qmail-greyd is yet another implementation of greylisting for qmail,
netqmail and indimail. The qmail-greyd code is licensed under GPLV3
Most of the ideas come from greydaemon written by John Levine and the
greycheck() function written by Andrew Richards as described at
Announce: greydaemon, a new greylisting package for netqmail | Qmail | users
Using Andrew's code makes it possible to have minimal changes to
qmail-smtpd. qmail-greyd is compatible with Andrew's code and uses
almost the same logic as in greydaemon.
qmail-greyd can be downloaded from
https://sourceforge.net/projects/in...ns/qmail-greyd/greylist-1.0.patch.gz/download
qmail-greyd is written in C and uses extensively the functions written
by djb. qmail-greyd maintains an in-memory linked-list of triplets of
IP, from, recipients. It reads the entire recipient list in one
operation by figuring out the data size using MSG_PEEK
parameter to recvfrom(). During startup, qmail-grey can read a list of
IPs from a file. The entries in the file can be in CIDR format, range
format, wildcards or exact IPs. The whitelist file can have a .cdb
extension for fast cdb lookup. Once qmail-greyd is running, it can
re-read the whitelist on receipt of SIGHUP. (I also have a version which
does MySQL lookup, in case anyone in this list is interested).
To have the in-memory database as small as possible, qmail-greyd
continously expires entries in the linked list and frees the expired
entries periodically. qmail-greyd periodically flushes the in-memory
database to a file. This context file can be read during startup (say
after a reboot). qmail-greyd also flushes the database to a file on
receipt of signal SIGTERM or SIGUSR1.
qmail-greyd can be started under supervise. A typical command line I am
using currently is
/var/qmail/bin/qmail-greyd -w greydaemon.white -t 30 -g 24 -m 2 \
-s 5 127.0.0.1 greydaemon.context
qmail-greyd is still being worked on. I expect there would be few
glitches in the code. Other than my own laptop, I have no means to test
the code from different sources.
I will be glad to work with any volunteer(s) who have time to make this
better.
Enabling greylisting in qmail-smtpd:
------------------------------------
Greylisting is enabled using the GREYIP environment variable.
This specifies the IP address and/or port on which qmail-greyd is
listening.
Specifying an empty string, GREYIP="" disables greylisting;
or you can specify the IPaddressort where qmail-greyd is listening
for example GREYIP="127.0.0.1:1999".
* Assuming you've setup your qmail-smtpd service with tcpserver and the
-x option (as in LWQ), you just need to update the cdb file referenced
by this -x option. The source for this file is typically /etc/tcp.smtp.
For example,
127.:allow,RELAYCLIENT=""
192.168.:allow,RELAYCLIENT=""
:allow
could become,
127.:allow,RELAYCLIENT=""
192.168.:allow,RELAYCLIENT=""
:allow,GREYIP=":"
* If you've setup qmail-greyd on a non-default address (perhaps you're
running qmail-greyd on a separate machine), you'll also need to specify
the address it's listening on - adjust the above to include
GREYIP="192.168.5.5:", for example.
* Finally, don't forget to update the cdb file corresponding to the
source file you've just edited. If you have a LWQ setup that's,
qmailctl cdb
otherwise (assuming /etc/tcp.smtp, /etc/tcp.smtp.cdb),
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
* Alternatively (and particularly if you're not using the -x option to
tcpserver) you can enable greylisting for all SMTP connections by
setting GREYIP in the environment in which qmail-smtpd is started - for
example your startup script might now contain the line
exec env GREYIP=":" /usr/local/bin/tcpserver ...
-- Manvendra Bhangui
netqmail and indimail. The qmail-greyd code is licensed under GPLV3
Most of the ideas come from greydaemon written by John Levine and the
greycheck() function written by Andrew Richards as described at
Announce: greydaemon, a new greylisting package for netqmail | Qmail | users
Using Andrew's code makes it possible to have minimal changes to
qmail-smtpd. qmail-greyd is compatible with Andrew's code and uses
almost the same logic as in greydaemon.
qmail-greyd can be downloaded from
https://sourceforge.net/projects/in...ns/qmail-greyd/greylist-1.0.patch.gz/download
qmail-greyd is written in C and uses extensively the functions written
by djb. qmail-greyd maintains an in-memory linked-list of triplets of
IP, from, recipients. It reads the entire recipient list in one
operation by figuring out the data size using MSG_PEEK
parameter to recvfrom(). During startup, qmail-grey can read a list of
IPs from a file. The entries in the file can be in CIDR format, range
format, wildcards or exact IPs. The whitelist file can have a .cdb
extension for fast cdb lookup. Once qmail-greyd is running, it can
re-read the whitelist on receipt of SIGHUP. (I also have a version which
does MySQL lookup, in case anyone in this list is interested).
To have the in-memory database as small as possible, qmail-greyd
continously expires entries in the linked list and frees the expired
entries periodically. qmail-greyd periodically flushes the in-memory
database to a file. This context file can be read during startup (say
after a reboot). qmail-greyd also flushes the database to a file on
receipt of signal SIGTERM or SIGUSR1.
qmail-greyd can be started under supervise. A typical command line I am
using currently is
/var/qmail/bin/qmail-greyd -w greydaemon.white -t 30 -g 24 -m 2 \
-s 5 127.0.0.1 greydaemon.context
qmail-greyd is still being worked on. I expect there would be few
glitches in the code. Other than my own laptop, I have no means to test
the code from different sources.
I will be glad to work with any volunteer(s) who have time to make this
better.
Enabling greylisting in qmail-smtpd:
------------------------------------
Greylisting is enabled using the GREYIP environment variable.
This specifies the IP address and/or port on which qmail-greyd is
listening.
Specifying an empty string, GREYIP="" disables greylisting;
or you can specify the IPaddressort where qmail-greyd is listening
for example GREYIP="127.0.0.1:1999".
* Assuming you've setup your qmail-smtpd service with tcpserver and the
-x option (as in LWQ), you just need to update the cdb file referenced
by this -x option. The source for this file is typically /etc/tcp.smtp.
For example,
127.:allow,RELAYCLIENT=""
192.168.:allow,RELAYCLIENT=""
:allow
could become,
127.:allow,RELAYCLIENT=""
192.168.:allow,RELAYCLIENT=""
:allow,GREYIP=":"
* If you've setup qmail-greyd on a non-default address (perhaps you're
running qmail-greyd on a separate machine), you'll also need to specify
the address it's listening on - adjust the above to include
GREYIP="192.168.5.5:", for example.
* Finally, don't forget to update the cdb file corresponding to the
source file you've just edited. If you have a LWQ setup that's,
qmailctl cdb
otherwise (assuming /etc/tcp.smtp, /etc/tcp.smtp.cdb),
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
* Alternatively (and particularly if you're not using the -x option to
tcpserver) you can enable greylisting for all SMTP connections by
setting GREYIP in the environment in which qmail-smtpd is started - for
example your startup script might now contain the line
exec env GREYIP=":" /usr/local/bin/tcpserver ...
-- Manvendra Bhangui