190 lines
6.7 KiB
Django/Jinja
190 lines
6.7 KiB
Django/Jinja
{{ ansible_header | comment }}
|
|
|
|
#########################
|
|
## SQLgrey config file ##
|
|
#########################
|
|
|
|
# Notes:
|
|
# - Unless specified otherwise commented settings are SQLgrey's defaults
|
|
# - SQLgrey uses a specific config file when called with -f <conf_file>
|
|
|
|
## Configuration files
|
|
# conf_dir = /etc/sqlgrey
|
|
|
|
## Log level
|
|
# Uncomment to change the log level (default is normal: 2)
|
|
# nothing: O, errors only: 0, warnings: 1, normal: 2, verbose: 3, debug: 4
|
|
loglevel = 2
|
|
|
|
## log categories can be fine-tuned,
|
|
# here are the log messages sorted by types and levels,
|
|
# (anything over the loglevel is discarded):
|
|
#
|
|
# grey : (0) internal errors,
|
|
# (2) initial connections, early reconnections,
|
|
# awl matches, successful reconnections, AWL additions,
|
|
# (3) smart decision process debug,
|
|
# whitelist: (2) whitelisted connections,
|
|
# (3) actual whitelist hit,
|
|
# (4) whitelists reloads,
|
|
# optin: (3) optin/optout global result
|
|
# (4) optin/optout SQL query results
|
|
# spam : (2) attempts never retried,
|
|
# mail : (1) error sending mails,
|
|
# (4) rate-limiter debug,
|
|
# dbaccess : (0) DB errors,
|
|
# (1) DB upgrade,
|
|
# (2) DB upgrade details,
|
|
# martians : (2) invalid e-mail addresses,
|
|
# perf : (2) cleanup time,
|
|
# system : (0) error forking,
|
|
# (3) forked children PIDs, children exits,
|
|
# conf : (0) errors in config files, missing required file,
|
|
# (1) warnings in config files,
|
|
# missing optional configuration files,
|
|
# (2) reloading configuration files,
|
|
# other : (4) Startup cleanup
|
|
# you can set a level to O (capital o) to disable logs completely,
|
|
# but be aware that then SQLgrey can come back to haunt you...
|
|
|
|
# Provide a coma-separated "logtype:loglevel" string
|
|
# For example if you set the loglevel to 3 (verbose) but want SQLgrey to be:
|
|
# . quiet for whitelists
|
|
# . normal for greylisting
|
|
# uncomment the following line.
|
|
# log_override = whitelist:1,grey:2
|
|
# By default, log_override is empty
|
|
|
|
## Log identification
|
|
# by default this is the process name. If you define the following variable
|
|
# SQLgrey will use whatever you set it to
|
|
# log_ident =
|
|
|
|
## username and groupname the daemon runs as
|
|
user = sqlgrey
|
|
group = nogroup
|
|
|
|
## Socket
|
|
# On which socket do SQLgrey wait for queries
|
|
# use the following if you need to bind on a public IP address
|
|
# inet = <public ip>:port
|
|
# default :
|
|
# inet = 2501 # bind to localhost:2501
|
|
|
|
## PID
|
|
# where to store the process PID
|
|
# pidfile = /var/run/sqlgrey.pid
|
|
|
|
## Config directory
|
|
# where to look for other configuration files (whitelists)
|
|
# confdir = /etc/sqlgrey
|
|
|
|
## Greylisting delays
|
|
# If you want to be really strict (RFC-wise) use these
|
|
# This is *not* recommended, you'll have false positives
|
|
# reconnect_delay = 15 # don't allow a reconnection before 15 minutes
|
|
# max_connect_age = 2 # don't allow a reconnection after 2 hours
|
|
|
|
# default: (based on real-life experience)
|
|
reconnect_delay = 6
|
|
max_connect_age = 24
|
|
|
|
## Throttling too many new entries from new host
|
|
# Setting this optional parameter will refuse an excessive number of
|
|
# new entries in the connect table from the same host, in the following
|
|
# manner:
|
|
# - If there are already "connect_src_throttle" entries in the connect
|
|
# table from the same host (e-mails which have not been retried yet)
|
|
# - And there is NO entry for this host in domain_awl
|
