Trace: » Tuning Options » Sendmail Innovation Award » Environment Variables » j-greyd - Greylist database server » Troubleshooting » Introduction - What's j-chkmail ??? » Virus filtering with j-chkmail » Protecting against outgoing SPAM » Resources » j-chkmail.cf

Home

Reference

Command line tools
Environment Variables
Configuration files and tables
- j-chkmail.cf
- j-tables
- j-xfiles
- j-regex
- j-modules
- j-error-msg
- j-oracle
- j-ndc.cf
Constant databases
- Policy Database
- Recipients Database

j-chkmail.cf
- Headline

j-chkmail.cf

This page is under construction...

General Parameters

VERSION (String) - Configuration file version
- Default : 2.3.0-100627
MYSELF (String) - My own names, IPs and aliases
- Default : 127.0.0.1 HOSTNAME
J_HOSTNAME (Option) - How to get mailserver hostname ?
- Values : SYSTEM/SENDMAIL/OTHER
- Default : SYSTEM
PRESENCE (Option) - Show/Hide presence (presence header)
- Values : SHOW/HIDE
- Default : SHOW
FOOTER (Option) - Show/Hide j-chkmail signature at warning message
- Values : SHOW/HIDE
- Default : SHOW
FILTER_URL (String) - Filter URL (to be included on X-Miltered header)
- Default : http : / / j-chkmail dot ensmp dot fr
POLICY_URL (String) - Policy filtering URL - appended to reply messages
- If your domain has a web page to inform people about your email policies, you define this option, with some URL, j-chkmail will append a reference - See POLICY_URL - to each reply done in SMTP session
- Default :
DAEMON_FILTER_DISABLE (String) - SMTP daemons to disable filtering
- When your MTA is listening of different IP addresses and ports, it may be useful to enable/disable filtering for some of them. E.g., if you want to filter incoming messages but not outgoing messages (this isn't yet implemented).
- Syntax : NAME:PORT, NAME:PORT, …
- Default :

System parameters and Resources

USER (String) - Filter USER ID
- The filter will run as this user ID
- Default : smmsp
GROUP (String) - Filter GROUP ID
- The filter will run as this group IP
- Default : smmsp
FILE_DESCRIPTORS (String) - Number of available file descriptors (integer value or MAX)
- Sets a limit on the number of file descriptors available to the filter : can be any value lower than the value set by the operating system (ulimit), or MAX to use that value.
- Default : MAX
FD_FREE_SOFT_LIMIT (Integer) - Available file descriptors soft lower bound
- When the number of file descriptors available is lower than this value, the filter will rejects connections coming from unknown NetClasses
- Default : 100
FD_FREE_HARD_LIMIT (Integer) - Available file descriptors hard lower bound
- When the number of file descriptors available is lower than this value, the filter will reject all connections.
- Default : 50
USE_SELECT_LIMIT (Option) - Available file descriptors limited by select function
- Use the lower value between FILE_DESCRIPTORS and FD_SELECT. This option can be disabled if libmilter was compiled with _FFR_WORKERS_POOL or SM_CONF_POLL
- Values : NO/YES
- Default : YES
CPU_IDLE_SOFT_LIMIT (Integer) - SOFT CPU Idle threshold to accept connections
- When the CPU idle ratio is less than this value, the filter will reject connections coming from unknown Netclasses. No control is done when this value is 0.
- Default : 0
CPU_IDLE_HARD_LIMIT (Integer) - HARD CPU Idle threshold to accept connections
- When the CPU idle ratio is less than this value, the filter will reject all connections No control is done when this value is 0.
- Default : 0
MAX_OPEN_CONNECTIONS (Integer) - Maximum number of simultaneous open connections
- This is the global number of simultaneous connections the filter will handle the same time.
- Default : 500

MTA Communications

SOCKET (String) - Communication socket between sendmail and j-chkmail
- Syntax : inet:PORT@HOSTNAME | local:SOCKET_PATH
- Default : J_SMSOCKFILE
SM_TIMEOUT (Integer) - Inactivity timeout (milter ↔ sendmail connection)
- The filter will close sendmail connections inactive for this value long. Busy servers shall be configured with a much lower value (~ 600 s shall be OK)
- Default : 600s

Control channel

This Section defines how j-ndc command line tool communicates with j-chkmail.

