FlipsideReality Once upon a time, in a land far far away…

10Oct/080

Postfix, postgrey, and targrey. How’s that for a boring title, yay!

YupYup,

installed postgrey & targrey today:

wget http://postgrey.schweikert.ch/pub/postgrey-1.32.tar.gz
tar xvfz postgrey-1.32.tar.gz
cd postgrey-1.32
wget http://k2net.hakuba.jp/pub/targrey-0.31-postgrey-1.32.patch
cp ./postgrey postgrey.orig
patch < targrey-0.31-postgrey-1.32.patch
cp ./postgrey /usr/sbin/
cp ./postgrey_whitelist_clients /etc/postfix
cp ./postgrey_whitelist_recipients /etc/postfix
groupadd mail
useradd -g mail -d /home/postgrey -m -s /bin/false postgrey
mkdir /var/run/postgrey/
chown -R postgrey:mail /var/run/postgrey/
mkdir /var/spool/postfix/postgrey
chown postgrey:mail /var/spool/postfix/postgrey -R

Now create an init file:

vi /etc/init.d/postgrey

and put this in it:

#!/bin/bash
#
# Init file for postgrey server daemon
#
# chkconfig: 2345 79 30
# description: postgrey server daemon
#
# processname: postgrey
case "$1" in
start)
# Start Postgrey
/usr/sbin/postgrey --inet=127.0.0.1:60000 --daemonize --pidfile=/var/run/postgrey/postgrey.pid --whitelist-clients=/etc/postfix/postgrey_whitelist_clients --whitelist-recipients=/etc/postfix/postgrey_whitelist_recipients --greylist-action=451 --delay=420 --max-age=40 --lookup-by-subnet --auto-whitelist-clients=10 --user=postgrey --group=mail
;;
stop)
# Stop Postgrey
killall /usr/sbin/postgrey
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac

make it executable:

chown 754 /etc/init.d/postgrey

and tell your system to start it when the system starts
Debian:

update-rc.d postgrey defaults

Redhat:

chkconfig --add postgrey

now tell postfix to use it, edit /etc/postfix/main.cf and add

check_policy_service   inet:60000

to the end of the smtpd_recipient_restrictions and smtpd_data_restrictions statements, so they look something like this:

smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    ...(whitelist and other filter)
    check_client_access regexp:$config_directory/permit_client_nots25r
    check_policy_service   inet:60000
    ...
    permit

smtpd_data_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    ...(whitelist)
    check_client_access regexp:$config_directory/permit_client_nots25r
    check_policy_service   inet:60000
    permit

And that's your lot.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)
Tagged as: , , , , No Comments
   

Mmm, data:

*nix apple app rollout bash cisco colo debian enlightenment funny graphics hacking hardware internet iphone javascript k/ubuntu learning linux MAC OSX mambo / joomla mobile music networking objet désirée openNMS osx perl php play religion scripting security software sysadmin thin clients ubuntu video virtualisation vista voip windows Wireless work www xbox

Say what?