Changes between Version 3 and Version 4 of WikiStart

Show
Ignore:
Timestamp:
07/11/07 07:50:46 (12 years ago)
Author:
Kim Minh Kaplan (IP: 82.226.94.3)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v3 v4  
    99<contents> 
    1010 
    11 * Latest version 
     11= Latest version = 
    1212 
    1313[http://www.kim-minh.com/pub/greyfix/greyfix-0.3.3.tar.gz greyfix-0.3.3.tar.gz] ([http://www.kim-minh.com/pub/greyfix/greyfix-0.3.3.tar.gz.asc PGP signature]) 
    1414 
    15    - BUGFIX expire correctly triplets 
    16    - Add option =--dump-triplets=, =--reject-action= and =--greylisted-action=. 
    17    - Really delete expired triplets from the DB. 
    18    - Note that =451= reject code is probably better than =DEFER_IF_PERMIT=. 
     15   * BUGFIX expire correctly triplets 
     16   * Add option =--dump-triplets=, =--reject-action= and =--greylisted-action=. 
     17   * Really delete expired triplets from the DB. 
     18   * Note that =451= reject code is probably better than =DEFER_IF_PERMIT=. 
    1919 
    20 * Features 
     20= Features = 
    2121 
    22    - Low and tunable resource usage and high efficiency.  The program 
     22   * Low and tunable resource usage and high efficiency.  The program 
    2323     is written in C and uses Berkeley DB to track mailers.  By itself it 
    2424     allocates memory only for a single request and the Berkeley DB library 
    2525     can be configured to use very few RAM. 
    26    - Integrates with Postfix's master daemon.  Postfix will shutdown 
     26   * Integrates with Postfix's master daemon.  Postfix will shutdown 
    2727     greyfix when it is not used completely freeing its runtime 
    2828     resources. 
    29    - No administrative burden.  Everything happens "automagically". 
    30    - No need for a database server.  Uses Berkeley DB. 
     29   * No administrative burden.  Everything happens "automagically". 
     30   * No need for a database server.  Uses Berkeley DB. 
    3131 
    32 * Requirements 
     32= Requirements = 
    3333 
    34    - [http://www.kim-minh.com/pub/greyfix/ Postfix] 
    35    - [http://www.oracle.com/database/berkeley-db/index.html Berkeley DB] 
    36  
    37 * Quickstart 
    38  
    39 Greyfix uses GNU's build system.  To install the greyfix daemon just 
    40 type the following commands: 
    41  
    42 <example> 
    43     $ gzip -cd greyfix-0.3.3.tar.gz | tar xf - 
    44     $ cd greyfix-0.3.3 
    45     $ ./configure 
    46     $ make 
    47     $ su -c 'make install' 
    48 </example> 
    49  
    50 Edit Postfix's master configuration file, =/etc/postfix/master.cf=, and 
    51 add the following: 
    52  
    53 <example> 
    54 greyfix    unix  -       n       n       -       -       spawn 
    55   user=nobody argv=/usr/local/sbin/greyfix -/ 24 
    56   -r 451%sTry%sagain%sin%s%d%ssecond%p.%sSee%shttp://www.kim-minh.com/pub/greyfix/%sfor%smore%sinformation. 
    57 </example> 
    58  
    59 Edit Postfix's main configuration file, =/etc/postfix/main.cf= and add 
    60 the following: 
    61  
    62 <example> 
    63 smtpd_recipient_restrictions = permit_mynetworks, 
    64   reject_unauth_destination, 
    65   check_policy_service unix:private/greyfix 
    66 </example> 
    67  
    68 If there is already a =smtpd_recipient_restrictions= configuration line 
    69 you should edit it rather than add a new one.  The important part for 
    70 greyfix is that you should add <code>check_policy_service 
    71 unix:private/greyfix</code> to it. 
    72  
    73 Finally have postfix reload its configuration with <code>postfix 
    74 reload</code>. 
    75  
    76 * Usage 
    77  
    78 <example> 
    79 greyfix [-v] [-d] [-h <Berkeley DB home directory>] [-g <greylist delay>] 
    80     [-b <bloc maximum idle>] [-p <pass maximum idle>] [-r <reject action>] 
    81     [-G <greylisted action>] [-/ <network bits>] [--dump-triplets] 
    82  
    83     -b <seconds>, --bloc-max-idle <seconds> 
    84  
    85         This determines how many seconds of life are given to a record 
    86         that is created from a new mail (ip, from, to) triplet.  Note 
    87         that the window created by this setting for passing mails is 
    88         reduced by the amount set for --greylist-delay.  NOTE: See 
    89         also --pass-max-idle.  Defaults to 18000 (5 hours). 
    90  
    91     -d, --debug 
    92  
    93         Debug logging 
    94  
    95     -g <seconds>, --greylist-delay <seconds> 
    96  
    97         This determines how many seconds we will block inbound mail 
    98         that is from a previously unknown (ip, from, to) triplet.  If 
    99         it is set to zero, incoming mail association will be learned, 
    100         but no deliveries will be tempfailed.  Use a setting of zero 
    101         with caution, as it will learn spammers as well as legitimate 
    102         senders.  Defaults to 3480 (58 minutes). 
    103  
    104     -h <Berkeley DB home directory>, --home <Berkeley DB home directory> 
    105  
    106         Location of the Berkeley DB environment home location (the 
    107         default is autoconf's $localstatedir/greyfix 
    108         i.e. /usr/local/var/lib/greyfix). 
