greylisting on freebsd with exim

soulshepard

Verified User
Joined
Feb 7, 2008
Messages
134
Tags: freebsd, exim, greylisting, spamassasin, clamav

Dear all,

i have been breaking my head over greylisting for the past 3 hours. i understand the technique.. but then i get lost in the soo any ways you can implement this. and also on the many examples!!! it seem there is no clear and simpel solution for all platforms .. like freebsd

i have read : http://www.directadmin.com/forum/showthread.php?t=24808&highlight=greylistd

but this used greylistd for centos / aka the debian version.
most examples go by this.

but i use freebsd and see no source for the greylistd.. is it usable? wel its python so it should but i guess nobody did try.

therefor i looked at the ports.. and this includes milter-greylist.. http://hcpnet.free.fr/milter-greylist/.

but i guess this is a seperate deamon and dont use any piping methods.. so not usable with exim.

seperate on this search i find the many wrappers and exim variations..

to make the chaos coplete i end up in reading too much and see sites like

http://projects.puremagic.com/greylisting/links.html
http://www.greylisting.org/
http://wiki.apache.org/spamassassin/OtherTricks

but no real usable answer in my situation.

Aaaa

so.. my question is.

howto install greylisting on freebsd.. with DA (that is running allready Exim+Spamassasin+Clamav)
or a simpel hint or push in the right direction would be welcome.. anyone any experience in this setup?

Thanks in advance
 
Last edited:
try postgrey.
It is on freebsd ports, also it simply configured to using together with exim.
 
i never did finished postgrey. in the end it was too much of an hassle, and imo would cause too much of an overhead. for now without its ok
 
it would be nice if you could share your solution.

Nothing is more frustrating if someone has the same problem, coming here to see the solution and all he get is: "Problem solved"...

Thank you
 
I used postgrey.

To install it on FreeBSD box:

1) cd /usr/ports/mail/postgrey and make install clean.

2) edit /usr/local/etc/rc.d/postgrey .. it should be like:

#!/bin/sh
# $FreeBSD: ports/mail/postgrey/files/postgrey.in,v 1.2 2007/10/27 11:49:41 beech Exp $
#

# PROVIDE: postgrey
# REQUIRE: LOGIN
# BEFORE: mail
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable postgrey:
#
# postgrey_enable="YES"
#
# See perldoc postgrey for flags
#

. /etc/rc.subr

name=postgrey
rcvar=`set_rcvar`

command=/usr/local/sbin/postgrey
required_dirs=/var/db/postgrey
extra_commands=reload

stop_postcmd=stop_postcmd

stop_postcmd()
{
rm -f $pidfile
}

# set defaults

postgrey_enable=${postgrey_enable:-"NO"}
postgrey_pidfile=${postgrey_pidfile:-"/var/run/postgrey.pid"}
postgrey_flags=${postgrey_flags:-"--pidfile=${postgrey_pidfile} \
--inet=10023 -d --user=postgrey --group=postgrey --unix=/var/run/postgrey/socket --retry-window=4 --lookup-by-host --auto-whitelist-clients=10 --exim --dbdir=/var/db/postgrey"}

pidfile="${postgrey_pidfile}"

load_rc_config $name
run_rc_command "$1"


3) add to /etc/rc.conf:

postgrey_enable="YES"

4) run postgrey using: /usr/local/etc/rc.d/postgrey start


5) edit exim configuration (ee /etc/exim.conf) and add bolded ACL:.

.....

######################################################################
# ACLs #
######################################################################

begin acl

# ACL that is used after the RCPT command
check_recipient:
# postgrey [TOP]

defer
log_message = greylisted host $sender_host_address
!senders = : postmaster@*
# domains = +local_domains : +relay_to_domains
!hosts = /etc/virtual/domains
!authenticated = *
verify = recipient/callout=20s,use_sender,defer_ok
set acl_m3 = request=smtpd_access_policy\n\
protocol_state=RCPT\n\
protocol_name=${uc:$received_protocol}\n\
instance=${acl_m2}\n\
helo_name=${sender_helo_name}\n\
client_address=${substr_-3:${mask:$sender_host_address/27}}\n\
client_name=${sender_host_name}\n\
sender=${sender_address}\n\
recipient=$local_part@$domain\n\n
set acl_m3 = ${sg{\
# in this place you should put ip and port from your server ... -> to check it use: sockstat | grep postgrey | grep tcp
# In my case IP is: 127.0.0.1 and port: 10023

${readsocket{inet:127.0.0.1:10023}{$acl_m3}\
{5s}{}{action=DUNNO}}\
}{action=}{}}
message = ${sg{$acl_m3}{^\\w+\\s*}{}}
condition = ${if eq{${uc:${substr{0}{5}{$acl_m3}}}}{DEFER}{true}{false}}

# add "greylisted by ..seconds" header to mail which has successfully
# passed the greylisting.
warn
!senders = : postmaster@*
# domains = +local_domains : +relay_to_domains
!hosts = /etc/virtual/domains
!authenticated = *
message = ${sg{$acl_m3}{^\\w+\\s*}{}}
condition = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}{true}{false}}

# postgrey [END]


# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]

# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept hosts = +auth_relay_hosts

.....

6) restart Exim service: /usr/local/etc/rc.d/exim restart


It`s all! :) Good luck! :) (sorry for my english) :p :)
 
Last edited:
My solution doesn`t work good and stable (postgrey + exim).

I see last time in my exim logs for all incomming e-mails:

2008-11-27 23:33:40 H=smtp2a.orange.fr [80.12.242.140] F=<[email protected]> temporarily rejected RCPT <[email protected]>
2008-11-27 23:34:39 H=smtp2a.orange.fr [80.12.242.139] F=<[email protected]> temporarily rejected RCPT <[email protected]>
2008-11-27 23:35:43 H=smtp23.orange.fr [193.252.22.30] F=<[email protected]> temporarily rejected RCPT <[email protected]>
2008-11-27 23:35:58 H=smtp23.orange.fr [193.252.22.30] F=<[email protected]> temporarily rejected RCPT <[email protected]>

Anybody know, how to solve this problem ....?

What are U using for greylisting in FreeBSD box and exim?
 
I found a perl based version which uses file based storage for it, and it works great as well as been light and not depending on anything like mysqld.

The downside is it needs to be recompiled everytime you upgrade exim and exim needs to be compiled with support for extralibs. Not hard when have a routine for it and I made a script to make it easier. Also needs some fancy config.

It is very stable and I use it for failed SPF checks, also now testing it with failed RDNS lookups.

If anyone wants help with it let me know, and I can also install it on demand for anyone with freebsd servers.
 
Back
Top