[Kolab-devel] Kolab server - greylisting (long)

Mon Jan 21 16:00:41 CET 2008

Hi,
	I add greylisting to kolab server.

First I experiment greylist script coming with postfix package.

I download and install postfix source package.
I copy greylist.pl (extracted from exemples/smtpd-policy) in /koab/libexec/postfix

In greylist.pl I modified the DB location to be
/kolab/var/greylist

mkdir /kolab/var/greylist
chown kolab-n.kolab-n /kolab/var/greylist

I add in /kolab/etc/kolab/template/master.cf.template the following line

policy unix - n n -- spawn user=kolab-n argv=/kolab/bin/perl 
/kolab/libexec/postfix/greylist.pl -v

In /kolab/etc/kolab/template/main.cf.template I modified the following line

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
         reject_unauth_destination, reject_unlisted_recipient,
         check_policy_service unix:private/kolabpolicy

with

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
         reject_unauth_destination, reject_unlisted_recipient,
         check_sender_access hash:/kolab/etc/postfix/sender_access,
         check_policy_service unix:private/policy,
         check_policy_service unix:private/kolabpolicy
smtpd_restriction_classes = greylist
greylist = check_policy_service unix:private/policy

I restart postifix with kolabconf.

I found a problem with this solution.
If I forgot to delete greylisting DB, sometimes this perl script start to have 
segmentation fault. The result is that some messages are delayed for long time 
(some days).

So the solution is not the best.

-------

I tried postgrey that seems to work better and is also more simple to install.

Postgrey exist as a package on openpkg, but is not possible to install it on 
kolab 2.1.0 due to the fact that openpkg is too old.

I add it to klab 2.2 beta 3 with these simple steps.

I download the package from openpkg site.

/kolab/bin/openpkg rpm --rebuild postgrey-1.31-20071108.src.rpm
/kolab/bin/openpkg rpm -Uvh postgrey-1.31-20071108.<ARCH>-<OS>-kolab.rpm

The man page say that to use postgrey you have to tell postfix to send message 
to inet socket.
This is not true. By default postgrey open a unix socket. (look at 
/kolab/etc/rc.d/rc.postgrey)

To use it I add the following line in /kolab/etc/kolab/template/main.cf

check_policy_service unix:/kolab/var/postgrey/postgrey.socket

in

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
         reject_unauth_destination, reject_unlisted_recipient,
         check_policy_service unix:/kolab/var/postgrey/postgrey.socket
         check_policy_service unix:private/kolabpolicy

Now postgrey is working an I am satisfied.

------------------

I also add it to kolab 2.10 with this method.

I copied all the file installed by postgrey in kolab 2.2 beta 3 in the same 
location with the same ownership.
It's working well.

------------------

So I propose to add postgrey to kolab server, but leave it disable with a note 
to uncomment a line in main.cf to activate it.

-- 
ing. Andrea Gelpi
***************************************************
La Terra non la abbiamo ereditata dai nostri avi,
ma la abbiamo presa in prestito dai nostri bambini.
***************************************************