CTRL_CHANNEL_ENABLE (Option) - Enable remote control channel
- Values : NO/YES
- Default : YES
CTRL_SOCKET (String) - Control socket
- Syntax : inet:PORT@HOSTNAME | local:SOCKET_PATH
- Default : inet:2010@127.0.0.1
CTRL_ACCESS (Option) - How to do access control over control channel
- You can disable access control (NONE) or define your rules at policy database (ACCESS). If you define the CTRL_SOCKET option listening with an IP address other than localhost you shall enable access control.
- Values : NONE/ACCESS
- Default : NONE

Configuration Files

CONFDIR (String) - j-chkmail configuration directory
- This is the directory where configuration files and tables will be put in.
- Default : /etc/mail/jchkmail
ERROR_MSG_FILE (String) - Notification template
- This file contains templates for the notification messages sent when a virus or X-file is found inside a message.
- Default : j-error-msg
ACCESS_FILE (String) - j-chkmail access data
- Default : j-access
AUTO_RELOAD_TABLES (Integer) - Periodic configuration reload interval
- When this value is greater than 0s, j-chkmail will periodically reload configuration data.
- Default : 3600s
MODULES_CF (String) - Modules
- Configuration file for dynamically loaded modules (not fully implemented)
- Default : j-modules

Logging

LOG_FACILITY (String) - syslog facility
- Default : local5
LOG_LEVEL (Integer) - j-chkmail log level
- Default : 10
LOG_SEVERITY (Option) - Add a severity tag to syslog lines
- When enabled, j-chkmail log lines have a tag like ”[ID 000000 local5.notice]”, useful in order to find lines with some specific priority (e.g. error)
- Values : NO/YES
- Default : NO
CLUSTER (Option) - Filter sharing resources inside a cluster (spool/server)
- Values : NO/YES
- Default : NO
LOG_ATTACHMENTS (Option) - Log attached files (using syslog)
- Values : NO/YES
- Default : NO
LOG_THROTTLE (Option) - Periodically log server throttle (using syslog)
- Values : NO/YES
- Default : YES
LOG_LOAD (Option) - Periodically log CPU load (using syslog)
- Values : NO/YES
- Default : YES
LOG_GREY_CLEANING (Option) - Log results of greylist database maintenance
- Values : NO/YES
- Default : NO
DUMP_COUNTERS (Option) - Periodically dump internal counters
- Values : NO/YES
- Default : YES
STATS_INTERVAL (Integer) - Time interval used to dump periodical data (load, throttle, …)
- Default : 300
HISTORY_ENTRIES (Integer) - Number of entries of history (times 1024)
- Default : 256

Spool and state Files

WORKROOT (String) - j-chkmail root directory
- Default : J_WORKROOT
WORKDIR (String) - j-chkmail work directory (state and specific logs)
- Default : J_WORKDIR
SPOOLDIR (String) - j-chkmail message spool directory
- Default : J_SPOOLDIR
PID_FILE (String) - j-chkmail pid file
- Default : J_PID_FILE
STATS_FILE (String) - STATS_FILE
- Default : J_STATS_FILE

Quarantine and Archive management

CLEANUP_INTERVAL (Integer) - Quarantine directory clean-up interval
- This option defined the periodicity at which the spool will be cleaned-up
- Default : 6h
QUARANTINE_LIFETIME (Integer) - Quarantine
- When the spool is cleaned-up, files older than this value will be removed
- Default : 1d
QUARANTINE_ADD_FROM_LINE (Option) - Add From line to quarantine file ?
- Values : NO/YES
- Default : YES
QUARANTINE_LOG_FILE (String) - Quarantine log file
- Default : J_QUARANTINE_LOG
ARCHIVE (Option) - Archiving messages
- When this option is enabled, j-chkmail will be able to save a copy of each message matching Archive policy.
- Values : NO/YES
- Default : NO

