summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntonio Radici <antonio@dyne.org>2011-01-03 18:31:08 +0000
committerAntonio Radici <antonio@dyne.org>2011-01-03 18:31:08 +0000
commit0ee4057ea9ec0c38359226250dfb8ef8c01a9ca6 (patch)
treef7f1b770d429724a5a1ba583f7c6dd8279352c4e
parentce24ad17543bbb5af72ec99802856a6b6a1cfa34 (diff)
parentc5ce8492b63612b46a6f53f2ba951522c8d63752 (diff)
Merge commit 'upstream/1.33'
-rw-r--r--Changes11
-rw-r--r--contrib/postgrey.init102
-rwxr-xr-xcontrib/postgreyreport46
-rwxr-xr-xpostgrey52
-rw-r--r--postgrey_whitelist_clients14
5 files changed, 208 insertions, 17 deletions
diff --git a/Changes b/Changes
index 4e263e6..272f557 100644
--- a/Changes
+++ b/Changes
@@ -1,3 +1,14 @@
+* 2010-05-04: version 1.33
+
+ - fix warning with IPv6 address (Edwin Kremer)
+ - added --x-greylist-header option (Guido Leisker)
+ - contrib/postgrey.init: new LSB-compliant init script by Adrian von Bidder
+ (Debian)
+ - contrib/postgreyreport: fix POD error (Christian Perrier)
+ - contrib/postgreyreport: added --tab and --show_time options (Leonard den
+ Ottolander)
+ - updated whitelist
+
* 2008-07-22: version 1.32
- fixed recipients whitelisting (David Carrel)
diff --git a/contrib/postgrey.init b/contrib/postgrey.init
new file mode 100644
index 0000000..7aeab33
--- /dev/null
+++ b/contrib/postgrey.init
@@ -0,0 +1,102 @@
+#! /bin/sh
+#
+# postgrey start/stop the postgrey greylisting deamon for postfix
+# (priority should be smaller than that of postfix)
+#
+# Author: (c)2004-2006 Adrian von Bidder <avbidder@fortytwo.ch>
+# Based on Debian sarge's 'skeleton' example
+# Distribute and/or modify at will.
+#
+# Version: $Id: postgrey.init 1436 2006-12-07 07:15:03Z avbidder $
+#
+### BEGIN INIT INFO
+# Provides: postgrey
+# Required-Start: $syslog $local_fs $remote_fs
+# Required-Stop: $syslog $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start/stop the postgrey daemon
+### END INIT INFO
+
+set -e
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/postgrey
+NAME=postgrey
+DESC="postfix greylisting daemon"
+
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Gracefully exit if the package has been removed.
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+# Read config file if it is present.
+if [ -r /etc/default/$NAME ]
+then
+ . /etc/default/$NAME
+fi
+
+POSTGREY_OPTS="--pidfile=$PIDFILE --daemonize $POSTGREY_OPTS"
+if [ -z "$POSTGREY_TEXT" ]; then
+ POSTGREY_TEXT_OPT=""
+else
+ POSTGREY_TEXT_OPT="--greylist-text=$POSTGREY_TEXT"
+fi
+
+ret=0
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --oknodo --quiet \
+ --pidfile $PIDFILE --name $NAME \
+ --startas $DAEMON -- $POSTGREY_OPTS "$POSTGREY_TEXT_OPT"
+ then
+ log_end_msg 0
+ else
+ ret=$?
+ log_end_msg 1
+ fi
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --oknodo --quiet \
+ --pidfile $PIDFILE --name $NAME
+ then
+ log_end_msg 0
+ else
+ ret=$?
+ log_end_msg 1
+ fi
+ rm -f $PIDFILE
+ ;;
+ reload|force-reload)
+ log_action_begin_msg "Reloading $DESC configuration..."
+ if start-stop-daemon --stop --signal 1 --quiet \
+ --pidfile $PIDFILE --name $NAME
+ then
+ log_action_end_msg 0
+ else
+ ret=$?
+ log_action_end_msg 1
+ fi
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ret=$?
