Changes between Version 1 and Version 2 of WikiStart

Show
Ignore:
Timestamp:
07/11/07 07:35:53 (12 years ago)
Author:
kaplan+greyfix@… (IP: 82.226.94.3)
Comment:

First page

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v1 v2  
    1 = Welcome to Trac 0.10.3 = 
    2  
    3 Trac is a '''minimalistic''' approach to '''web-based''' management of 
    4 '''software projects'''. Its goal is to simplify effective tracking and handling of software issues, enhancements and overall progress. 
    5  
    6 All aspects of Trac have been designed with the single goal to  
    7 '''help developers write great software''' while '''staying out of the way''' 
    8 and imposing as little as possible on a team's established process and 
    9 culture. 
    10  
    11 As all Wiki pages, this page is editable, this means that you can 
    12 modify the contents of this page simply by using your 
    13 web-browser. Simply click on the "Edit this page" link at the bottom 
    14 of the page. WikiFormatting will give you a detailed description of 
    15 available Wiki formatting commands. 
    16  
    17 "[wiki:TracAdmin trac-admin] ''yourenvdir'' initenv" created 
    18 a new Trac environment, containing a default set of wiki pages and some sample 
    19 data. This newly created environment also contains  
    20 [wiki:TracGuide documentation] to help you get started with your project. 
    21  
    22 You can use [wiki:TracAdmin trac-admin] to configure 
    23 [http://trac.edgewall.org/ Trac] to better fit your project, especially in 
    24 regard to ''components'', ''versions'' and ''milestones''.  
    25  
    26  
    27 TracGuide is a good place to start. 
    28  
    29 Enjoy! [[BR]] 
    30 ''The Trac Team'' 
    31  
    32 == Starting Points == 
    33  
    34  * TracGuide --  Built-in Documentation 
    35  * [http://trac.edgewall.org/ The Trac project] -- Trac Open Source Project 
    36  * [http://trac.edgewall.org/wiki/TracFaq Trac FAQ] -- Frequently Asked Questions 
    37  * TracSupport --  Trac Support 
    38  
    39 For a complete list of local wiki pages, see TitleIndex. 
     1#title Greyfix 
     2Copyright 2007 by [[mailto:kaplan+greyfix@kim-minh.com][Kim Minh Kaplan]] 
     3 
     4[[http://www.kim-minh.com/pub/greyfix/][Greyfix]] is the greylisting policy daemon for [[http://www.postfix.org/][Postfix]] written by 
     5[[http://www.kim-minh.com/][Kim Minh Kaplan]].  [[http://projects.puremagic.com/greylisting/][Greylisting]] is an anti spam technique described by 
     6Evan Harris.  Postfix is a popular mail transport agent developped by 
     7[[http://www.porcupine.org/wietse/][Wietse Zweitze Venema]].  Greyfix uses Postfix policy mechanism to 
     8enable greylisting with Postfix. 
     9 
     10<contents> 
     11 
     12* Latest version 
     13 
     14[[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.3.tar.gz][greyfix-0.3.3.tar.gz]] ([[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.3.tar.gz.asc][PGP signature]]) 
     15 
     16   - BUGFIX expire correctly triplets 
     17   - Add option =--dump-triplets=, =--reject-action= and =--greylisted-action=. 
     18   - Really delete expired triplets from the DB. 
     19   - Note that =451= reject code is probably better than =DEFER_IF_PERMIT=. 
     20 
     21* Features 
     22 
     23   - Low and tunable resource usage and high efficiency.  The program 
     24     is written in C and uses Berkeley DB to track mailers.  By itself it 
     25     allocates memory only for a single request and the Berkeley DB library 
     26     can be configured to use very few RAM. 
     27   - Integrates with Postfix's master daemon.  Postfix will shutdown 
     28     greyfix when it is not used completely freeing its runtime 
     29     resources. 
     30   - No administrative burden.  Everything happens "automagically". 
     31   - No need for a database server.  Uses Berkeley DB. 
