#!/bin/bash hvconfig_pre() { CONFIGURE_OPTS+=" --localstatedir=/var/run" } hvbuild_post() { # Configuration file cat > /etc/mail/greylist.conf << EOF # greylist.conf pidfile "/var/run/milter-greylist/milter-greylist.pid" socket "/var/run/milter-greylist/milter-greylist.sock" dumpfile "/var/run/milter-greylist/greylist.db" user "root" # Be verbose (or use -v flag) verbose # Do not tell spammer how long they have to wait quiet # Your own network, which should not suffer greylisting list "my network" addr { 127.0.0.1/8 192.168.0.0/24 } # This is a list of broken MTAs that break with greylisting. Derived from # http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16 list "broken mta" addr { \ 12.5.136.141/32 \ # Southwest Airlines (unique sender) 12.5.136.142/32 \ # Southwest Airlines 12.5.136.143/32 \ # Southwest Airlines 12.5.136.144/32 \ # Southwest Airlines 12.107.209.244/32 \ # kernel.org (unique sender) 12.107.209.250/32 \ # sourceware.org (unique sender) 63.82.37.110/32 \ # SLmail 63.169.44.143/32 \ # Southwest Airlines 63.169.44.144/32 \ # Southwest Airlines 64.7.153.18/32 \ # sentex.ca (common pool) 64.12.136.0/24 \ # AOL (common pool) 64.12.137.0/24 \ # AOL 64.12.138.0/24 \ # AOL 64.124.204.39 \ # moveon.org (unique sender) 64.125.132.254/32 \ # collab.net (unique sender) 66.94.237.16/28 \ # Yahoo Groups servers (common pool) 66.94.237.32/28 \ # Yahoo Groups servers (common pool) 66.94.237.48/30 \ # Yahoo Groups servers (common pool) 66.100.210.82/32 \ # Groupwise? 66.135.192.0/19 \ # Ebay 66.162.216.166/32 \ # Groupwise? 66.206.22.82/32 \ # Plexor 66.206.22.83/32 \ # Plexor 66.206.22.84/32 \ # Plexor 66.206.22.85/32 \ # Plexor 66.218.66.0/23 \ # Yahoo Groups servers (common pool) 66.218.67.0/23 \ # Yahoo Groups servers (common pool) 66.218.68.0/23 \ # Yahoo Groups servers (common pool) 66.218.69.0/23 \ # Yahoo Groups servers (common pool) 66.27.51.218/32 \ # ljbtc.com (Groupwise) 152.163.225.0/24 \ # AOL 194.245.101.88/32 \ # Joker.com 195.235.39.19/32 \ # Tid InfoMail Exchanger v2.20 195.238.2.0/24 \ # skynet.be (wierd retry pattern, common pool) 195.238.3.0/24 \ # skynet.be 195.46.220.208/32 \ # mgn.net 195.46.220.209/32 \ # mgn.net 195.46.220.210/32 \ # mgn.net 195.46.220.211/32 \ # mgn.net 195.46.220.221/32 \ # mgn.net 195.46.220.222/32 \ # mgn.net 195.238.2.0/24 \ # skynet.be (wierd retry pattern) 195.238.3.0/24 \ # skynet.be 204.107.120.10/32 \ # Ameritrade (no retry) 205.188.0.0/16 \ # AOL 205.206.231.0/24 \ # SecurityFocus.com (unique sender) 207.115.63.0/24 \ # Prodigy - retries continually 207.171.168.0/24 \ # Amazon.com 207.171.180.0/24 \ # Amazon.com 207.171.187.0/24 \ # Amazon.com 207.171.188.0/24 \ # Amazon.com 207.171.190.0/24 \ # Amazon.com 209.132.176.174/32 \ # sourceware.org mailing lists (unique sender) 211.29.132.0/24 \ # optusnet.com.au (wierd retry pattern) 213.136.52.31/32 \ # Mysql.com (unique sender) 216.33.244.0/24 \ # Ebay 217.158.50.178/32 \ # AXKit mailing list (unique sender) } # List of users that want greylisting list "grey users" rcpt { \ *@mydomain.com \ } # List of senders that are automatically whitelisted list "white users" from { \ user@domain1 \ user@domain2 \ } # Perform DNS Reverse Black List verification dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10 # And here is the access list acl whitelist addr 127.0.0.0/8 acl whitelist addr 192.168.0.0/24 acl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d acl greylist list "grey users" delay 10m autowhite 10d acl whitelist list "white users" acl whitelist default EOF # Bootscript install -v -m740 ${SCRDIR}/bootscripts/milter-greylist /etc/rc.d/init.d # script-name start stop bootscript_add_rc3 milter-greylist 57 33 }