Postgrey - Postfix Greylisting Policy Server
Postgrey is a Postfix policy server implementing greylisting developed byDavid Schweikert.
When a request for delivery of a mail is received by Postfix via SMTP, thetripletCLIENT_IP /SENDER /RECIPIENT is built.If it is the first time that this triplet is seen, or if the triplet was firstseen, less than 5 minutes ago, then the mail gets rejected with a temporaryerror. Hopefully spammers or viruses will not try again later, as it is howeverrequired per RFC.
Seehere for adescription of what greylisting is andhere for adescription of how Postfix policy servers work.
Postgrey compared to the examplegreylist.pl included in Postfix2.1.1 has the following additional features:
- Safe database
- greylist.pl doesn't lock correctly the database and it might getcorrupted after a while (two days mean time for me). Postgrey uses thelocking and transaction features of BerkeleyDB to maximize reliability.Additionally only one process is running, thus reducing even more the risk ofcorrupting the database.
- Automatic maintenance
- Postgrey does keep track not only of the first time a given triplet wasseen, but also the last time. Entries that were last seen more than a definedamount of time ago (one month for example) get removed automatically.
- Whitelists
- Per-client and per-recipient whitelists. The Postgrey distribution packageincludes a client whitelist with all (few) broken mail-servers that wereidentified until now.
- Lookup by subnet
- Addresses are normally stripped of their last byte, so that mail serverswith multiple addresses are recognized as only one.
- Auto-whitelisting of clients
- Clients which repeatedly show to be able to pass the greylist, are enteredin a "clients whitelist", for which no greylisting is done anymore.
This is a graph showing the effectiveness of greylisting. I did turn it on ontuesday:
Installation
You will also need:- Perl (version ≥ 5.6.0)
- Net::Server
- IO::Multiplex
- BerkeleyDB (Perl module)
- Berkeley DB (Library, version ≥ 4.1)
Distribution Packages
If installing it from thesource tarball is too complicatedfor you, an alternative is to use one of the following distribution packages:- OpenPKG
- OpenPKG includes a postgrey package (thanks to Ralf Engelschall). Just getthe package fromwww.openpkg.org.
- Debian
- Postgrey is available in Debian (thanks to Adrian 'Dagurashibanipal' vonBidder). Just runapt-get install postgrey.
- Redhat/Fedora
- Postgrey is available in Fedora (thanks Christopher Meng). Just rundnf install postgrey.
Note: RedHat users need toenable EPEL first to install it. - Gentoo
- Postgrey is available in the main Gentoo repository. Just runemerge -s postgrey.
- FreeBSD
- Harold Paulson did prepare a package for FreeBSD that you can findhere.
- OpenBSD
- OpenBSD also contains a port of Postgrey done by Jakob Schlyter.
- ALT Linux
- Postgrey is available in ALT Linux (thanks to Vladimir V. Kamarzin). Justrunapt-get install postgrey.
Mailing-List
The[email protected] mailing-list is available forannouncements and discussions about postgrey. You can subscribe by sending amail to[email protected]with subject "subscribe postgrey". You can also access thearchives.
Development
Development is done onGitHub. Please use that also for bug reports.
Patches
I am rather conservative in including new functionality to Postgrey becauseI want to keep it a safe and well performing greylisting implementation. If youlook for some advanced features, you might be interested in the followingpatches:
- taRgrey (tarpit + greylist)by Satoh Kiyoshi
- taRgrey is a patch that makes postgrey into a tarpitting policy server.
- p0f passive OS detectionby Fedux
- passive OS detection and white-listing based on detected OS
References
Postgrey is described in the following books and articles:
- Postfix (in German) by Ralf Hildebrandt and Patrick Ben Koetter.
- Das Postfix-Buch (in German) by Peer Heinlein
- Implementing Postgrey on OS X Server by Athanasios Alexandrides
Francisco Javier Rodríguez Arias did write anhowto in spanish.