Postgrey - Postfix Greylisting Policy Server
Postgrey is a Postfix policy server implementing greylisting developed by
David Schweikert.
When a request for delivery of a mail is received by Postfix via SMTP, the
triplet CLIENT_IP / SENDER / RECIPIENT is built.
If it is the first time that this triplet is seen, or if the triplet was first
seen, less than 5 minutes ago, then the mail gets rejected with a temporary
error. Hopefully spammers or viruses will not try again later, as it is however
required per RFC.
See here for a
description of what greylisting is and here for a
description of how Postfix policy servers work.
Postgrey compared to the example greylist.pl included in Postfix
2.1.1 has the following additional features:
- Safe database
- greylist.pl doesn't lock correctly the database and it might get
corrupted after a while (two days mean time for me). Postgrey uses the
locking and transaction features of BerkeleyDB to maximize reliability.
Additionally only one process is running, thus reducing even more the risk of
corrupting the database.
- Automatic maintenance
- Postgrey does keep track not only of the first time a given triplet was
seen, but also the last time. Entries that were last seen more than a defined
amount of time ago (one month for example) get removed automatically.
- Whitelists
- Per-client and per-recipient whitelists. The Postgrey distribution package
includes a client whitelist with all (few) broken mail-servers that were
identified until now.
- Lookup by subnet
- Addresses are normally stripped of their last byte, so that mail servers
with multiple addresses are recognized as only one.
- Auto-whitelisting of clients
- Clients which repeatedly show to be able to pass the greylist, are entered
in a "clients whitelist", for which no greylisting is done anymore.
This is a graph showing the effectiveness of greylisting. I did turn it on on
tuesday:
Installation
Download it here
You will also need:
Distribution Packages
If installing it from the
source tarball is too complicated
for you, an alternative is to use one of the following distribution packages:
- OpenPKG
- OpenPKG includes a postgrey package (thanks to Ralf Engelschall). Just get
the package from www.openpkg.org.
- Debian
- Postgrey is available in Debian (thanks to Adrian 'Dagurashibanipal' von
Bidder). Just run apt-get install postgrey.
- Redhat/Fedora
- Postgrey is available in Fedora (thanks Christopher Meng). Just run dnf install postgrey.
Note: RedHat users need to enable EPEL first to install it.
- Gentoo
- Postgrey is available in the main Gentoo repository. Just run emerge -s postgrey.
- FreeBSD
- Harold Paulson did prepare a package for FreeBSD that you can find here.
- OpenBSD
- OpenBSD also contains a port of Postgrey done by Jakob Schlyter.
- ALT Linux
- Postgrey is available in ALT Linux (thanks to Vladimir V. Kamarzin). Just
run apt-get install postgrey.
Mailing-List
The postgrey@list.ee.ethz.ch mailing-list is available for
announcements and discussions about postgrey. You can subscribe by sending a
mail to sympa@list.ee.ethz.ch
with subject "subscribe postgrey". You can also access the archives.
Development
Development is done on GitHub. Please use that also for bug reports.
Patches
I am rather conservative in including new functionality to Postgrey because
I want to keep it a safe and well performing greylisting implementation. If you
look for some advanced features, you might be interested in the following
patches:
- taRgrey (tarpit + greylist)
by Satoh Kiyoshi
- taRgrey is a patch that makes postgrey into a tarpitting policy server.
- p0f passive OS detection
by Fedux
- passive OS detection and white-listing based on detected OS
References
Postgrey is described in the following books and articles:
Francisco Javier RodrÃguez Arias did write an howto in spanish.