Yet Another Greylisting Daemon for qmail and netqmail

Discussion in 'qmail' started by popowich, Aug 29, 2009.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Aug 12, 2008
    Likes Received:
    qmail-greyd is yet another implementation of greylisting for qmail,
    netqmail and indimail. The qmail-greyd code is licensed under GPLV3

    Most of the ideas come from greydaemon written by John Levine and the
    greycheck() function written by Andrew Richards as described at

    Announce: greydaemon, a new greylisting package for netqmail | Qmail | users

    Using Andrew's code makes it possible to have minimal changes to
    qmail-smtpd. qmail-greyd is compatible with Andrew's code and uses
    almost the same logic as in greydaemon.

    qmail-greyd can be downloaded from

    qmail-greyd is written in C and uses extensively the functions written
    by djb. qmail-greyd maintains an in-memory linked-list of triplets of
    IP, from, recipients. It reads the entire recipient list in one
    operation by figuring out the data size using MSG_PEEK
    parameter to recvfrom(). During startup, qmail-grey can read a list of
    IPs from a file. The entries in the file can be in CIDR format, range
    format, wildcards or exact IPs. The whitelist file can have a .cdb
    extension for fast cdb lookup. Once qmail-greyd is running, it can
    re-read the whitelist on receipt of SIGHUP. (I also have a version which
    does MySQL lookup, in case anyone in this list is interested).

    To have the in-memory database as small as possible, qmail-greyd
    continously expires entries in the linked list and frees the expired
    entries periodically. qmail-greyd periodically flushes the in-memory
    database to a file. This context file can be read during startup (say
    after a reboot). qmail-greyd also flushes the database to a file on
    receipt of signal SIGTERM or SIGUSR1.

    qmail-greyd can be started under supervise. A typical command line I am
    using currently is

    /var/qmail/bin/qmail-greyd -w greydaemon.white -t 30 -g 24 -m 2 \
    -s 5 greydaemon.context

    qmail-greyd is still being worked on. I expect there would be few
    glitches in the code. Other than my own laptop, I have no means to test
    the code from different sources.

    I will be glad to work with any volunteer(s) who have time to make this

    Enabling greylisting in qmail-smtpd:

    Greylisting is enabled using the GREYIP environment variable.
    This specifies the IP address and/or port on which qmail-greyd is

    Specifying an empty string, GREYIP="" disables greylisting;
    or you can specify the IPaddress:port where qmail-greyd is listening
    for example GREYIP="".

    * Assuming you've setup your qmail-smtpd service with tcpserver and the
    -x option (as in LWQ), you just need to update the cdb file referenced
    by this -x option. The source for this file is typically /etc/tcp.smtp.
    For example,


    could become,


    * If you've setup qmail-greyd on a non-default address (perhaps you're
    running qmail-greyd on a separate machine), you'll also need to specify
    the address it's listening on - adjust the above to include
    GREYIP="", for example.

    * Finally, don't forget to update the cdb file corresponding to the
    source file you've just edited. If you have a LWQ setup that's,

    qmailctl cdb

    otherwise (assuming /etc/tcp.smtp, /etc/tcp.smtp.cdb),

    tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp

    * Alternatively (and particularly if you're not using the -x option to
    tcpserver) you can enable greylisting for all SMTP connections by
    setting GREYIP in the environment in which qmail-smtpd is started - for
    example your startup script might now contain the line

    exec env GREYIP=":" /usr/local/bin/tcpserver ...

    -- Manvendra Bhangui

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.