Modules

MODDIR (String) - Modules
- Default : /usr/lib/j-chkmail

Databases

WDBDIR (String) - j-chkmail working databases directory
- Default : J_WDBDIR

Constant Databases

CDBDIR (String) - j-chkmail constant databases directory
- Path of the directory where constant databases are installed
- Default : J_CDBDIR
DB_CACHE_SIZE (Integer) - BerkeleyDB constant databases cache size
- Size of memory cache used by constant databases
- Default : 32M
DB_POLICY (String) - Policy database path
- File name of policy database
- Default : j-policy.db
POLICY_CONFLICT (Option) - What to do if users policy conflit
- This option defines how to decide which policy shall be applied when a message is sent to more than one recipient with incompatible policies.
- Values : DEFAULT/ONE_WIN/MAJORITY_WIN
- Default : DEFAULT
FROM_PASS_TOKEN (String) - Token
- Not yet implemented
- Default :
TO_PASS_TOKEN (String) - Token
- Not yet implemented
- Default :

Resolve cache database

RESOLVE_CACHE_ENABLE (Option) - Address resolution (IP address / hostname) cache
- The address resolution cache is used to avoid DNS queries to resolve address resolutions when quering the filter for some statistics.
- Values : NO/YES
- Default : YES
RESOLVE_CACHE_SYNC (Integer) - Interval between cache synchronization
- Default : 1m
RESOLVE_CACHE_CHECK (Integer) - Interval between cache maintenance
- When enabled, this option defines the periodicity at which maintenance operations will take place.
- Default : 1h
RESOLVE_CACHE_EXPIRE (Integer) - Expiration age of non refreshed entries
- During maintenance, entries older than the value defined
- Default : 2d

Sending Notification Messages

NOTIFY_SENDER (Option) - Enable sender notification
- When this option is enabled, notifications after virus or X-Files are sent to the message sender. This is, most of the time, a bad idea as virus are usually spread using forged addresses.
- Values : NO/YES
- Default : NO
NOTIFY_RCPT (Option) - Enable recipient notification
- When this option is enabled, notifications after virus or X-Files are sent to recipients
- Values : NO/YES
- Default : YES
J_SENDER (Option) - Sender address used for notification message
- This option defines the sender of notifications appearing in headers and, for some versions of the MTA, the enveloppe. If the special value SENDER is used, the sender will be preserved.
- Values : SENDER/OTHER
- Default : SENDER
J_SUBJECT (Option) - Subject of replacement notification message
- This option defines which will be the subject of the notification. If the special value SUBJECT is used then the message subject is preserved.
- Values : SUBJECT/OTHER
- Default : SUBJECT

Built-in X-File scanner

XFILES (Option) - What to do with X-files ? (OK, REJECT, NOTIFY, DISCARD)
- Values : OK/REJECT/NOTIFY/DISCARD/X-HEADER
- Default : OK
XFILES_FILE (String) - X-Files (file extension + MIME type) configuration
- Default : j-xfiles
XFILE_SAVE_MSG (Option) - Shall quarantine messages containing X-Files ?
- Values : NO/YES
- Default : YES
XFILE_SUBJECT_TAG (String) - Tag to be inserted on Subject
- Default :
XFILES_LOG_FILE (String) - Detected X-Files log file
- Default : J_XFILES_LOG

External virus scanner

This section contains the options to connect j-chkmail to an external virus scanner and what to do with the results

SCANNER_ACTION (Option) -
- This option enables the scanner and defines the action to perform whan a virus is found
- Values : OK/REJECT/NOTIFY/DISCARD/X-HEADER
- Default : OK
SCANNER_SOCK (String) - Communication socket between j-chkmail and external scanner
- This option defines the socket used by j-chkmail to connect to the external scanner.
- Syntax : inet:PORT@HOSTNAME | local:SOCKET_PATH
- Default : inet:2002@localhost
SCANNER_PROTOCOL (Option) - Protocol
- This option defines the protocol to be used with the scanner : CLAMAV or INTERNAL. The latter protocol type can be used by a generic scanner (see example at contrib directory).
- Values : INTERNAL/CLAMAV
- Default : CLAMAV
SCANNER_TIMEOUT (Integer) - Timeout waiting for the scanner answer
- This option defines the communication timeout between j-chkmail and the scanner. After this delay, if the scanner doesn't answer, j-chkmail will drop the scanner answer.
- Default : 15s
SCANNER_REJECT_ON_ERROR (Option) - Reject messages when scanner call returns an error
- This option defines the appropriate j-chkmail action when the scanner isn't available or times out : Reject (YES) or Temporary failure (NO).
- Values : NO/YES
- Default : NO
SCANNER_MAX_MSG_SIZE (Integer) - Max message size to pass to scanner
- Only messages smaller than this size will be scanned.
- Default : 100K
SCANNER_SAVE (Option) - Shall messages be quarantined ???
- When this option is enabled, messages with virus detected by the scanner will be left in quarantine directory after the transaction ends.
- Values : NO/YES
- Default : YES
VIRUS_LOG_FILE (String) - Detected Virus log file
- Virus found will be logged in this file.
- Syntax : file:filename or udp:port@hostname
- Default : J_VIRUS_LOG

Antispam checks (bayesian filter)

BAYESIAN_FILTER (Option) - Enable Bayesian filter
- Values : NO/YES
- Default : NO
BAYES_MAX_MESSAGE_SIZE (Integer) - Max message size
- Default : 100K
BAYES_MAX_PART_SIZE (Integer) - Max message part size
- Default : 30K
BAYES_HAM_SPAM_RATIO (Integer) - Ratio HAM/SPAM (times 1000)
- Default : 1000
BAYES_NB_TOKENS (Integer) - Number of tokens to consider
- Default : 64
BAYES_UNKNOWN_TOKEN_PROB (Integer) - Probability assigned to unknown tokens (times 1000)
- Default : 500
DB_BAYES (String) - Path of bayes tokens database
- Default : j-bayes.db

Antispam content check - URL Filtering (URLBL)

SPAM_URLBL (Option) - Do pattern matching
- Values : NO/YES
- Default : NO
DB_URLBL (String) - Database Real-Time URL Blacklist (used for content checking)
- Default : j-urlbl.db
DNS_URLBL (String) - DNS Real-Time URL Blacklist (used for content checking)
- Syntax : RBL[/CODE[/SCORE]] - multi.surbl.org/127.0.0.1/10
- Default : j-tables:DNS-URLBL

Antispam content check - Pattern Matching (REGEX)

SPAM_REGEX (Option) - Do pattern matching
- Values : NO/YES
- Default : NO
REGEX_FILE (String) - Regular expressions configuration file
- Default : j-regex
REGEX_MAX_SCORE (Integer) - Stop doing pattern matching when score is reached
- Default : 50
SPAM_REGEX_MAX_MSG_SIZE (Integer) - Max message size to do pattern matching
- Default : 40000
SPAM_REGEX_MAX_MIME_SIZE (Integer) - Max message size to do pattern matching
- Default : 15000
DUMP_FOUND_REGEX (Option) - Log founded regular expressions to file
- Values : NO/YES
- Default : YES
REGEX_LOG_FILE (String) - Matched pattern log file
- Default : J_REGEX_LOG

Antispam content check - Heuristic filtering (ORACLE)

SPAM_ORACLE (Option) - Do heuristic filtering
- Values : NO/YES
- Default : NO
ORACLE_SCORES_FILE (String) - Oracle scores
- Default : j-oracle:ORACLE-SCORES
ORACLE_DATA_FILE (String) - Some oracle definitions
- Default : j-oracle:ORACLE-DATA
LOG_LEVEL_ORACLE (Integer) - Heuristic filter log level (0, 1 or 2)
- Default : 1
ORACLE_STATS_FILE (String) - Statistics for Oracle (dumped each STATISTICS_INTERVAL seconds)
- Default : oracle-stats.log
ORACLE_COUNTERS_FILE (String) - Persistent state of Oracle
- Default : oracle-counters.log

