Postfix policy daemons

graypold

graypold is a standalone graylisting server written in Perl. It can use a PostgreSQL or MySQL database backend. It listens on five local unix sockets (usally in /var/run) to provide different functions:

Download

Installation

  1. Download and extract the latest version of graypold
  2. Call make test in order to check whether you have all required Perl modules installed. You need at least:
  3. Call make install. You now have:
  4. On FreeBSD: Add graypold_enable="YES" to /etc/rc.conf
    On Linux: Use the distribution specific tools to have /etc/init.d/graypold run during system boot
  5. Create an unprivileged user:
    On FreeBSD: pw useradd graylist -d /nonexistent -s /usr/sbin/nologin -c "Graylisting Daemon"
    On Linux: useradd -d /nonexistent -s /usr/sbin/nologin -c "Graylisting Daemon" -M graylist
  6. Override defaults from /usr/local/lib/graylib.pl in /usr/local/etc/graypol.conf, eg.
    dbtype           = Mysql
    dbhost           = localhost
    dbuser           = grayuser
    dbpass           = foobar
    rrdfile_graylist = /var/lib/gray.rrd
    picpath          = /home/www/pages/graystats
    
  7. Create database tables and indexes:
  8. Adjust main.cf:

delaypol

delaypol prolongs several stages of the smtp dialog to their maximum values allowed by rfc 2821. If somebody insists that your mail server is not rfc-conform, you can calm down his servers by using delaypol on your server (I know, it is an idiotic asshole tool. Don't use it!).

Download

Installation

  1. Move delaypol.pl to /usr/local/libexec/
  2. Put ip addresses or even ip ranges that you want to throttle into /usr/local/etc/postfix/delayed_clients.cidr
  3. Add the following entry to your master.cf:
    delaypol        unix    -       n       n       -       -       spawn
    	user=nobody argv=/usr/local/libexec/delaypol.pl
    
  4. Adopt these lines into your main.cf:
    smtpd_helo_restrictions        = check_policy_service unix:private/delaypol
    smtpd_sender_restrictions      = check_policy_service unix:private/delaypol
    smtpd_client_restrictions      = check_policy_service unix:private/delaypol
    smtpd_recipient_restrictions   = check_policy_service unix:private/delaypol
    smtpd_data_restrictions        = check_policy_service unix:private/delaypol
    smtpd_end_of_data_restrictions = check_policy_service unix:private/delaypol
    
  5. Call postfix restart

Old stuff

These two scripts are the predecessors of graypold. They are started by the postfix spawn tool: