1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
.Dd April 26, 2014
.Dt GREYFIX 8
.Os
.Sh NAME
.Nm greyfix
.Nd "A greylisting policy daemon for Postfix"
.Sh SYNOPSIS
.Nm
.Op Fl Vvd
.Op Fl h Ar home_directory
.Op Fl g Ar delay_period
.Op Fl b Ar bloc_idle_period
.Op Fl p Ar pass_period
.Op Fl r Ar reject_action
.Op Fl G Ar greylist_action
.Op Fl / Ar prefix_size
.Op Fl 6 Ar prefix_size
.Op Fl -dump-triplets
.Op Fl -help
.Sh DESCRIPTION
.Nm
is a efficient greylisting policy daemon for Postfix.
.Pp
The options are:
.Bl -tag -width indent
.It Fl V , Fl -version
Show version information.
.It Fl v , Fl -verbose
Verbose logging.
.It Fl d , Fl -debug
Debug logging.
.It Fl -help
Show usage information.
.It Fl -dump-triplets
Dump the triplets database to stdout. Mostly for debugging purposes.
.It Fl b Ar seconds , Fl -bloc-max-idle Ar seconds
How many seconds of life are given to a record that is created from a new mail
.Em ( ip , from , to )
triplet. Note that the window created by this setting for passing mails is
reduced by the amount set for
.Fl -greylist-delay .
Also see
.Fl -pass-max-idle .
Defaults to 18000.
.It Fl g Ar seconds , Fl -greylist-delay Ar seconds
How many seconds we will block inbound mail that is from a previously unknown
.Em ( ip , from , to )
triplet. If it is set to zero, incoming mail association will be learned, but
no deliveries will be tempfailed. Use a setting of zero with caution, as it
will learn spammers as well as legitimate senders. Defaults to 3480.
.It Fl h Ar home_directory , Fl -home Ar home_directory
Location of the Berkeley DB environment home location. Defaults to
.Pa /var/db/greyfix .
.It Fl p Ar seconds , Fl -pass-max-idle Ar seconds
How long to give to a record we are updating from an allowed (passed) email.
.Pp
The default is 3110400, which should be enough to handle messages that may only
be sent once a month, or on things like the first monday of the month (which
sometimes means 5 weeks). Plus, we add a day for a delivery buffer.
.It Fl r Ar action , Fl -reject-action Ar action
The reject action directive that will be used. See
.Xr access 5
for valid actions. The placeholder
.Em %d
expand to the number of seconds,
.Em %p
to the empty string if
.Em %d
expands to 1 or
.Dq s
otherwise,
.Em %s
to a single space, and
.Em %%
to
.Dq % .
.Pp
The default is
.Dq DEFER_IF_PERMIT Greylisted by greyfix 0.4.0, try again in %d second%p. See http://www.kim-minh.com/pub/greyfix/ for more information.
.It Fl G Ar action , Fl -greylisted-action Ar action
The action that will be used the first time a triplet passes greylisting. Same
expansion as for
.Fl -reject-action .
.Pp
The default is
.Dq PREPEND X-Greyfix: Greylisted by greyfix 0.4.0 for %d second%p. See http://www.kim-minh.com/pub/greyfix/ for more information.
.It Fl / Ar prefix_size , Fl -network-prefix Ar prefix_size
Only consider the first
.Ar prefix_size
bits of an IPv4 address. Defaults to 32, i.e., the whole address is
significant.
.It Fl 6 Ar prefix_size , Fl -network6-prefix Ar prefix_size
Only consider the first
.Ar prefix_size
bits of an IPv6 address. Defaults to 128, i.e., the whole address is
significant.
.El
.Sh USAGE
Edit Postfix's master configuration file,
.Pa /usr/local/etc/postfix/master.cf ,
and add the following:
.Bd -literal
greyfix unix - n n - - spawn
user=nobody argv=/usr/local/sbin/greyfix -/ 24 -6 56
.Ed
.Pp
Edit Postfix's main configuration file,
.Pa /etc/postfix/main.cf ,
and add the following:
.Bd -literal
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_policy_service unix:private/greyfix
.Ed
.Pp
If there is already an
.Em smtpd_recipient_restrictions
configuration line, you should edit it rather than add a new one. The
important part for Greyfix is that you should add
.Em check_policy_service unix:private/greyfix
to it. Finally, have Postfix reload its configuration with
.Ic "postfix reload" .
.Sh NOTES
.Ss Logs
Greyfix logs to
.Xr syslog 3
with the
.Li LOG_MAIL
facility. As such, the log messages should appear along Postfix's.
.Sh ALSO SEE
.Xr access 5
.Sh AUTHORS
.Nm
was written by
.An Kim Minh Kaplan
.Aq http://www.kim-minh.com/ .
|
