Quick ?s
Cheat Sheets
Man Pages
The Lynx
Software
POSTGREY(8)	      User Contributed Perl Documentation	   POSTGREY(8)



NAME
       postgrey - Postfix Greylisting Policy Server

SYNOPSIS
       postgrey [options...]

	-h, --help		display this help and exit
	    --version		output version information and exit
	-v, --verbose		increase verbosity level
	    --syslog-facility	Syslog facility to use (default mail)
	-q, --quiet		decrease verbosity level
	-u, --unix=PATH 	listen on unix socket PATH
	-i, --inet=[HOST:]PORT	listen on PORT, localhost if HOST is not specified
	-d, --daemonize 	run in the background
	    --pidfile=PATH	put daemon pid into this file
	    --user=USER 	run as USER (default: postgrey)
	    --group=GROUP	run as group GROUP (default: postgrey)
	    --dbdir=PATH	put db files in PATH (default: /var/lib/postgrey)
	    --delay=N		greylist for N seconds (default: 300)
	    --max-age=N 	delete entries older than N days since the last time
				that they have been seen (default: 35)
	    --retry-window=N	allow only N days for the first retrial (default: 2)
				append 'h' if you want to specify it in hours
	    --greylist-action=A if greylisted, return A to Postfix (default: DEFER_IF_PERMIT)
	    --greylist-text=TXT response when a mail is greylisted
				(default: Greylisted + help url, see below)
	    --lookup-by-subnet	strip the last 8 bits from IP addresses (default)
	    --lookup-by-host	do not strip the last 8 bits from IP addresses
	    --privacy		store data using one-way hash functions
	    --hostname=NAME	set the hostname (default: `hostname`)
	    --exim		don't reuse a socket for more than one query (exim compatible)
	    --whitelist-clients=FILE	 default: /etc/postgrey/whitelist_clients
	    --whitelist-recipients=FILE  default: /etc/postgrey/whitelist_recipients
	    --auto-whitelist-clients=N	 whitelist host after first successful delivery
					 N is the minimal count of mails before a client is
					 whitelisted (turned on by default with value 5)
					 specify N=0 to disable.
	    --listen-queue-size=N	 allow for N waiting connections to our socket

	Note that the --whitelist-x options can be specified multiple times,
	and that per default /etc/postgrey/whitelist_clients.local and
	/etc/postgrey/whitelist_recipients.local are also read, so that you can put
	there local entries.

DESCRIPTION
       Postgrey is a Postfix policy server implementing greylisting.

       When a request for delivery of a mail is received by Postfix via SMTP,
       the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" is built. If it is the
       first time that this triplet is seen, or if the triplet was first seen
       less than delay seconds (300 is the default), then the mail gets
       rejected with a temporary error. Hopefully spammers or viruses will not
       try again later, as it is however required per RFC.

       Note that you shouldnt use the --lookup-by-host option unless you know
       what you are doing: there are a lot of mail servers that use a pool of
       addresses to send emails, so that they can change IP every time they
       try again. Thats why without this option postgrey will strip the last
       byte of the IP address when doing lookups in the database.

       Installation


	  Create a "postgrey" user and the directory where to put the
	   database dbdir (default: "/var/lib/postgrey")

	  Write an init script to start postgrey at boot and start it. Like
	   this for example:

	    postgrey --inet=60000 -d

	  Put something like this in /etc/main.cf:

	    smtpd_recipient_restrictions =
			  permit_mynetworks
			  ...
			  reject_unauth_destination
			  check_policy_service inet:127.0.0.1:60000

	  Install the provided whitelist_clients and whitelist_recipients in
	   /etc/postgrey.

	  Put in /etc/postgrey/whitelist_recipients users that do not want
	   greylisting.

       Whitelists

       Whitelists allow you to specify client addresses or recipient address,
       for which no greylisting should be done. Per default postgrey will read
       the following files:

	/etc/postgrey/whitelist_clients
	/etc/postgrey/whitelist_clients.local
	/etc/postgrey/whitelist_recipients
	/etc/postgrey/whitelist_recipients.local

       You can specify alternative paths with the --whitelist-x options.

       Postgrey whitelists follow similar syntax rules as Postfix access
       tables.	The following can be specified for recipient addresses:

       domain.addr
		 "domain.addr" domain and subdomains.

       name@	 "name@.*" and extended addresses "name+blabla@.*".

       name@domain.addr
		 "name@domain.addr" and extended addresses.

       /regexp/  anything that matches "regexp" (the full address is matched).

       The following can be specified for client addresses:

       domain.addr
		 "domain.addr" domain and subdomains.

       IP1.IP2.IP3.IP4
		 IP address IP1.IP2.IP3.IP4. You can also leave off one
		 number, in which case only the first specified numbers will
		 be checked.

       IP1.IP2.IP3.IP4/MASK
		 CIDR-syle network. Example: 192.168.1.0/24

       /regexp/  anything that matches "regexp" (the full address is matched).

       Auto-whitelisting clients

       With the option --auto-whitelist-clients a client IP address will be
       automatically whitelisted if the following conditions are met:

	  At least 5 successfull attempts of delivering a mail (after
	   greylisting was done). That number can be changed by specifying a
	   number after the --auto-whitelist-clients argument. Only one
	   attempt per hour counts.

	  The client was last seen before --max-age days (35 per default).

       Greylist Action

       To set the action to be returned to postfix when a message fails
       postgreys tests and should be deferred, use the
       --greylist-action=ACTION option.

       By default, postgrey returns DEFER_IF_PERMIT, which causes postfix to
       check the rest of the restrictions and defer the message only if it
       would otherwise be accepted.  A delay action of 451 causes postfix to
       always defer the message with an SMTP reply code of 451 (temp fail).

       See the postfix manual page access(5) for a discussion of the actions
       allowed.

       Greylist Text

       When a message is greylisted, an error message like this will be sent
       at the SMTP-level:

	Greylisted, see http://postgrey.schweikert.ch/help/example.com.html

       Usually no user should see that error message and the idea of that URL
       is to provide some help to system administrators seeing that message or
       users of broken mail clients which try to send mails directly and get a
       greylisting error. Note that the default help-URL contains the original
       recipient domain (example.com), so that domain-specific help can be
       presented to the user (on the default page it is said to contact
       postmaster@example.com)

       You can change the text (and URL) with the --greylist-text parameter.
       The following special variables will be replaced in the text:

       %s  How many seconds left until the greylisting is over (300).

       %r  Mail-domain of the recipient (example.com).

       Privacy

       The --privacy option enable the use of a SHA1 hash function to store
       IPs and emails in the greylisting database.  This will defeat straight
       forward attempts to retrieve mail user behaviours.

       SEE ALSO

       See  for a description of what greylisting
       is and  for a
       description of how Postfix policy servers work.

COPYRIGHT
       Copyright (c) 2004-2007 by ETH Zurich. All rights reserved.  Copyright
       (c) 2007 by Open Systems AG. All rights reserved.

LICENSE
       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published by the
       Free Software Foundation; either version 2 of the License, or (at your
       option) any later version.

       This program is distributed in the hope that it will be useful, but
       WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
       General Public License for more details.

       You should have received a copy of the GNU General Public License along
       with this program; if not, write to the Free Software Foundation, Inc.,
       675 Mass Ave, Cambridge, MA 02139, USA.

AUTHOR
       David Schweikert 



perl v5.10.0			  2008-07-18			   POSTGREY(8)




Yals.net is © 1999-2009 Crescendo Communications
Sharing tech info on the web for more than a decade!
This page was generated Thu Apr 30 17:05:32 2009