     32 
     33* Requirements 
     34 
     35   - [[http://www.kim-minh.com/pub/greyfix/][Postfix]] 
     36   - [[http://www.oracle.com/database/berkeley-db/index.html][Berkeley DB]] 
     37 
     38* Quickstart 
     39 
     40Greyfix uses GNU's build system.  To install the greyfix daemon just 
     41type the following commands: 
     42 
     43<example> 
     44    $ gzip -cd greyfix-0.3.3.tar.gz | tar xf - 
     45    $ cd greyfix-0.3.3 
     46    $ ./configure 
     47    $ make 
     48    $ su -c 'make install' 
     49</example> 
     50 
     51Edit Postfix's master configuration file, =/etc/postfix/master.cf=, and 
     52add the following: 
     53 
     54<example> 
     55greyfix    unix  -       n       n       -       -       spawn 
     56  user=nobody argv=/usr/local/sbin/greyfix -/ 24 
     57  -r 451%sTry%sagain%sin%s%d%ssecond%p.%sSee%shttp://www.kim-minh.com/pub/greyfix/%sfor%smore%sinformation. 
     58</example> 
     59 
     60Edit Postfix's main configuration file, =/etc/postfix/main.cf= and add 
     61the following: 
     62 
     63<example> 
     64smtpd_recipient_restrictions = permit_mynetworks, 
     65  reject_unauth_destination, 
     66  check_policy_service unix:private/greyfix 
     67</example> 
     68 
     69If there is already a =smtpd_recipient_restrictions= configuration line 
     70you should edit it rather than add a new one.  The important part for 
     71greyfix is that you should add <code>check_policy_service 
     72unix:private/greyfix</code> to it. 
     73 
     74Finally have postfix reload its configuration with <code>postfix 
     75reload</code>. 
     76 
     77* Usage 
     78 
     79<example> 
     80greyfix [-v] [-d] [-h <Berkeley DB home directory>] [-g <greylist delay>] 
     81    [-b <bloc maximum idle>] [-p <pass maximum idle>] [-r <reject action>] 
     82    [-G <greylisted action>] [-/ <network bits>] [--dump-triplets] 
     83 
     84    -b <seconds>, --bloc-max-idle <seconds> 
     85 
     86        This determines how many seconds of life are given to a record 
     87        that is created from a new mail (ip, from, to) triplet.  Note 
     88        that the window created by this setting for passing mails is 
     89        reduced by the amount set for --greylist-delay.  NOTE: See 
     90        also --pass-max-idle.  Defaults to 18000 (5 hours). 
     91 
     92    -d, --debug 
     93 
     94        Debug logging 
     95 
     96    -g <seconds>, --greylist-delay <seconds> 
     97 
     98        This determines how many seconds we will block inbound mail 
     99        that is from a previously unknown (ip, from, to) triplet.  If 
     100        it is set to zero, incoming mail association will be learned, 
     101        but no deliveries will be tempfailed.  Use a setting of zero 
     102        with caution, as it will learn spammers as well as legitimate 
     103        senders.  Defaults to 3480 (58 minutes). 
     104 
     105    -h <Berkeley DB home directory>, --home <Berkeley DB home directory> 
     106 
     107        Location of the Berkeley DB environment home location (the 
     108        default is autoconf's $localstatedir/greyfix 
     109        i.e. /usr/local/var/lib/greyfix). 
     110 
     111    -p <seconds>, --pass-max-idle <seconds> 
     112 
     113        How much life (in secs) to give to a record we are updating 
     114        from an allowed (passed) email. 
     115 
     116        The default is 36 days, which should be enough to handle 
     117        messages that may only be sent once a month, or on things like 
     118        the first monday of the month (which sometimes means 5 weeks). 
     119        Plus, we add a day for a delivery buffer. 
     120 
     121    -r <reject action>, --reject-action <reject action> 
     122 
     123        The reject action directive that will be used.  See access(5) 
     124        for valid actions.  The string expands %d to the number of 
     125        seconds, %p to the empty string if %d expands to 1 or "s" 
     126        otherwise, %s to " " and %% to "%". 
