228 lines
8.2 KiB
Plaintext
228 lines
8.2 KiB
Plaintext
#########################
|
|
## SQLgrey config file ##
|
|
#########################
|
|
|
|
# Notes:
|
|
# - Unless specified otherwise commented settings are SQLgrey's defaults
|
|
# - SQLgrey uses a specific config file when called with -f <conf_file>
|
|
|
|
## Configuration files
|
|
conf_dir = /etc/sqlgrey
|
|
|
|
## Log level
|
|
# Uncomment to change the log level (default is normal: 2)
|
|
# nothing: O, errors only: 0, warnings: 1, normal: 2, verbose: 3, debug: 4
|
|
loglevel = 2
|
|
|
|
## log categories can be fine-tuned,
|
|
# here are the log messages sorted by types and levels,
|
|
# (anything over the loglevel is discarded):
|
|
#
|
|
# grey : (0) internal errors,
|
|
# (2) initial connections, early reconnections,
|
|
# awl matches, successful reconnections, AWL additions,
|
|
# (3) smart decision process debug,
|
|
# whitelist: (2) whitelisted connections,
|
|
# (3) actual whitelist hit,
|
|
# (4) whitelists reloads,
|
|
# optin: (3) optin/optout global result
|
|
# (4) optin/optout SQL query results
|
|
# spam : (2) attempts never retried,
|
|
# mail : (1) error sending mails,
|
|
# (4) rate-limiter debug,
|
|
# dbaccess : (0) DB errors,
|
|
# (1) DB upgrade,
|
|
# (2) DB upgrade details,
|
|
# martians : (2) invalid e-mail addresses,
|
|
# perf : (2) cleanup time,
|
|
# system : (0) error forking,
|
|
# (3) forked children PIDs, children exits,
|
|
# conf : (0) errors in config files, missing required file,
|
|
# (1) warnings in config files,
|
|
# missing optional configuration files,
|
|
# (2) reloading configuration files,
|
|
# other : (4) Startup cleanup
|
|
# you can set a level to O (capital o) to disable logs completely,
|
|
# but be aware that then SQLgrey can come back to haunt you...
|
|
|
|
# Provide a coma-separated "logtype:loglevel" string
|
|
# For example if you set the loglevel to 3 (verbose) but want SQLgrey to be:
|
|
# . quiet for whitelists
|
|
# . normal for greylisting
|
|
# uncomment the following line.
|
|
log_override = whitelist:1,grey:2,spam:2,martians:2
|
|
# By default, log_override is empty
|
|
|
|
## Log identification
|
|
# by default this is the process name. If you define the following variable
|
|
# SQLgrey will use whatever you set it to
|
|
# log_ident =
|
|
|
|
## username and groupname the daemon runs as
|
|
user = sqlgrey
|
|
group = sqlgrey
|
|
|
|
## Socket
|
|
# On which socket do SQLgrey wait for queries
|
|
# use the following if you need to bind on a public IP address
|
|
# inet = <public_ip>:2501
|
|
# to bind on a UNIX socket, use the following:
|
|
# unix = /path/to/socket
|
|
# default :
|
|
inet = 2501 # bind to localhost:2501
|
|
|
|
## PID
|
|
# where to store the process PID
|
|
pidfile = /var/run/sqlgrey.pid
|
|
|
|
## Greylisting delays
|
|
# If you want to be really strict (RFC-wise) use these
|
|
# This is *not* recommended, you'll have false positives
|
|
# reconnect_delay = 15 # don't allow a reconnection before 15 minutes
|
|
# max_connect_age = 2 # don't allow a reconnection after 2 hours
|
|
# default: (based on real-life experience)
|
|
# reconnect_delay = 5
|
|
# max_connect_age = 24
|
|
|
|
## Throttling too many new entries from new host
|
|
# Setting this optional parameter will refuse an excessive number of
|
|
# new entries in the connect table from the same host, in the following
|
|
# manner:
|
|
# - If there are already "connect_src_throttle" entries in the connect
|
|
# table from the same host (e-mails which have not been retried yet)
|
|
# - And there is NO entry for this host in domain_awl
|
|
# - And there are LESS than "connect_src_throttle" entries in the
|
|
# from_awl table for this host
|
|
# THEN further incoming connections from this host will be (temporarily)
|
|
# refused without new entries being created in the connect table (until
|
|
# some already waiting entries have been successfully retried).
|
|
# This feature may prevent the connect table from growing too big and
|
|
# being polluted by spambots, viruses, zombie machines and the like.
|
|
# If set to "0" (default), this feature won't be used.
|
|
connect_src_throttle = 5
|
|
|
|
|
|
## Auto whitelists settings
|
|
# default is tailored for small sites
|
|
awl_age = 60
|
|
group_domain_level = 2
|
|
|
|
# For bigger sites you may want
|
|
# a smaller awl_age and a bigger group_domain_level
|
|
# awl_age = 32 # (monthly newsletter will get through)
|
|
# group_domain_level = 10 # wait for 10 validated adresses to add a whole
|
