Difference between revisions of "Postgrey"

From OSGeo
Jump to navigation Jump to search
m (add link to SAC ticket)
 
(9 intermediate revisions by 4 users not shown)
Line 8: Line 8:
  
 
* For more install instructions see the manual (man) pages for postgrey on the server.
 
* For more install instructions see the manual (man) pages for postgrey on the server.
* I have completed the install steps up to editing the /etc/postfix/main.cf file:
+
* Edit /etc/postfix/main.cf file adding:
...
 
      ·  Put something like this in /etc/postfix/main.cf:
 
            smtpd_recipient_restrictions =
 
                          permit_mynetworks
 
                          ...
 
                          reject_unauth_destination
 
                          check_policy_service inet:127.0.0.1:10023
 
...
 
  
 +
  smtpd_recipient_restrictions = permit_mynetworks,
 +
        permit_sasl_authenticated,
 +
        reject_invalid_hostname,
 +
        reject_non_fqdn_hostname,
 +
        reject_non_fqdn_sender,
 +
        reject_unauth_destination,
 +
        reject_unknown_recipient_domain,
 +
        reject_unauth_pipelining,
 +
        reject_unauth_destination,
 +
        #reject_rbl_client list.dsbl.org,
 +
        #reject_rbl_client sbl.spamhaus.org,
 +
        #reject_rbl_client zen.spamhaus.org,
 +
        #reject_rbl_client lists.spam.sux.com,
 +
        check_policy_service unix:postgrey/socket,
 +
        permit
 +
 +
  Note:  The reject_rbl_client lines are for real time blacklisting and have been
 +
        commented because this is most likely more aggressive spam filtering
 +
        than we require.  I put them there as examples of additional filtering that
 +
        could be done.
 +
 +
* start postgrey daemon/service
 +
    $ sudo /sbin/service postgrey start
 +
* set postgrey to start on boot
 +
    $ sudo /sbin/chkconfig --level 2345 postgrey
 +
* restart postfix daemon/service
 +
    $ sudo /sbin/service postfix restart
 +
* you can watch the greylisting in : /var/log/maillog
 +
    $ sudo tail -f /var/log/maillog |grep Greylist
 +
 +
== To revert back to original (pre greylisting) config ==
 +
 +
Edit /etc/postfix/main.cf and comment out lines 222 to 236
 +
 +
    smtpd_recipient_restrictions = permit_mynetworks,
 +
        permit_sasl_authenticated,
 +
        reject_invalid_hostname,
 +
        reject_non_fqdn_hostname,
 +
        reject_non_fqdn_sender,
 +
        reject_unauth_destination,
 +
        reject_unknown_recipient_domain,
 +
        reject_unauth_pipelining,
 +
        reject_unauth_destination,
 +
        #reject_rbl_client list.dsbl.org,
 +
        #reject_rbl_client sbl.spamhaus.org,
 +
        #reject_rbl_client zen.spamhaus.org,
 +
        #reject_rbl_client lists.spam.sux.com,
 +
        check_policy_service unix:postgrey/socket,
 +
        permit
 +
 +
 +
Restart postfix
 +
 +
$ sudo systemctl restart postfix
 +
 +
== References ==
 +
 +
* http://www.howtoforge.com/greylisting_postfix_postgrey
  
 
[[Category: Infrastructure]]
 
[[Category: Infrastructure]]
 +
[[Category:Services]]

Latest revision as of 07:55, 7 March 2022

Dependencies

It uses the BerkeleyDB, and other, perl modules. Perl's -MCPAN install option was failing on building BerkeleyDB module, so RPMs were gathered from searches to pbone.net for RHEL4. Then they were installed like this:

sudo rpm -i perl-BerkeleyDB-0.33-1.el4.rf.i386.rpm perl-IO-Multiplex-1.09-3.el4.pp.noarch.rpm  perl-Net-Server-0.97-2.el4.pp.noarch.rpm postgrey-1.31-1.el4.rf.noarch.rpm

Install & Config

  • For more install instructions see the manual (man) pages for postgrey on the server.
  • Edit /etc/postfix/main.cf file adding:
  smtpd_recipient_restrictions = permit_mynetworks,
       permit_sasl_authenticated,
       reject_invalid_hostname,
       reject_non_fqdn_hostname,
       reject_non_fqdn_sender,
       reject_unauth_destination,
       reject_unknown_recipient_domain,
       reject_unauth_pipelining,
       reject_unauth_destination,
       #reject_rbl_client list.dsbl.org,
       #reject_rbl_client sbl.spamhaus.org,
       #reject_rbl_client zen.spamhaus.org,
       #reject_rbl_client lists.spam.sux.com,
       check_policy_service unix:postgrey/socket,
       permit
 Note:  The reject_rbl_client lines are for real time blacklisting and have been
        commented because this is most likely more aggressive spam filtering 
        than we require.  I put them there as examples of additional filtering that
        could be done. 
  • start postgrey daemon/service
   $ sudo /sbin/service postgrey start
  • set postgrey to start on boot
   $ sudo /sbin/chkconfig --level 2345 postgrey
  • restart postfix daemon/service
   $ sudo /sbin/service postfix restart
  • you can watch the greylisting in : /var/log/maillog
   $ sudo tail -f /var/log/maillog |grep Greylist

To revert back to original (pre greylisting) config

Edit /etc/postfix/main.cf and comment out lines 222 to 236

   smtpd_recipient_restrictions = permit_mynetworks,
       permit_sasl_authenticated,
       reject_invalid_hostname,
       reject_non_fqdn_hostname,
       reject_non_fqdn_sender,
       reject_unauth_destination,
       reject_unknown_recipient_domain,
       reject_unauth_pipelining,
       reject_unauth_destination,
       #reject_rbl_client list.dsbl.org,
       #reject_rbl_client sbl.spamhaus.org,
       #reject_rbl_client zen.spamhaus.org,
       #reject_rbl_client lists.spam.sux.com,
       check_policy_service unix:postgrey/socket,
       permit

Restart postfix

$ sudo systemctl restart postfix

References