     127 
     128        The default is "DEFER_IF_PERMIT Greylisted by Greyfix X.Y.Z, 
     129        try again in %d second%p.  See 
     130        http://www.kim-minh.com/pub/greyfix/ for more information.". 
     131        http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?r1=1.10&r2=1.11 
     132        suggests that a 451 SMTP error code is a better idea. 
     133 
     134    -G <greylisted action>, --greylisted-action <greylisted action> 
     135 
     136        The action that will be used the first time a triplet passes 
     137        greylisting.  Same expansion as for --reject-action. 
     138 
     139        The default is "PREPEND X-Greyfix: Greylisted by Grefix X.Y.Z 
     140        for %d second%p.  See http://www.kim-minh.com/pub/greyfix/ for 
     141        more information." 
     142 
     143    -v, --verbose 
     144 
     145        Verbose logging 
     146 
     147    -/ <nbits>, --network-prefix <nbits> 
     148 
     149        Only consider the first <nbits> bits of an IPv4 address. 
     150        Defaults to 32 i.e. the whole adresse is significant. 
     151 
     152    --dump-triplets 
     153 
     154        Dump the triplets database to stdout.  Mostly for debugging 
     155        purposes. 
     156</example> 
     157 
     158* Notes 
     159 
     160GNU Autoconf's default value for =$(localstatedir)= is 
     161=/usr/local/var/lib= which is quite different from what most Unix 
     162distribution use.  You'll probably want to invoke configure like this: 
     163 
     164<example> 
     165    $ ./configure --localstatedir=/var/lib 
     166</example> 
     167 
     168This makes Greyfix DB be located in =/var/lib/greyfix=.  Alternatively 
     169you can use the =-h <DB home>= command line option but do not forget 
     170to create the directory and give it correct permissions so that 
     171Greyfix can access it. 
     172 
     173Greyfix uses syslog with facility =LOG_MAIL=.  As such the log messages 
     174should appear along postfix's. 
     175 
     176You should use some whitelisting of some sort for some servers.  A 
     177good starting base is [[http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=HEAD][whitelist_ip.txt]]. 
     178 
     179* TODO 
     180 
     181   - Real documentation 
     182   - Statistic collection 
     183   - Distribute triplets to other MX. 
     184   - Auto whitelisting of mail relays that pass greylisting repeatedly 
     185   - SPF?  This could render <code>--network-prefix</code> unnecessary, 
     186   - Use Milter protocol? 
     187   - Support <code>--network-prefix</code> with IPv6. 
     188   - How to do a DEFER_WITH_451_IF_PERMIT? (see 
     189     http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?r1=1.10&r2=1.11 
     190     and 
     191     http://lists.puremagic.com/pipermail/greylist-users/2004-September/000766.html). 
     192 
     193* Older versions 
     194 
     195   - [[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.2.tar.gz][greyfix-0.3.2.tar.gz]] ([[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.2.tar.gz.asc][PGP signature]]) 
     196      - Runtime configurable delays. 
     197      - Document command line arguments in README. 
     198      - New option =--network-prefix=. 
     199   - [[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.1.tar.gz][greyfix-0.3.1.tar.gz]] ([[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.1.tar.gz.asc][PGP signature]]) 
     200      - Syslog with =LOG_MAIL= facility. 
     201      - Expire positive triplets. 
     202      - Error on invalid command line arguments. 
     203      - Add delay information in SMTP and header messages. 
     204      - Cleanup on receipt of signal. 
     205   - [[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.tar.gz][greyfix-0.3.tar.gz]] ([[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.tar.gz.asc][PGP signature]]) 
     206   - [[http://www.kim-minh.com/pub/greyfix/greyfix-0.2.tar.gz][greyfix-0.2.tar.gz]] ([[http://www.kim-minh.com/pub/greyfix/greyfix-0.2.tar.gz.asc][PGP signature]]) 
     207   - [[http://www.kim-minh.com/pub/greyfix/greyfix-0.1.tar.gz][greyfix-0.1.tar.gz]] ([[http://www.kim-minh.com/pub/greyfix/greyfix-0.1.tar.gz.asc][PGP signature]])