    109  
    110     -p <seconds>, --pass-max-idle <seconds> 
    111  
    112         How much life (in secs) to give to a record we are updating 
    113         from an allowed (passed) email. 
    114  
    115         The default is 36 days, which should be enough to handle 
    116         messages that may only be sent once a month, or on things like 
    117         the first monday of the month (which sometimes means 5 weeks). 
    118         Plus, we add a day for a delivery buffer. 
    119  
    120     -r <reject action>, --reject-action <reject action> 
    121  
    122         The reject action directive that will be used.  See access(5) 
    123         for valid actions.  The string expands %d to the number of 
    124         seconds, %p to the empty string if %d expands to 1 or "s" 
    125         otherwise, %s to " " and %% to "%". 
    126  
    127         The default is "DEFER_IF_PERMIT Greylisted by Greyfix X.Y.Z, 
    128         try again in %d second%p.  See 
    129         http://www.kim-minh.com/pub/greyfix/ for more information.". 
    130         http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?r1=1.10&r2=1.11 
    131         suggests that a 451 SMTP error code is a better idea. 
    132  
    133     -G <greylisted action>, --greylisted-action <greylisted action> 
    134  
    135         The action that will be used the first time a triplet passes 
    136         greylisting.  Same expansion as for --reject-action. 
    137  
    138         The default is "PREPEND X-Greyfix: Greylisted by Grefix X.Y.Z 
    139         for %d second%p.  See http://www.kim-minh.com/pub/greyfix/ for 
    140         more information." 
    141  
    142     -v, --verbose 
    143  
    144         Verbose logging 
    145  
    146     -/ <nbits>, --network-prefix <nbits> 
    147  
    148         Only consider the first <nbits> bits of an IPv4 address. 
    149         Defaults to 32 i.e. the whole adresse is significant. 
    150  
    151     --dump-triplets 
    152  
    153         Dump the triplets database to stdout.  Mostly for debugging 
    154         purposes. 
    155 </example> 
    156  
    157 * Notes 
    158  
    159 GNU Autoconf's default value for =$(localstatedir)= is 
    160 =/usr/local/var/lib= which is quite different from what most Unix 
    161 distribution use.  You'll probably want to invoke configure like this: 
    162  
    163 <example> 
    164     $ ./configure --localstatedir=/var/lib 
    165 </example> 
    166  
    167 This makes Greyfix DB be located in =/var/lib/greyfix=.  Alternatively 
    168 you can use the =-h <DB home>= command line option but do not forget 
    169 to create the directory and give it correct permissions so that 
    170 Greyfix can access it. 
    171  
    172 Greyfix uses syslog with facility =LOG_MAIL=.  As such the log messages 
    173 should appear along postfix's. 
    174  
    175 You should use some whitelisting of some sort for some servers.  A 
    176 good starting base is [http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=HEAD whitelist_ip.txt]. 
    177  
    178 * TODO 
    179  
    180    - Real documentation 
    181    - Statistic collection 
    182    - Distribute triplets to other MX. 
    183    - Auto whitelisting of mail relays that pass greylisting repeatedly 
    184    - SPF?  This could render <code>--network-prefix</code> unnecessary, 
    185    - Use Milter protocol? 
    186    - Support <code>--network-prefix</code> with IPv6. 
    187    - How to do a DEFER_WITH_451_IF_PERMIT? (see 
    188      http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?r1=1.10&r2=1.11 
    189      and 
    190      http://lists.puremagic.com/pipermail/greylist-users/2004-September/000766.html). 
    191  
    192 * Older versions 
    193  
    194    - [http://www.kim-minh.com/pub/greyfix/greyfix-0.3.2.tar.gz greyfix-0.3.2.tar.gz] ([http://www.kim-minh.com/pub/greyfix/greyfix-0.3.2.tar.gz.asc PGP signature]) 
    195       - Runtime configurable delays. 
    196       - Document command line arguments in README. 
    197       - New option =--network-prefix=. 
    198    - [http://www.kim-minh.com/pub/greyfix/greyfix-0.3.1.tar.gz greyfix-0.3.1.tar.gz] ([http://www.kim-minh.com/pub/greyfix/greyfix-0.3.1.tar.gz.asc PGP signature]) 
    199       - Syslog with =LOG_MAIL= facility. 
    200       - Expire positive triplets. 
    201       - Error on invalid command line arguments. 
    202       - Add delay information in SMTP and header messages. 
    203       - Cleanup on receipt of signal. 
    204    - [http://www.kim-minh.com/pub/greyfix/greyfix-0.3.tar.gz greyfix-0.3.tar.gz] ([http://www.kim-minh.com/pub/greyfix/greyfix-0.3.tar.gz.asc PGP signature]) 
    205    - [http://www.kim-minh.com/pub/greyfix/greyfix-0.2.tar.gz greyfix-0.2.tar.gz] ([http://www.kim-minh.com/pub/greyfix/greyfix-0.2.tar.gz.asc PGP signature]) 
    206    - [http://www.kim-minh.com/pub/greyfix/greyfix-0.1.tar.gz greyfix-0.1.tar.gz] ([http://www.kim-minh.com/pub/greyfix/greyfix-0.1.tar.gz.asc PGP signature]) 
     34   * [http://www.kim-minh.com/pub/greyfix/ Postfix] 
     35   * [http://www.oracle.com/database/berkeley-db/index.html Berkeley DB]