|o||Create a postgrey user and the directory where to put the database dbdir (default: /var/db/postgrey)|
Write an init script to start postgrey at boot and start it. Like this for example:
contrib/postgrey.init in the postgrey source distribution includes a LSB-compliant init script by Adrian von Bidder for the Debian system.
Put something like this in /usr/local/etc/postfix/main.cf:
|o||Install the provided postgrey_whitelist_clients and postgrey_whitelist_recipients in /usr/local/etc/postfix.|
|o||Put in /usr/local/etc/postfix/postgrey_whitelist_recipients users that do not want greylisting.|
Whitelists allow you to specify client addresses or recipient address, for which no greylisting should be done. Per default postgrey will read the following files:
/usr/local/etc/postfix/postgrey_whitelist_clients /usr/local/etc/postfix/postgrey_whitelist_clients.local /usr/local/etc/postfix/postgrey_whitelist_recipients
You can specify alternative paths with the --whitelist-x options.
Postgrey whitelists follow similar syntax rules as Postfix access tables. The following can be specified for recipient addresses:
The following can be specified for client addresses:
domain.addr domain.addr domain and subdomains. name@ name@.* and extended addresses name+blabla@.*. firstname.lastname@example.org email@example.com and extended addresses. /regexp/ anything that matches regexp (the full address is matched).
domain.addr domain.addr domain and subdomains. IP1.IP2.IP3.IP4 IP address IP1.IP2.IP3.IP4. You can also leave off one number, in which case only the first specified numbers will be checked. IP1.IP2.IP3.IP4/MASK CIDR-syle network. Example: 192.168.1.0/24 /regexp/ anything that matches regexp (the full address is matched).
With the option --auto-whitelist-clients a client IP address will be automatically whitelisted if the following conditions are met:
o At least 5 successfull attempts of delivering a mail (after greylisting was done). That number can be changed by specifying a number after the --auto-whitelist-clients argument. Only one attempt per hour counts. o The client was last seen before --max-age days (35 per default).
To set the action to be returned to postfix when a message fails postgreys tests and should be deferred, use the --greylist-action=ACTION option.
By default, postgrey returns DEFER_IF_PERMIT, which causes postfix to check the rest of the restrictions and defer the message only if it would otherwise be accepted. A delay action of 451 causes postfix to always defer the message with an SMTP reply code of 451 (temp fail).
See the postfix manual page access(5) for a discussion of the actions allowed.
When a message is greylisted, an error message like this will be sent at the SMTP-level:
Greylisted, see http://postgrey.schweikert.ch/help/example.com.html
Usually no user should see that error message and the idea of that URL is to provide some help to system administrators seeing that message or users of broken mail clients which try to send mails directly and get a greylisting error. Note that the default help-URL contains the original recipient domain (example.com), so that domain-specific help can be presented to the user (on the default page it is said to contact firstname.lastname@example.org)
You can change the text (and URL) with the --greylist-text parameter. The following special variables will be replaced in the text:
%s How many seconds left until the greylisting is over (300). %r Mail-domain of the recipient (example.com).
When a message is greylisted, an additional header can be prepended to the header section of the mail:
X-Greylist: delayed %t seconds by postgrey-%v at %h; %d
You can change the text with the --x-greylist-header parameter. The following special variables will be replaced in the text:
%t How many seconds the mail has been delayed due to greylisting. %v The version of postgrey. %d The date. %h The host.
The --privacy option enable the use of a SHA1 hash function to store IPs and emails in the greylisting database. This will defeat straight forward attempts to retrieve mail user behaviours.
See <http://www.greylisting.org/> for a description of what greylisting is and <http://www.postfix.org/SMTPD_POLICY_README.html> for a description of how Postfix policy servers work.
Copyright (c) 2004-2007 by ETH Zurich. All rights reserved. Copyright (c) 2007 by Open Systems AG. All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
David Schweikert <email@example.com>
|perl v5.20.3||POSTGREY (1)||2016-04-04|