Postfix policy daemons

graypold

graypold is a standalone graylisting server written in Perl. It can use a PostgreSQL or MySQL database backend. It listens on three local unix sockets (usally in /var/run) to provide different functions:

Download

Installation

  1. Download and extract the latest version of graypold
  2. Call make install. You now have:
  3. On FreeBSD: Add graypold_enable="YES" to /etc/rc.conf
    On Linux: Use the distribution specific tools to have /etc/init.d/graypold run during system boot
  4. Create an unprivileged user:
    On FreeBSD: pw useradd graylist -d /nonexistent -s /usr/sbin/nologin -c "Graylisting Daemon"
    On Linux: useradd -d /nonexistent -s /usr/sbin/nologin -c "Graylisting Daemon" -M graylist
  5. Override defaults from /usr/local/lib/graylib.pl in /usr/local/etc/graypol.conf, eg.
    dbtype = Mysql
    dbhost = localhost
    dbuser = grayuser
    dbpass = foobar
    rrdfile = /var/lib/gray.rrd
    picpath = /home/www/pages/graystats
    
  6. Create database tables and indexes:
  7. Adjust main.cf:

delaypol

delaypol prolongs several stages of the smtp dialog to their maximum values allowed by rfc 2821. If somebody insists that your mail server is not rfc-conform, you can calm down his servers by using delaypol on your server (I know, it is an idiotic asshole tool. Don't use it!).

Download

Installation

  1. Move delaypol.pl to /usr/local/libexec/
  2. Put ip addresses or even ip ranges that you want to throttle into /usr/local/etc/postfix/delayed_clients.cidr
  3. Add the following entry to your master.cf:
    delaypol        unix    -       n       n       -       -       spawn
    	user=nobody argv=/usr/local/libexec/delaypol.pl
    
  4. Adopt these lines into your main.cf:
    smtpd_helo_restrictions        = check_policy_service unix:private/delaypol
    smtpd_sender_restrictions      = check_policy_service unix:private/delaypol
    smtpd_client_restrictions      = check_policy_service unix:private/delaypol
    smtpd_recipient_restrictions   = check_policy_service unix:private/delaypol
    smtpd_data_restrictions        = check_policy_service unix:private/delaypol
    smtpd_end_of_data_restrictions = check_policy_service unix:private/delaypol
    
  5. Call postfix restart

Old stuff

These two scripts are the predecessors of graypold. They are started by the postfix spawn tool: