# # This is a sample configuration for grossd # # This file includes all valid configuration parameters, with their # default values. All the default values are commented out, so any # all lines not commented out change the default settings. # # syntax is # # name = value [; param]... # # you can also add comments after a line # this is a comment # 'host' is the address the server should listen for queries # DEFAULT: host = localhost # 'port' is the port the server should listen for queries # DEFAULT: port = 5525 # 'protocol' activates the server protocols grossd will support # Valid protocols are 'sjsms', 'postfix' and 'milter' #protocol = sjsms #protocol = postfix protocol = milter # 'stat_type' is the name of the requested statistic. There can be multiple # 'stat_type' options in the configuration file (Using both none and full is # undefined). Default is none. Valid options are currently: # full: grossd sends all possible statistics # none: no statistics at all # status: basic statistics set # since_startup: basic set since the startup # delay: processing delay statistics # EXAMPLE: stat_type = status # EXAMPLE: stat_type = delay stat_type = full # 'stat_interval' is the number of seconds between status log entries # DEFAULT: stat_interval = 3600 # 'filter_bits' is the size of the bloom filter. Size will be 2^filter_bits # lowering this value will increase the probability of false matches # in each individual bloom filter # DEFAULT: filter_bits = 24 # 'number_buffers' is the number of filters used in the ring queue # raising this value will cause an entry to stay in the servers' memory longer # DEFAULT: number_buffers = 8 number_buffers = 16 # 'rotate_interval' is the number of seconds between filter rotation. # Let N := 'number_buffers' and I := 'rotate_interval'. An entry will # stay in the servers' memory for (N - 0.5) * I seconds in average. # DEFAULT: rotate_interval = 3600 # 'sync_listen' is the address to listen for communication with the peer # defaults to 'host' option # sync_listen = # 'sync_peer' is the address of the peer used in clustered mode # sync_peer = # 'sync_port' is the port number to listen to and connect to in # communication with the peer. # DEFAULT: sync_port = 5524 # 'status_host' is the address grossd listens for status queries # DEFAULT: status_host = localhost # 'status_port' is the port number grossd listens for status queries # DEFAULT: status_port = 5522 # 'statefile' is the full path of the file that the server will use to # store the state information. # statefile = /var/db/grossd.state # 'pidfile' is the full path of the file grossd writes its pid into. # You can set parameter 'check', if you want to keep grossd # from starting if pidfile already exists. pidfile = /var/run/gross/grossd.pid;check # 'log_method' is used to list all the possible logging facilities. # currently only syslog is implemented # DEFAULT: log_method = syslog # 'log_level' Possible log levels are 'debug', 'info', 'notice' # 'warning' and 'error'. # DEFAULT: log_level = info log_level = notice # 'syslog_facility' is the facility syslog sends log messages with. # DEFAULT: syslog_facility = mail #syslog_facility = local8 # 'update' is the way server updates the database. Valid options are # 'grey' and 'always'. If 'update = grey' grossd will update the database # only if response is STATUS_GREY # DEFAULT: update = grey # 'grey_mask' is the mask for grossd to use when matching client_ip # against the database. Default is 24, so grossd treats addresses # like a.b.c.d as a.b.c.0. Setting this to 32 makes grossd to # require that consecutive attempts are made from the same ip address. # DEFAULT: grey_mask = 24 # 'grey_delay' is the time in seconds new triplets are kept on the greylist. # DEFAULT: grey_delay = 10 grey_delay = 230 # 'query_timelimit' is the query timeout in milliseconds. # DEFAULT: query_timelimit = 5000 query_timelimit = 7000 # 'pool_maxthreads' is the maximum threadcount per pool. You may have # to raise the limit from the default if you get more than 100 # queries per second and/or have slow dns servers. Rule of thumb would be # decide how many queries you want grossd to be able to handle per second, # and multiply that with query_timelimit (in seconds, of course). # DEFAULT: pool_maxthreads = 100 #pool_maxthreads = 200 # 'block_threshold' is the threshold after which grossd sends # a permanent error to the client. Every check that considers client_ip # as suspicious returns a value (check weight). When sum of these # values gets equivalent or greater than 'block_threshold', grossd # sends a STATUS_BLOCK response. Default is 0, which disables # this functionality. # DEFAULT: block_threshold = 0 # 'block_reason' is the reason given when client is too suspicious, # see block_threshold # DEFAULT: block_reason = Bad reputation # 'grey_threshold' is analogous to 'block_threshold', except at the # threshold grossd sends a STATUS_GREY response. # DEFAULT: grey_threshold = 1 # 'check' lists all the checks grossd will do to judge if client_ip is # suspicious or not. #check = rhsbl #check = dnswl check = dnsbl check = dnswl # 'dnsbl' is a dns domain name of the dnsbl that 'dnsbl' check will query # There are no defaults, but below is a list of dnsbls you could be using # you may assign different weights for the dnsbl's, default weight is 1 # dnsbl = rbl-plus.mail-abuse.net # this is not free #dnsbl = bl.spamcop.net;2 #dnsbl = combined.njabl.org #dnsbl = cbl.abuseat.org #dnsbl = dnsbl.sorbs.net dnsbl = bl.spamcop.net dnsbl = dnsbl-1.uceprotect.net.dnsbl dnsbl = spam.spamrats.com dnsbl = korea.services.net dnsbl = no-more-funn.moensted.dk dnsbl = dnsbl-2.uceprotect.net.dnsbl dnsbl = noptr.spamrats.com dnsbl = dnsbl.sorbs.net dnsbl = ubl.unsubscore.com.dnsbl dnsbl = dnsbl-3.uceprotect.net.dnsbl dnsbl = dyna.spamrats.com dnsbl = db.wpbl.info dnsbl = dnsbl.njabl.org dnsbl = ips.backscatterer.org.dnsbl dnsbl = b.barracudacentral.org # 'rhsbl' is analogous to 'dnsbl' #rhsbl = rhsbl.sorbs.net # 'dnswl' is analogous to 'dnsbl'. Remember that dnswl is a *definitive* # check, that is grossd waits for the check to complete before deciding # how to respond. This may cause unwanted latency. Highly recommended if # you use grossd as a traditional greylister. #dnswl = query.bondedsender.org dnswl = dnswgl.saga.rs dnswl = query.bondedsender.org # 'blocker_host' is the host name of the Sophos blocker server. # blocker_host = # 'blocker_port' is the tcp port of the Sophos blocker service. # DEFAULT: blocker_port = 4466 # 'blocker_weight' is the weight of the blocker check. (See description of 'dnsbl') # DEFAULT: blocker_weight = 1 # 'milter_listen' is the socket for milter service. # EXAMPLE: milter_listen = inet:5523@localhost milter_listen = inet:5523@localhost