Man Linux: Main Page and Category List


       grossd.conf - Greylisting of Suspicious Sources daemon configuration




       grossd(8) reads configuration data from /etc/grossd.conf (or the file
       specified with -f on the command line).  An example configuration file
       is installed by default.  You have to set some configuration options in
       order to get grossd(8) running in your environment.  The format is as

          name = value [ ; param ] ...

       Not all options accept parameters - refer to individual descriptions.
       The comment separator is ‘#’, everything after it is ignored by the
       config file parser.

   Network configuration options
           is the address the server should listen for queries.  Default is

           is the port the server should listen for queries.  Default is 5525.

           is the address to listen for communication with the peer.  It
           defaults to the host setting.

           is the address of the peer used when running in clustered mode.

           is the tcp port number to listen to and connect to in communication
           with the peer.  Default is 5524.

           is the address grossd(8) listens for status queries.  Default is

           is the port number grossd(8) listens for status queries.  Default
           is 5522.

           activates the server protocols grossd(8) will support.  Valid
           settings are ‘sjsms’, ‘postfix’ and ‘milter’.

           is the socket address for the Milter service.  The format is
           ‘proto:port@host’.  Refer to Milter documentation for the

   Core server options
       You can probably leave the default values for these settings.  If your
       daily mail flow exceeds millions of messages per day you may want to
       tweak query_timelimit and/or pool_maxthreads.  If you run grossd(8) in
       a server with limited memory you may want to adjust filter_bits.

           is the size of the Bloom filter.  The size will be 2^filter_bits.
           Lowering this value will increase the probability of false matches
           in each individual filter.  Default is 24.

           is the number of Bloom filters used in the ring queue.  Raising
           this value will cause an entry to stay in the server’s memory
           longer.  Default is 8.

           is the number of seconds between Bloom filter rotations.  Let N :=
           number_buffers and I := rotate_interval.  An entry will stay in the
           server’s memory for N - 0.5 * I seconds on average.  Defaults to
           3600 seconds (one hour).

           is the way server updates the database. Valid options are ‘grey’
           and ‘always’.  If set to ‘grey’, which is the default, grossd(8)
           will update the database only if the response is ‘STATUS_GREY’.
           Setting it to ‘always’ may reduce the impact on DNS servers.

           is the mask for grossd(8) to use when matching the ‘smtp-client-ip’
           against the database.  Default is 24, which makes grossd(8) to
           treat addresses like a.b.c.d as a.b.c.0.  Setting grey_mask to 32
           makes grossd(8) to require that consecutive attempts are made from
           the same ‘smtp-client-ip’.

           is the full path of the file that the server uses to store the
           state information.  Default is not to have a statefile.  You may
           want to configure a statefile especially if you do not configure

           is the full path of the file grossd(8) writes its pid into.  You
           can set parameter ‘check’, if you want to keep grossd(8) from
           starting should pidfile already exist.

Query constraints

           is the time in seconds new triplets are kept on the greylist.
           Default is 180.

           is the query timeout in milliseconds.  You may have to adjust this
           if you exceed millions of queries a day.

           is the maximum threadcount per pool.  You may have to raise the
           limit from the default if you get more than 100 queries per second
           and/or have slow DNS servers.  The rule of thumb is to decide how
           many queries you want grossd(8) to be able to handle per second,
           and multiply that with query_timelimit (in seconds, of course).  It
           defaults to 100.

   Configuring server responses
           is the threshold after which grossd(8) sends a permanent error to
           the client.  Every check that considers ‘smtp-client-ip’ as
           suspicious returns a value (check weight).  When sum of these
           values gets equivalent or greater than block_threshold grossd(8)
           sends a STATUS_BLOCK response.  Default is 0 which disables this

           is the reason given when client is too suspicious, see
           block_threshold.  Default is “Bad reputation”.

           is analogous to block_threshold, except at the threshold grossd(8)
           sends a STATUS_GREY response. Default is 1. If set to 0 grossd(8)
           will greylist by default. This makes it possible to combine a
           traditional greylister and rbl checks.

           is the reason given when client is suspicious enough to be
           greylisted, see grey_threshold.  Default is “Please try again

   Logging options
           is used to choose the logging method.  Currently the only
           implemented method is ‘syslog’, which is the default.

           sets the logging verbosity.  Possible values in the order of
           increasing verbosity are ‘error’, ‘warning’, ‘notice’, ‘info’ and
           ‘debug’.  log_level defaults to ‘info’.

           is the facility syslog sends log messages with.  It defaults to

           is the name of the requested statistic.  It is of multivalued type.
           The valid options are:
               ‘full’                log all possible statistics,
               ‘none’                no statistics logging,
               ‘status’              basic set of statistics,
               ‘since_startup’       basic set since the startup and
               ‘delay’               log processing delay statistics.