|
# domain in AWL
|
|
|
|
## Database settings
|
|
# instead of Pg below use "mysql" for MySQL, "SQLite" for SQLite
|
|
# any DBD driver is allowed, but only the previous 3 have been tested
|
|
# db_type = Pg
|
|
# db_type = SQLite
|
|
# db_name = sqlgrey
|
|
# db_name = /var/lib/sqlgrey/sqlgrey.db
|
|
# Note: the following are not used with SQLite
|
|
db_type = mysql
|
|
db_name = sqlgrey
|
|
db_host = localhost
|
|
db_port = default
|
|
db_user = sqlgrey
|
|
db_pass = rm8n9toa
|
|
# (overrides db_type, db_name, db_host, db_port)
|
|
# db_dsn = DBI:SQLite:dbname=/path/to/database.db
|
|
# db_dsn = DBI:mysql:database=sqlgrey;host=localhost;port=3306
|
|
#
|
|
# db_prepare_cache = 0 # use prepared statements cache
|
|
# BEWARE: memory leaks have been reported
|
|
# when it is active
|
|
db_cleandelay = 1800 # in seconds, how much time between database cleanups
|
|
clean_method = sync # sync : cleanup is done in the main process,
|
|
# delaying other operations
|
|
# async: cleanup is done in a forked process,
|
|
# it won't delay mail processing
|
|
# BEWARE: lockups have been reported
|
|
# and are still investigated
|
|
|
|
## Database clustering (for advanced setups)
|
|
#
|
|
# See README.DBCLUSTER
|
|
#
|
|
# Writes will be done to db_host specified above, and reads will be done
|
|
# from read_hosts specified below
|
|
#
|
|
# Valid options: on/off. If set to 'on', clustering will be enabled.
|
|
# db_cluster = on
|
|
|
|
#
|
|
# Comma seperated list of read-only db-servers.
|
|
# read_hosts= slave-db-1.test.com, slave-db-2.test.com ,slave-db-3.test.com
|
|
# read_hosts=localhost
|
|
|
|
|
|
## X-Greylist header added?
|
|
# This adds delay, whitelist and autowhitelist information in the headers
|
|
prepend = 1
|
|
|
|
## Greylisting method:
|
|
# - full : greylist by IP address
|
|
# - classc : greylist by class C network. eg:
|
|
# 2.3.4.6 connection accepted if 2.3.4.145 did connect earlier.
|
|
# - smart : greylist by class C network unless there is no reverse lookup
|
|
# or it looks like a home-user address.
|
|
# NOTE: IPv6 addresses are treated the same way in 'classc' and 'smart':
|
|
# First the algorithm decides whether the address is in a EUI-64 form
|
|
# or not. If it is then the whole /64 subnet is regarded as "class C"
|
|
# and all the hosts from that subnet are greylisted with the same
|
|
# rule. For non-EUI-64 addresses the full address is processed.
|
|
# Default is smart
|
|
# greymethod = smart
|
|
|
|
## Optin/Optout (see README.OPTINOUT for details)
|
|
# - none : everyone is greylisted (default)
|
|
# - optin : one must optin to have its (incoming) messages being greylisted
|
|
# - optout : one must optout to not have its messages being greylisted
|
|
optmethod = optout
|
|
|
|
## Discriminating Greylisting (see README.DISCRIMINATION)
|
|
# - off : normal greylisting
|
|
# - on : Only apply greylisting to senders that do not pass the regexp test.
|
|
#
|
|
# discrimination = off
|
|
|
|
# Display the number of the regular expression causing the greylisting
|
|
# at the end of the reject message.
|
|
# Values: on/off
|
|
# discrimination_add_rulenr = off
|
|
|
|
## SQLgrey return value.
|
|
# SQLgrey can tell Postfix to:
|
|
# - immediately reject a message with a temporary reject code
|
|
# - only do so if following rules would allow the message to pass
|
|
# The first choice will prevent Postfix from spending time evaluating
|
|
# potentially expensive rules.
|
|
# In some cases you may want following rules to be aware of the connection
|
|
# this.
|
|
#
|
|
# We can specify a different rejection strategy for the first connection
|
|
# attempt, and for early reconnections. 'immed' chooses immediate rejection
|
|
# 'delay' choose delayed rejection
|
|
#
|
|
# By default we use delay on first attempt
|
|
reject_first_attempt = delay
|
|
# Default for early reconnection is the value affected to reject_first_attempt
|
|
reject_early_reconnect = delay
|
|
|
|
# Use specific reject code - Only used if reject_first_attempt/reject_early_reconnect = immed
|
|
# (Some "odd" mailservers actually bounce on 450 but not 451)
|
|
reject_code = 451
|
|
# reject_code = dunno
|
|
|
|
## Update server
|
|
# where to get updates for whitelists
|
|
whitelists_host = sqlgrey.bouton.name
|
|
|
|
## Postmaster address
|
|
# who gets urgent notifications (DB is down for example)
|
|
# empty: don't send mail notifications
|
|
# default:
|
|
# admin_mail = postmaster
|