Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Postfix Documentation
Previous Page Home Next Page

Example: greylist policy server

Greylisting is a defense against junk email that is described at https://www.greylisting.org/. The idea was discussed on the postfix-users mailing list one year before it was popularized.

The file examples/smtpd-policy/greylist.pl in the Postfix source tree implements a simplified greylist policy server. This server stores a time stamp for every (client, sender, recipient) triple. By default, mail is not accepted until a time stamp is more than 60 seconds old. This stops junk mail with randomly selected sender addresses, and mail that is sent through randomly selected open proxies. It also stops junk mail from spammers that change their IP address frequently.

Copy examples/smtpd-policy/greylist.pl to /usr/libexec/postfix or whatever location is appropriate for your system.

In the greylist.pl Perl script you need to specify the location of the greylist database file, and how long mail will be delayed before it is accepted. The default settings are: 

$database_name="/var/mta/greylist.db";
$greylist_delay=60;

The /var/mta directory (or whatever you choose) should be writable by "nobody", or by whatever username you configure below in master.cf for the policy service.

Example: 

# mkdir /var/mta
# chown nobody /var/mta

Note: DO NOT create the greylist database in a world-writable directory such as /tmp or /var/tmp, and DO NOT create the greylist database in a file system that may run out of space. Postfix can survive "out of space" conditions with the mail queue and with the mailbox store, but it cannot survive a corrupted greylist database. If the file becomes corrupted you may not be able to receive mail at all until you delete the file by hand.

The greylist.pl Perl script can be run under control by the Postfix master daemon. For example, to run the script as user "nobody", using a UNIX-domain socket that is accessible by Postfix processes only: 

1 /etc/postfix/
master.cf:
2     policy  unix  -       n       n       -       -       spawn
3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4 
5 /etc/postfix/
main.cf:
6      policy_time_limit = 3600

Notes:

  • Line 3: Specify "greylist.pl -v" for verbose logging of each request and reply.

  • Lines 2, 6: the Postfix spawn(8) daemon by default kills its child process after 1000 seconds. This is too short for a policy daemon that may run for as long as an SMTP client is connected to an SMTP server process. The default time limit is overruled in main.cf with an explicit "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix.

On Solaris you must use inet: style sockets instead of unix: style, as detailed in the " Policy client/server configuration" section above. 

1 /etc/postfix/
master.cf:
2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4 
5 /etc/postfix/
main.cf:
6      127.0.0.1:9998_time_limit = 3600

To invoke this service you would specify " check_policy_service inet:127.0.0.1:9998".

Postfix Documentation
Previous Page Home Next Page