Antispam content check - Resulting score handling

SCORE_ON_SUBJECT (Option) - Shall message score be inserted on Subject Header ?
- Values : NO/YES
- Default : NO
SCORE_ON_SUBJECT_TAG (String) - Tag to be inserted on Subject ?
- Default :
XSTATUS_HEADER (String) - Status header
- Default : X-j-chkmail-Status
XSTATUS_HEADER_HI_CONDITION (String) - When to add a 'X-j-chkmail-Status: HI' Header
- Syntax : Ex : (U=####|B=0.9|B=0.8|XXXX.*B=0.7)
- Default : score > 0.75
XSTATUS_HEADER_LO_CONDITION (String) - When to add a 'X-j-chkmail-Status: LO' Header
- Syntax : Ex : (U=####|B=0.9|B=0.8|XXXX.*B=0.7)
- Default : score > 0.65
XSTATUS_HEADER_UNSURE_CONDITION (String) - When to add a 'X-j-chkmail-Status: UNSURE' Header
- Syntax : Ex : (U=####|B=0.9|B=0.8|XXXX.*B=0.7)
- Default : score > 0.25
XSTATUS_HEADER_HAM_CONDITION (String) - When to add a 'X-j-chkmail-Status: HAM' Header
- Syntax : Ex : (U=####|B=0.9|B=0.8|XXXX.*B=0.7)
- Default : score < 0.25
XSTATUS_REJECT_CONDITION (String) - Reject message if this regular expression matches X-j-chkmail-score header
- Syntax : Ex : (U=####|B=0.9|B=0.8|XXXX.*B=0.7)
- Default :
XSTATUS_REJECT_ONLY_UNKNOWN (Option) -
- Values : NO/YES
- Syntax :
- Default : YES
XSTATUS_QUARANTINE_CONDITION (String) - If this regular expression matches X-j-chkmail-score header, the message is quarantined
- Syntax : Ex : (U=####|B=0.9|B=0.8|XXXX.*B=0.7)
- Default :
REMOVE_HEADERS (String) - List of headers to remove
- X-j-chkmail-Status,X-Spam-Flag,X-Spam-Status
- Syntax : NONE | List of comma separated headers
- Default : NONE
REMOVE_SCORES (String) - List of headers to remove
- X-j-chkmail-Status,X-Spam-Flag,X-Spam-Status
- Syntax : NONE | List of comma separated servers
- Default : NONE

DNS Realtime Black/White Lists

DNS_IPRBWL (String) - Real-Time Black/White Lists
- Syntax :
- Default : j-tables:DNS-IP-RBWL

Antispam checks (SMTP client behaviour)

CHECK_CONN_RATE (Option) - Enable connection rate limiting
- When enabled, j-chkmail will limit the number of connections, per SMTP client, evaluated on a sliding window of size 10 minutes
- Values : NO/YES
- Default : NO
MAX_CONN_RATE (Integer) - Max connection rate (can be redefined at j-policy database)
- This option defines the default max connection rate. This value can be overriden by those defined at policy database.
- Default : 15
CHECK_OPEN_CONNECTIONS (Option) - Enable simultaneous connections limiting
- When this feature is enabled, j-chkmail will limit the number of simultaneous connections, per SMTP client.
- Values : NO/YES
- Default : NO
MAX_CONN_OPEN (Integer) - Max open connections for a single IP on unknown network
- This option defines the default max number of simultaneous connections per SMTP client. This value can be overriden by those defined at policy database
- Default : 10
CHECK_EMPTY_CONNECTIONS (Option) - Check the number of empty connections
- Values : NO/YES
- Default : NO
MAX_EMPTY_CONN (Integer) - Maximum number of empty connections over 4 hours
- Default : 20
DELAY_CHECKS (Option) - Delay reject decisions
- When this option is enabled, reject decisions based on client behaviour (rate limits, too many errors, …) are reported till the first SMTP MAIL command, when client authentication information may be available.
- Values : NO/YES
- Syntax :
- Default : NO

Recipient checks

CHECK_BADRCPTS (Option) - Check the number or Bad Recipients
- Values : NO/YES
- Default : NO
MAX_BADRCPTS (Integer) - Maximum number of Bad Recipients over 4 hours
- Default : 10
CHECK_RCPT_ACCESS (Option) - Recipient Access and validation
- Values : NO/YES
- Default : NO
DB_RCPT (String) - Recipient database path
- Default : j-rcpt.db
SPAMTRAP_RESULT (Option) - Result from SPAM TRAP check
- Values : OK/REJECT/TEMPFAIL
- Default : OK
CHECK_SPAMTRAP_HISTORY (Option) - Reject connections from clients sending messages to spam traps
- Values : NO/YES
- Default : NO
CHECK_RCPT_RATE (Option) - Limit recipient rate for each SMTP client
- Values : NO/YES
- Default : NO
MAX_RCPT_RATE (Integer) - Max recipient rate (can be redefined at j-policy database)
- Default : 100
CHECK_NB_RCPT (Option) - Check the number of recipients for each message
- Values : NO/YES
- Default : NO
MAX_RCPT (Integer) - Max recipient per message for connections coming from unknown network
- Default : 200
CHECK_MSG_RATE (Option) - Limit recipient rate for each SMTP client
- Values : NO/YES
- Default : NO
MAX_MSG_RATE (Integer) - Max message rate (can be redefined at j-policy database)
- Default : 100
CHECK_NB_MSGS (Option) - Limit the number of messages per connection
- Values : NO/YES
- Default : NO
MAX_MSGS (Integer) - Maximum number of messages per connection
- Default : 100

