'[SLE] Postfix policy greylist package.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-e
Subject:    [SLE] Postfix policy greylist package.
From:       Guillermo Ballester Valor <gbv () oxixares ! com>
Date:       2005-02-28 10:55:15
Message-ID: 200502281155.15401.gbv () oxixares ! com
[Download RAW message or body]

Hello,

As a fruit of my battle with spammers, virus et al.  I also implemented the 
greylist policy server in an rpm package form. The core, is a simple perl 
script wich is included in the postfix package docs and examples.

The trick of greylist is first time a client tries to send an e-mail it is 
responded as 'Service Unavailable' if it were accepted, so actually is not 
distributed nor accepted. Next time the same client tries to send the same 
mail, greylist response is 'DUNNO' so the mail follows its normal process,  
and it can suffer other resrictions.

The positive site is that most of spammers and virus will not try to send the 
mail a second time, where all the usual MTA will try to send again the same 
mail after few minutes. The astonish result is we kill the most part of 
undesired mail.  The negative part is we introduce a small delay in mail 
delivery.

To implement this policy into postfix 2.1.x, you need to install the package 
postfix-policyd-greylist you can get for SuSE 8.2, 9.0 and 9.2 here:

ftp://ftp.gwdg.de/pub/linux/misc/suser-gbv/rpms

And then add the line from /etc/postfix/master.cf:

  policy-greylist  unix  -       n       n       -       -       spawn
    user=nobody argv=/usr/bin/perl /usr/lib/postfix/smtpd-policy-greylist.pl

in file '/etc/postfix/master.cf' and you also have to add the
'check_policy_service unix:private/policy-greylist' restriction in file
'/etc/postfix/main.cf'. Tipically you should add it to
'smtpd_recipient_restrictions' list as is in the following lines

    smtpd_recipient_restrictions =
        ...
       reject_unknown_sender_domain
       reject_unauth_destination
       check_policy_service unix:private/policy-greylist
        ...

NOTE: specify check_policy_service AFTER reject_unauth_destination
or else your system can become an open relay.

Once you've modified the files, you can load the new configuration
with

    rcpostfix reload

if you already had your postfix running.

This greylist policy can run with SPF policy you can find in the same 
directory. Today I've also released  a new SPF package release with some more 
docs. 
 
Hope this help you in the battle against undesired mail.

Guillermo.
 
-- 
Guillermo Ballester Valor
gbv@oxixares.com
Ogijares, Granada  SPAIN
Linux user #117181. See http://counter.li.org/
Public GPG KEY http://www.oxixares.com/~gbv/pubgpg.html

 

-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic