a peer, as it will cause each entry to be added twice to the greylist. @ 1.12 log @documentation typos @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.11 2004/08/08 21:24:20 manu Exp $ d295 1 a295 1 .Sh AUTHOR d298 11 a308 2 Thanks to .An Helmut Messerer d310 5 d316 1 a316 1 for their feebacks on this software. @ 1.11 log @Configurable MX sync bind port and address (Cyril Guibourg) Bump to 1.5.6 @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.10 2004/08/01 09:27:03 manu Exp $ d120 2 a121 2 5252 or portnumber given by service named mxglsync if defined in /etc/services or other directory service. This behaviour can be changed by using @ 1.10 log @Full blown IPv6 support, from Hajimu Umemoto Correctly clean rc-debian.sh @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.9 2004/06/16 20:38:56 manu Exp $ d118 15 d135 2 a136 2 uses a text dump of its database to resume operation after a crash. The dump is performed at regular time interval, but as it is a heavy operation, @ 1.9 log @Document the comment on end of line bug @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.8 2004/05/26 21:50:13 manu Exp $ d59 3 a61 1 If the netmask is ommitted, /32 is assumed. d233 7 @ 1.8 log @DNS support in greylist.conf through the domain keyword @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.7 2004/05/26 09:14:29 manu Exp $ d43 3 a45 2 optionnal argument. Anything between a # and the end of a line is considered as a comment and is ignored. Blank lines are ignored as well. @ 1.7 log @timeout option @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.6 2004/05/24 21:57:36 manu Exp $ d64 9 d92 1 a92 1 Both d97 1 a97 1 enclosed by slashes (/). No scaping is available to provide a slash @ 1.6 log @dumpfreq option @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.5 2004/04/12 17:26:03 manu Exp $ d237 8 d256 5 d276 3 @ 1.5 log @in greylist.conf, make the netmask opttionnal (default to /32) Bump to 1.1.14 @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.4 2004/04/02 15:06:53 manu Exp $ d106 20 @ 1.4 log @Add a config option to suprress X-Greylist header Bump to 1.10 @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.3 2004/04/01 21:23:08 manu Exp $ d58 1 @ 1.3 log @Update the documentation for regular expressions @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.2 2004/03/31 12:10:16 manu Exp $ d105 23 @ 1.2 log @More documentation, nodetach option in config @ text @d2 1 a2 1 .\" $Id: greylist.conf.5,v 1.1 2004/03/31 11:39:26 manu Exp $ d75 3 a77 1 with the rcpt keyword will not have their incoming e-mail greylisted. d81 12 a92 1 d94 2 a95 1 Synchronization of the greylist among multiple MX is configured using the peer @ 1.1 log @socket can now be given in the config file. Documentation on the config file options @ text @d2 1 a2 1 .\" $Id$ d110 3 d171 7 d179 11 @