|
# - And there are LESS than "connect_src_throttle" entries in the
|
|
# from_awl table for this host
|
|
# THEN further incoming connections from this host will be (temporarily)
|
|
# refused without new entries being created in the connect table (until
|
|
# some already waiting entries have been successfully retried).
|
|
# This feature may prevent the connect table from growing too big and
|
|
# being polluted by spambots, viruses, zombie machines and the like.
|
|
# If set to "0" (default), this feature won't be used.
|
|
connect_src_throttle = 5
|
|
|
|
|
|
## Auto whitelists settings
|
|
# default is tailored for small sites
|
|
# awl_age = 60
|
|
# group_domain_level = 2
|
|
|
|
# For bigger sites you may want
|
|
# a smaller awl_age and a bigger group_domain_level
|
|
# AWL must be renewed at least once a month
|
|
# 32 > 31 (max delay between monthly newsletters)
|
|
awl_age = 33
|
|
# wait for 10 validated adresses to add a whole
|
|
# domain in AWL
|
|
group_domain_level = 10
|
|
|
|
## Database settings
|
|
# instead of Pg below use "mysql" for MySQL, "SQLite" for SQLite
|
|
# any DBD driver is allowed, but only the previous 3 have been tested
|
|
db_type = Pg
|
|
db_name = sqlgrey
|
|
# Note: the following are not used with SQLite
|
|
# On laisse pgsql meme pour ovh, sqlgrey sait detecter s'il perd le
|
|
# lien avec la base.
|
|
db_host = pgsql.adm.crans.org
|
|
|
|
db_user = sqlgrey
|
|
# db_pass = spaces_are_not_supported
|
|
# db_cleandelay = 1800 # in seconds, how much time between database cleanups
|
|
# clean_method = sync # sync : cleanup is done in the main process,
|
|
# delaying other operations
|
|
# async: cleanup is done in a forked process,
|
|
# it won't delay mail processing
|
|
# BEWARE: lockups have been reported
|
|
# and are still investigated
|
|
|
|
## X-Greylist header added?
|
|
# This adds delay, whitelist and autowhitelist information in the headers
|
|
prepend = 1
|
|
|
|
## Greylisting method:
|
|
# - full : greylist by IP address
|
|
# - classc : greylist by class C network. eg:
|
|
# 2.3.4.6 connection accepted if 2.3.4.145 did connect earlier
|
|
# - smart : greylist by class C network unless there is no reverse lookup
|
|
# or it looks like a home-user address
|
|
# Default is smart
|
|
greymethod = smart
|
|
|
|
## Optin/Optout (see README.OPTINOUT for details)
|
|
# - none : everyone is greylisted (default)
|
|
# - optin : one must optin to have its (incoming) messages being greylisted
|
|
# - optout : one must optout to not have its messages being greylisted
|
|
optmethod = optout
|
|
|
|
## SQLgrey return value.
|
|
# SQLgrey can tell Postfix to:
|
|
# - immediately reject a message with a temporary reject code
|
|
# - only do so if following rules would allow the message to pass
|
|
# The first choice will prevent Postfix from spending time evaluating
|
|
# potentially expensive rules.
|
|
# In some cases you may want following rules to be aware of the connection
|
|
# this.
|
|
#
|
|
# We can specify a different rejection strategy for the first connection
|
|
# attempt, and for early reconnections. 'immed' chooses immediate rejection
|
|
# 'delay' choose delayed rejection
|
|
#
|
|
# By default we use delay on first attempt
|
|
# reject_first_attempt = delay
|
|
# Default for early reconnection is the value affected to reject_first_attempt
|
|
# reject_early_reconnect = delay
|
|
|
|
## Update server
|
|
# where to get updates for whitelists
|
|
# whitelists_host = sqlgrey.bouton.name
|
|
|
|
## Postmaster address
|
|
# who gets urgent notifications (DB is down for example)
|
|
# default or empty: don't send mail notifications
|
|
admin_mail = roots@crans.org
|
|
|