Envelope checks

REJECT_BADEHLO (Option) - Check EHLO parameters
- Enable verification of EHLO contents.
- Values : NO/YES
- Syntax :
- Default : NO
BADEHLO_CHECKS (String) - EHLO parameter checks
- This option defines which verifications shall be done on EHLO parameter.
- Syntax : InvalidChar,ForgedIP,NotBracketedIP,NotFQDN,IdentityTheft,Regex,All
- Default : All
REJECT_BAD_NULL_SENDER (Option) - Check Bad '<>' Sender Address
- When this option is enabled, messages which sender is the NULL SENDER (<>) and sent to more than one recipient and the connection come from a SMTP client which NetClass isn't KNOWN
- Values : NO/YES
- Default : NO
CHECK_BAD_SENDER_MX (Option) - Check Bad Sender MX
- Enabling this option makes the filter check if the MX of the domain of the sender address is unreacheable, checking if the domain, hostname or IP address matches an entry at j-policy database.
- Values : NO/YES
- Default : NO
DEFAULT_BAD_MX_REPLY (String) - Default BAD MX reply.
- SMTP reply for this option.
- Default : 421:4.5.1:Unreacheable domain. Try again later !

Antispam checks (Miscelaneous)

REJECT_DATE_IN_FUTURE (Option) - Check if message date is far in the future (> 24 hours)
- Sometimes, spammers date the message in the future to make it appear at the top of unread messages.
- Values : NO/YES
- Default : NO
REJECT_DATE_IN_PAST (Option) - Check if message date is far in the past (> 1 year)
- This option can detect spams with malformed date. But this option can reject old legitimate bounced messages
- Values : NO/YES
- Default : NO
REJECT_SHORT_BODIES (Option) - Reject messages whose body length is too short
- Reject messages which body length is too short. Body length is evaluated on the raw body, including attached files, MIME tags, HTML tags, … In other words, all chars from since the end of the last header till the end of the message. OBS : this feature doesn't reject messages coming from known networks, nor messages typically sent by mail list manager software.
- Values : NO/YES
- Default : NO
MIN_BODY_LENGTH (Integer) - Minimum body length
- This option defines the minimum message body length to accept.
- Default : 10
DROP_DELIVERY_NOTIFICATION_REQUEST (Option) - Drop headers requesting delivery notification
- When this option is enabled, existing headers asking for delivery notification are removed.
- Values : NO/YES
- Default : NO
ENCODING_BINARY (Option) - Full Binary encoded message (deprecated)
- Values : OK/REJECT/TEMPFAIL
- Default : OK
NO_TO_HEADERS (Option) - Messages without To header (deprecated)
- Values : OK/REJECT/TEMPFAIL
- Default : OK
NO_FROM_HEADERS (Option) - Messages without From header (deprecated)
- Values : OK/REJECT/TEMPFAIL
- Default : OK
NO_HEADERS (Option) - Messages with no header (deprecated)
- Values : OK/REJECT/TEMPFAIL
- Default : OK

Reverse resolution of SMTP client IP address

CHECK_RESOLVE_FAIL (Option) - What to do if client DNS resolution fails
- Enable verification if client IP address has reverse resolution.
- Values : NO/YES
- Default : NO
CHECK_RESOLVE_FORGED (Option) - What to do if client DNS resolution is forged
- Enable verification if client IP address is forged (direct and reverse resolution matches).
- Values : NO/YES
- Default : NO
MAX_BAD_RESOLVE (Integer) - —-
- Maximum number of connections accepted on a temporal sliding window of length 4 hours, if SMTP client doesn't
- Default : 10
RESOLVE_FAIL_NETCLASS (String) - Resolve Fail NetClass
- This option defines, if its value isn't empty, a network class (NetClass) to assign to unknown SMTP clients without reverse IP address resolution.
- Default :
RESOLVE_FORGED_NETCLASS (String) - Resolve Forged NetClass
- This option defines, if its value isn't empty, a network class (NetClass) to assign to unknown SMTP clients which reverse and direct IP address resolutin doesn't doesn't match.
- Default :

