[SLE] Postfix policy greylist package.
From: Guillermo Ballester Valor (gbv_at_oxixares.com)
Date: 02/28/05
- Previous message: Hugo: "[SLE] Moving Samba PDC from old RH to SuSE 9.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: Mon, 28 Feb 2005 11:55:15 +0100
Hello,
As a fruit of my battle with spammers, virus et al. I also implemented the
greylist policy server in an rpm package form. The core, is a simple perl
script wich is included in the postfix package docs and examples.
The trick of greylist is first time a client tries to send an e-mail it is
responded as 'Service Unavailable' if it were accepted, so actually is not
distributed nor accepted. Next time the same client tries to send the same
mail, greylist response is 'DUNNO' so the mail follows its normal process,
and it can suffer other resrictions.
The positive site is that most of spammers and virus will not try to send the
mail a second time, where all the usual MTA will try to send again the same
mail after few minutes. The astonish result is we kill the most part of
undesired mail. The negative part is we introduce a small delay in mail
delivery.
To implement this policy into postfix 2.1.x, you need to install the package
postfix-policyd-greylist you can get for SuSE 8.2, 9.0 and 9.2 here:
ftp://ftp.gwdg.de/pub/linux/misc/suser-gbv/rpms
And then add the line from /etc/postfix/master.cf:
policy-greylist unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/lib/postfix/smtpd-policy-greylist.pl
in file '/etc/postfix/master.cf' and you also have to add the
'check_policy_service unix:private/policy-greylist' restriction in file
'/etc/postfix/main.cf'. Tipically you should add it to
'smtpd_recipient_restrictions' list as is in the following lines
smtpd_recipient_restrictions =
...
reject_unknown_sender_domain
reject_unauth_destination
check_policy_service unix:private/policy-greylist
...
NOTE: specify check_policy_service AFTER reject_unauth_destination
or else your system can become an open relay.
Once you've modified the files, you can load the new configuration
with
rcpostfix reload
if you already had your postfix running.
This greylist policy can run with SPF policy you can find in the same
directory. Today I've also released a new SPF package release with some more
docs.
Hope this help you in the battle against undesired mail.
Guillermo.
-- Guillermo Ballester Valor gbv@oxixares.com Ogijares, Granada SPAIN Linux user #117181. See http://counter.li.org/ Public GPG KEY http://www.oxixares.com/~gbv/pubgpg.html -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Hugo: "[SLE] Moving Samba PDC from old RH to SuSE 9.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
