alexey.world
Verified User
- Joined
- Apr 15, 2007
- Messages
- 8
I use SPF и Greylistd
What I want is to greylist messages when there's no SPF confirmation or sender's relay doesn't correspond to sender's .MX domain.
1. perl-libspfquery (spfquery script) needs to be installed
2. python needs to be installed, because now the following script is being used: files "domainquery.py" /etc/domainquery.py
3. install greylistd itself
chown -R mail.mail /etc/greylistd/
chown -R mail.mail /var/run/greylistd/
chown -R mail.mail /var/lib/greylistd/
chown -R mail.mail /usr/sbin/greylist*
in /etc/greylistd/config change
to
4. add data to configuration exim(SpamBlocker.exim.conf.2.1.1-release)
Find
add after:
=)
What I want is to greylist messages when there's no SPF confirmation or sender's relay doesn't correspond to sender's .MX domain.
1. perl-libspfquery (spfquery script) needs to be installed
Code:
perl -MCPAN -eshell
install Mail::SPF::Query
Code:
import sys
import DNS
DNS.DiscoverNameServers()
IP=sys.argv[1]
domain=sys.argv[2]
#print IP, domain
if domain[0]=="[" and domain[-1]=="]":
if IP==domain[1:-1]:
sys.exit(0)
else:
sys.exit(1)
A=DNS.Request(name=domain, qtype="A")
MX=DNS.Request(name=domain, qtype="MX")
for X in A.req().answers:
if IP==X['data']:
sys.exit(0)
for X in MX.req().answers:
AX=DNS.Request(name=X['data'][1], qtype="A")
for Y in AX.req().answers:
if IP==Y['data']:
sys.exit(0)
sys.exit(1)3. install greylistd itself
Code:
rpm -Uvh http://dl.atrpms.net/el5-i386/atrpms/stable/greylistd-0.8.3.2-8.0.el5.noarch.rpmchown -R mail.mail /etc/greylistd/
chown -R mail.mail /var/run/greylistd/
chown -R mail.mail /var/lib/greylistd/
chown -R mail.mail /usr/sbin/greylist*
in /etc/greylistd/config change
Code:
mode = 0660
Code:
mode = 06664. add data to configuration exim(SpamBlocker.exim.conf.2.1.1-release)
Find
Code:
dnslists = rhsbl.sorbs.net/$sender_address_domainadd after:
Code:
##########################
# SPF/greylisting
# check
#########################
warn
# set SPF uninitialized
set acl_m2 = 55
warn
# suppose SPF is good for local senders
hosts = +relay_hosts
set acl_m2 = 0
#control = submission/sender_retain
warn
# SPF test, if not whitelist and not local
#!acl = acl_whitelist_local_deny
!condition = ${if ={$acl_m2}{0}}
!local_parts = postmaster
!senders = :
set acl_m2 = ${run{/usr/bin/spfquery -ipv4 $sender_host_address -sender $sender_address -helo $sender_helo_name}{}}$runrc
# SPF supposed ok for local senders, whitelist, mail to postmaster, empty sender
warn
# 0 - SPF pass
condition = ${if ={$acl_m2}{0}}
message = Received-SPF: pass
deny
# 1 - SPF fail
condition = ${if ={$acl_m2}{1}}
message = SPF fail
delay = 15s
warn
# 2 - SPF softfail
condition = ${if ={$acl_m2}{2}}
message = Received-SPF: softfail
delay = 3s
control = fakereject/SPF softfail but message delivered
warn
# 3 - SPF neutral
condition = ${if ={$acl_m2}{3}}
message = Received-SPF: neutral
warn
# 4 - unknown SPF
condition =${if ={$acl_m2}{4}}
message = Received-SPF: unknown
delay = 3s
control = fakereject/SPF unknown but message delivered
warn
# 5 - error in SPF
condition =${if ={$acl_m2}{5}}
message = Received-SPF: error
delay = 3s
control = fakereject/SPF error but message delivered
warn
# 6 - no SPF
condition = ${if ={$acl_m2}{6}}
message = Received-SPF: none
warn
# set SPF neutral if skipped checks and left uninitialized;
# do it before checking for invalid values but after working with real SPF status
condition = ${if ={$acl_m2}{55}}
set acl_m2 = 3
defer
# other SPF test results: 0 pass, 3 neutral, 6 none - continue
!condition =${if ={$acl_m2}{0}}
!condition =${if ={$acl_m2}{1}}
!condition =${if ={$acl_m2}{2}}
!condition =${if ={$acl_m2}{3}}
!condition =${if ={$acl_m2}{4}}
!condition =${if ={$acl_m2}{5}}
!condition =${if ={$acl_m2}{6}}
message = SPF check internal failure
delay = 3s
warn
# MX test
condition = ${if !={$acl_m2}{0}}
!senders = :
set acl_m1 = ${run{/usr/bin/python /etc/domainquery.py $sender_host_address $sender_address_domain}{}}$runrc
warn
# MX test
condition = ${if !={$acl_m2}{0}}
senders = :
set acl_m1 = ${run{/usr/bin/python /etc/domainquery.py $sender_host_address $sender_helo_name}{}}$runrc
warn
!condition = ${if ={$acl_m2}{0}}
!condition = ${if ={$acl_m1}{0}}
message = X-Warning: Sender may be spoofed
defer
message = You are nor SPF-approved sender nor A or MX of sender's domain. So I will defer you message for a while and greylist you.
!condition = ${if ={$acl_m2}{0}}
!condition = ${if ={$acl_m1}{0}}
!local_parts = postmaster
condition = ${readsocket{/var/run/greylistd/socket}\
{--grey $sender_host_address $sender_address &local_part@$domain}{5s}{}{false}}
delay = 3s
deny
# just test for sender-unapprovable messages
!condition = ${if ={$acl_m2}{0}}
!condition = ${if ={$acl_m1}{0}}
#!acl = acl_whitelist_local_deny
!local_parts = postmaster
!verify = sender
#/callout=65s
message = Sender verification failed
delay = 3s
Last edited: