Postgrey


 * "Postgrey is a Postfix policy server implementing greylisting" -- [web site]
 * Responding to this SAC ticket

Dependencies
It uses the BerkeleyDB, and other, perl modules. Perl's -MCPAN install option was failing on building BerkeleyDB module, so RPMs were gathered from searches to pbone.net for RHEL4. Then they were installed like this: sudo rpm -i perl-BerkeleyDB-0.33-1.el4.rf.i386.rpm perl-IO-Multiplex-1.09-3.el4.pp.noarch.rpm perl-Net-Server-0.97-2.el4.pp.noarch.rpm postgrey-1.31-1.el4.rf.noarch.rpm

Install & Config

 * For more install instructions see the manual (man) pages for postgrey on the server.
 * Edit /etc/postfix/main.cf file adding:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, #reject_rbl_client list.dsbl.org, #reject_rbl_client sbl.spamhaus.org, #reject_rbl_client zen.spamhaus.org, #reject_rbl_client lists.spam.sux.com, check_policy_service unix:postgrey/socket, permit

Note: The reject_rbl_client lines are for real time blacklisting and have been commented because this is most likely more aggressive spam filtering than we require. I put them there as examples of additional filtering that could be done.

$ sudo /sbin/service postgrey start $ sudo /sbin/chkconfig --level 2345 postgrey $ sudo /sbin/service postfix restart $ sudo tail -f /var/log/maillog |grep Greylist
 * start postgrey daemon/service
 * set postgrey to start on boot
 * restart postfix daemon/service
 * you can watch the greylisting in : /var/log/maillog

To revert back to original (pre greylisting) config
Edit /etc/postfix/main.cf and comment out lines 222 to 236 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, #reject_rbl_client list.dsbl.org, #reject_rbl_client sbl.spamhaus.org, #reject_rbl_client zen.spamhaus.org, #reject_rbl_client lists.spam.sux.com, check_policy_service unix:postgrey/socket, permit

Restart postfix

$ sudo systemctl restart postfix