Home | Comics | Gallery | (Amazon| ThinkGeek) wishlist | Donations | Impressum | The Book of Postfix | Postfix - Einrichtung, Betrieb und Wartung | Blog

Postfix and selective greylisting

The Question

greylisting is nice, but I don't want to greylist everything, since that's too risky (there are some systems that simply will not retry - sad but true). Instead, I only want to greylist mail from unknown clients, dialups, etc.
Can I do that in Postfix?

The Answer

Yes, of course. You can do it this way:
Define a smtpd restriction class: 
smtpd_restriction_classes =
   greylisting

greylisting = check_policy_service inet:127.0.0.1:60001
Use that restriction class from within smtpd_recipient_restrictions (we're putting it at the end in this example): 
smtpd_recipient_restrictions =
   ...
   check_client_access pcre:/etc/postfix/dialups.pcre
   permit
and in /etc/postfix/dialups.pcre we specify which clients should be greylisted: 
      
/(\-.+){4}$/ greylisting
/(\..+){4}$/ greylisting
# everything with 4 or more dots/hyphens in the hostname

/(^|[0-9.x_-])(abo|br(e|oa)dband|cabel|(hk)?cablep?|catv|cbl|cidr|d?client2?|cust(omer)?s?|dhcp|dial?(in|up)?|d[iu]p|[asx]?dsld?|dyn(a(dsl|mic)?)?|home|in-addr|modem(cable)?|(di)?pool|ppp|ptr|rev|static|user|YahooBB[0-9]{12}|c[[:alnum:]]{6,}(\.[a-z]{3})?\.virtua|[1-9]Cust[0-9]+|AC[A-Z][0-9A-F]{5}\.ipt|pcp[0-9]{6,}pcs|S0106[[:alnum:]]{12,}\.[a-z]{2})[0-9.x_-]/
   greylisting
   
/^unknown$/    greylisting
If you want to hit your head against the wall, you can find SQLgrey's regexp (which is used to switch from class-C to whole IP based greylisting when a dialup is detected) here:

http://sqlgrey.bouton.name/dyn_fqdn.regexp This is awfully long but replaced the more simple approach SQLgrey inherited from Postgrey (matching IP components in the fqdn) because users reported better dialup detection with it.

There's another for matching well-known SMTP name patterns here : http://sqlgrey.bouton.name/smtp_server.regexp

Both were contributed by one of SQLgrey's users.

© by Ralf Hildebrandt
This document contains links to external information sources that I do neither monitor nor control. I explicitly disclaim any liabilities in respect to external references.
You are getting this document without any guarantees. Any methods shown above are meant as demonstration and may be wrong in some place. You may damage your system if you try to follow my hints and instructions. You do this at your own risk!

Valid HTML 4.01 Strict

Windows 7 Sins

 Locations of visitors to this page

This file was last modified 23. Jan 2007 by root