           Default is ‘none’.  Setting both ‘none’ and ‘full’ is undefined.

           is the number of seconds between status log entries.  Default is

   Configuring checks
           is a multivalued option, that is, you can configure multiple checks
           by setting check option multiple times.  Currently implemented
           checks are ‘dnsbl’, ‘dnswl’, ‘rhsbl’ and ‘blocker’.  Refer to
           sections describing the checks below.  If you don’t configure any
           checks grossd(8) will act as a traditional greylisting server.

           is a DNS domain name of the dnsbl that ‘dnsbl’ check will query.
           There are no defaults, but the default configuration file lists a
           few as an example.  If you have any locally administered block
           lists then you should be aware that grossd(8) makes all queries as
           fully qualified.  You may assign different weights for the dnsbls,
           default weight is 1.  Refer to grey_threshold and block_threshold
           about the weights. dnsbl is a multivalued option.

           is analogous to dnsbl.  Remember that dnswl is a definitive check,
           that is grossd(8) waits for the check to complete before deciding
           how to respond.  This may cause unwanted latency, although you can
           adjust the maximum latency by query_timelimit option.  dnswl is
           highly recommended if you use grossd(8) as a traditional
           greylister.  This is a multivalued option.

           is analogous to dnsbl, but the check is made with the right hand
           side of the sender address (the email domain) instead of the IP
           address.  This is a multivalued option.

           is the host name of the Sophos blocker server.  This is used only
           if check = ‘blocker’ is set.

           is the TCP port of the Sophos blocker service.  Default is 4466.

           is the weight of the blocker check.  See description of
           grey_threshold and block_threshold regarding the weights.

   Sun Java System Messaging Server specific options
       You may configure the responses grossd(8) sends over to grosscheck

           is the mapping result template grossd(8) uses for a STATUS_GREY
           result.  Default is ‘$X4.4.3|$N%reason%’, where ‘%reason%’ is the
           template for the reason string.

           is the mapping result template grossd(8) uses for a STATUS_MATCH
           result.  Default is ‘$Y’.

           is the mapping result template grossd(8) uses for a STATUS_TRUST
           result.  Default is ‘$Y’.

           is the mapping result template grossd(8) uses for a STATUS_BLOCK
           result.  Default is ‘$N%reason%’, where ‘%reason%’ is the template
           for the reason string.

   Postfix specific options
           is the response template grossd(8) uses for a STATUS_GREY result.
           Default is ‘action=defer_if_permit %reason%’, where ‘%reason’ is
           the template for the reason string.

           is the response template grossd(8) uses for a STATUS_BLOCK result.
           Default is ‘action=reject %reason%’, where ‘%reason’ is the
           template for the reason string.


   Sun Java System Messaging Server
       You have to add a mapping entry to set SJSMS to query grossd(8). It’s
       also a good idea to exclude postmaster and abuse addresses before
       querying grossd(8).

       Here is an example:


         ! allow all DSNs and MDNs
           TCP|*|*|*|*|*|*|tcp_local||*|*  $Y$E
         ! allow all incoming mail to postmaster and abuse
           TCP|*|*|*|*|*|*|tcp_local|*|*|postmaster@*  $Y$E
           TCP|*|*|*|*|*|*|tcp_local|*|*|abuse@*  $Y$E
         ! use gross to check all triplets (client_ip,sender,recipient)

       Mapping call parameters are as follows:
           1. full path of the
           2. function name to call (always grosscheck)
           3. first server’s IP address,
           4. second server’s IP address,
           5. UDP port for server connections,
           6. SMTP client’s IP address,
           7. envelope sender’s email address,
           8. envelope recipient’s email address,
           9. HELO/EHLO string.

       Grossd implements native Postfix policy delegation protocol. Just
       specify grossd server address at the ‘smtpd_recipient_restrictions’ in
       the main configuration file :

             smtpd_recipient_restrictions =
                 check_policy_service inet:host:port

       Refer to Postfix documentation at <> for

       Exim can be configured to query grossd(8) via Postfix policy delegation

       Main section:

         GROSS_QUERY = sender=$sender_address\\n\\

       Acl section:

         # gross
           set acl_c0 = ${readsocket{inet:}{GROSS_QUERY}}

           message = Please try again later.
           condition = ${if match {$acl_c0}{action=defer_if_permit}}

           message = ${if match {$acl_c0}{action=reject (.*)}{$1}\\
             {Rejected by Gross.}}
           condition = ${if match {$acl_c0}{action=reject}}

       Sendmail can query grossd via milter protocol. Insert this in and configure milter_listen accordingly:

         INPUT_MAIL_FILTER(‘Gross’, ‘S=inet:5523@localhost, T=R:20s’)

       You can check if your version of Sendmail has Milter support compiled
       in by issuing the following command:

         sendmail -bt -d0.1



       Gross project site: <>

       Bloom filters: <>


       Eino Tuominen and Antti Siira

                                  2008-05-04                         grossd(5)