Greylisting

GREY_CHECK (Option) - Enable greylisting filter
- Values : NO/YES
- Default : NO
GREY_MODE (Option) - Greylist mode
- This option defines if the filter is autonomous with its own data or if it's also access data in a j-greyd greylisting server
- Values : STANDALONE/CLIENT
- Default : STANDALONE
GREY_SOCKET (String) - Remote Greylist Server Socket when running in CLIENT mode
- When configured to access a j-greyd server, this option defines the IP address and port where j-greyd listens.
- Default : inet:2012@127.0.0.1
GREY_CONNECT_TIMEOUT (Integer) - Timeout to connect go j-grey server when running in CLIENT mode
- Default : 10s
GREY_MIN_DELAY_NORMAL (Integer) - Greylist delay for normal messages
- Default : 10m
GREY_MIN_DELAY_NULLSENDER (Integer) - Greylist delay for null sender messages
- Default : 10m
GREY_MAX_DELAY_NORMAL (Integer) - Lifetime for pending entries (normal messages)
- Default : 3d
GREY_MAX_DELAY_NULLSENDER (Integer) - Lifetime for pending entries (null sender messages)
- Default : 6h
GREY_VALIDLIST_LIFETIME (Integer) - Lifetime for inactive whitelisted entries
- Default : 1w
GREY_WHITELIST_LIFETIME (Integer) - Lifetime for inactive whitelisted entries
- Default : 2w
GREY_BLACKLIST_LIFETIME (Integer) - Lifetime for blacklisted entries
- Default : 1d
GREY_MAX_PENDING_NORMAL (Integer) - Max normal pending messages
- The value of this option defines the maximum of entries waiting to be validated, per SMTP client, before adding new entries. Setting this option to 0 means no limit.
- Syntax :
- Default : 0
GREY_MAX_PENDING_NULLSENDER (Integer) - Max null sender pending messages
- This option has the same meaning than GREY_MAX_PENDING_NORMAL, but applied to NULLSENDER.
- Syntax :
- Default : 0
GREY_COMPAT_DOMAIN_CHECK (Option) - Enable/disable domain compatibility (sender domain/SMTP client domain)
- Values : NO/YES
- Default : YES
GREY_IP_COMPONENT (String) - How to construct IP part of ntuple
- Syntax : NONE | FULL | NET
- Default : NET
GREY_FROM_COMPONENT (String) - How to construct FROM part of ntuple
- Syntax : NONE | FULL | HOST | USER
- Default : HOST
GREY_TO_COMPONENT (String) - How to construct TO part of ntuple
- Syntax : NONE | FULL | HOST | USER
- Default : FULL
GREY_REPLY (String) - Greylisting reply
- When the greylisting filter rejects a message, this defines the reply codes and message to be sent back.
- Syntax : 4nn:4.x.y:message
- Default : 451:4.3.2:Temporary failure ! Come back later, please !
GREY_CLEANUP_INTERVAL (Integer) - Greylist database cleanup interval
- Default : 10m
GREY_DEWHITE_FLAGS (String) - Which criteria utilise to purge greylisting databases ???
- Syntax : None BadResolve DomainMatch BadRCPT SpamTrap BadMX BadClient Spammer All
- Default : DomainMatch
GREY_LOG_FILE (String) - The expired entries log file
- This is the file where expired entries can be logged. Don't enable this feature on busy servers
- Syntax :
- Default : J_GREY_LOG

Greylisting - j-greyd specific

This section presents parameters which are exclusive to j-greyd greylisting server.

GREYD_SOCKET_LISTEN (String) - j-greyd Listen Socket
- This is the j-greyd server listening socket.
- Default : inet:2012@0.0.0.0
GREYD_LOG_FACILITY (String) - syslog facility
- Default : local6
GREYD_LOG_LEVEL (Integer) - j-greyd log level
- Default : 10
GREYDDIR (String) - j-greyd working directory
- The directory where j-greyd will save its databases.
- Default : J_GREYDDIR
GREYD_PID_FILE (String) - j-greyd pid file
- Default : J_GREYD_PID_FILE
GREYD_CLIENT_IDLE_MAX (Integer) - Maximum inactivity time (after this connection will be closed)
- j-greyd server will disconnect clients inactive longer than this delay.
- Default : 300

Headline