Difference between revisions of "Postgrey"
Jump to navigation
Jump to search
| (8 intermediate revisions by 4 users not shown) | |||
| Line 8: | Line 8: | ||
* For more install instructions see the manual (man) pages for postgrey on the server. | * For more install instructions see the manual (man) pages for postgrey on the server. | ||
| − | * | + | * Edit /etc/postfix/main.cf file adding: |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | = | + | smtpd_recipient_restrictions = permit_mynetworks, |
| + | permit_sasl_authenticated, | ||
| + | reject_invalid_hostname, | ||
| + | reject_non_fqdn_hostname, | ||
| + | reject_non_fqdn_sender, | ||
| + | reject_unauth_destination, | ||
| + | reject_unknown_recipient_domain, | ||
| + | reject_unauth_pipelining, | ||
| + | reject_unauth_destination, | ||
| + | #reject_rbl_client list.dsbl.org, | ||
| + | #reject_rbl_client sbl.spamhaus.org, | ||
| + | #reject_rbl_client zen.spamhaus.org, | ||
| + | #reject_rbl_client lists.spam.sux.com, | ||
| + | check_policy_service unix:postgrey/socket, | ||
| + | permit | ||
| + | Note: The reject_rbl_client lines are for real time blacklisting and have been | ||
| + | commented because this is most likely more aggressive spam filtering | ||
| + | than we require. I put them there as examples of additional filtering that | ||
| + | could be done. | ||
| + | |||
| + | * start postgrey daemon/service | ||
| + | $ sudo /sbin/service postgrey start | ||
| + | * set postgrey to start on boot | ||
| + | $ sudo /sbin/chkconfig --level 2345 postgrey | ||
* restart postfix daemon/service | * restart postfix daemon/service | ||
| − | * watch: /var/log/ | + | $ sudo /sbin/service postfix restart |
| − | + | * you can watch the greylisting in : /var/log/maillog | |
| + | $ sudo tail -f /var/log/maillog |grep Greylist | ||
| + | |||
| + | == To revert back to original (pre greylisting) config == | ||
| + | |||
| + | Edit /etc/postfix/main.cf and comment out lines 222 to 236 | ||
| + | |||
| + | smtpd_recipient_restrictions = permit_mynetworks, | ||
| + | permit_sasl_authenticated, | ||
| + | reject_invalid_hostname, | ||
| + | reject_non_fqdn_hostname, | ||
| + | reject_non_fqdn_sender, | ||
| + | reject_unauth_destination, | ||
| + | reject_unknown_recipient_domain, | ||
| + | reject_unauth_pipelining, | ||
| + | reject_unauth_destination, | ||
| + | #reject_rbl_client list.dsbl.org, | ||
| + | #reject_rbl_client sbl.spamhaus.org, | ||
| + | #reject_rbl_client zen.spamhaus.org, | ||
| + | #reject_rbl_client lists.spam.sux.com, | ||
| + | check_policy_service unix:postgrey/socket, | ||
| + | permit | ||
| + | |||
| + | |||
| + | Restart postfix | ||
| + | |||
| + | $ sudo systemctl restart postfix | ||
| + | |||
| + | == References == | ||
| + | * http://www.howtoforge.com/greylisting_postfix_postgrey | ||
[[Category: Infrastructure]] | [[Category: Infrastructure]] | ||
| + | [[Category:Services]] | ||
Latest revision as of 07:55, 7 March 2022
- "Postgrey is a Postfix policy server implementing greylisting" -- [web site]
- Responding to this SAC ticket
Dependencies
It uses the BerkeleyDB, and other, perl modules. Perl's -MCPAN install option was failing on building BerkeleyDB module, so RPMs were gathered from searches to pbone.net for RHEL4. Then they were installed like this:
sudo rpm -i perl-BerkeleyDB-0.33-1.el4.rf.i386.rpm perl-IO-Multiplex-1.09-3.el4.pp.noarch.rpm perl-Net-Server-0.97-2.el4.pp.noarch.rpm postgrey-1.31-1.el4.rf.noarch.rpm
Install & Config
- For more install instructions see the manual (man) pages for postgrey on the server.
- Edit /etc/postfix/main.cf file adding:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
#reject_rbl_client list.dsbl.org,
#reject_rbl_client sbl.spamhaus.org,
#reject_rbl_client zen.spamhaus.org,
#reject_rbl_client lists.spam.sux.com,
check_policy_service unix:postgrey/socket,
permit
Note: The reject_rbl_client lines are for real time blacklisting and have been
commented because this is most likely more aggressive spam filtering
than we require. I put them there as examples of additional filtering that
could be done.
- start postgrey daemon/service
$ sudo /sbin/service postgrey start
- set postgrey to start on boot
$ sudo /sbin/chkconfig --level 2345 postgrey
- restart postfix daemon/service
$ sudo /sbin/service postfix restart
- you can watch the greylisting in : /var/log/maillog
$ sudo tail -f /var/log/maillog |grep Greylist
To revert back to original (pre greylisting) config
Edit /etc/postfix/main.cf and comment out lines 222 to 236
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
#reject_rbl_client list.dsbl.org,
#reject_rbl_client sbl.spamhaus.org,
#reject_rbl_client zen.spamhaus.org,
#reject_rbl_client lists.spam.sux.com,
check_policy_service unix:postgrey/socket,
permit
Restart postfix
$ sudo systemctl restart postfix