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON "$NAME" 2>/dev/null
+ ret=$?
+ ;;
+
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit $ret
diff --git a/contrib/postgreyreport b/contrib/postgreyreport
index 2e90582..9891b4d 100755
--- a/contrib/postgreyreport
+++ b/contrib/postgreyreport
@@ -10,7 +10,7 @@ use Getopt::Long 2.25 qw(:config posix_default no_ignore_case);
use Net::Server::Daemonize qw( get_uid get_gid set_uid set_gid );
use Pod::Usage;
#use Net::RBLClient;
-my $VERSION='1.14.2 (20040715)';
+my $VERSION='1.14.3 (20100321)';
# used in maillog processing
my $RE_revdns_ip = qr/ ([^\[\s]+)\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]/; # ptr[1.2.3.4]
@@ -33,6 +33,8 @@ my %opt = (
separate_by_subnet => '', # if not blank output this string for every new /24
separate_by_ip => '', # if not blank output this string for every new IP
single_line => 1, # output everything on a single line? (grouping enabled if false )
+ tab => 0, # use tabs as separators, not spaces (only in single line mode)
+ show_time => 0, # show entry time in maillog
skip_dnsbl => [], # list of DNSBL servers to check and skip reporting for
skip_clients => [], # files of clients to skip reporting
@@ -55,7 +57,7 @@ sub main
'show_tries',
'check_sender=s',
'separate_by_subnet=s', 'separate_by_ip=s',
- 'single_line!',
+ 'single_line!', 'tab', 'show_time',
'skip_dnsbl=s@','skip_clients=s@', 'match_clients=s@', 'skip_pool',
) or exit(1);
if($opt{help}) { pod2usage(1) }
@@ -136,13 +138,22 @@ sub postgrey_fatal_report()
# display output on single line or multi-line
if ($opt{single_line})
{
- printf "%s ", $triplets{$key}{counter} if($opt{show_tries}) ;
- printf "%5s ", $check_sender if($opt{check_sender}) ;
- printf "%15s ", $ip ;
- printf "%s ", $revdns ;
- printf "%s ", $sender ;
- printf "%s ", $recipient ;
- print "\n" ;
+ if ($opt{tab}) {
+ printf "%s\t", $triplets{$key}{entrytime} if($opt{show_time}) ;
+ printf "%s\t", $triplets{$key}{counter} if($opt{show_tries}) ;
+ printf "%s\t", $check_sender if($opt{check_sender}) ;
+ printf "%s\t", $ip ;
+ printf "%s\t", $revdns ;
+ printf "%s\t", $sender ;
+ } else {
+ printf "%s ", $triplets{$key}{entrytime} if($opt{show_time}) ;
+ printf "%s ", $triplets{$key}{counter} if($opt{show_tries}) ;
+ printf "%5s ", $check_sender if($opt{check_sender}) ;
+ printf "%15s ", $ip ;
+ printf "%s ", $revdns ;
+ printf "%s ", $sender ;
+ }
+ printf "%s\n", $recipient; ;
} else
{
### multi-line
@@ -235,7 +246,7 @@ sub find_and_sort_fatal
$triplets->{$key}{ipaddr}=$ipaddr; # save IP in easy to access form
$triplets->{$key}{subnet}=$subnet; # save subnet in easy to access form
$triplets->{$key}{subkey}=$subkey; # save key in subnet form
-
+ $triplets->{$key}{entrytime}=substr($_,0,15);
}
@@ -593,6 +604,8 @@ B<postgreyreport> [I<options>...]
--match_clients=FILE *ONLY* report if fatal *AND* PTR/IP of client matches
--show_tries display the number of attempts failed triplets made in first column
+ --show_time show entry time in maillog (single line only)
+ --tab use tabs as separators for easy cut(1)ting
--nosingle_line display sender/recipients grouped by ptr - ip
--separate_by_subnet=TXT display TXT for every new /24 (ex: "=================\n" )
@@ -629,6 +642,8 @@ It is best to run postgreyreport against a maillog that is at least several hour
( you be the judge on how old is acceptable ). if you run the report against a live maillog you are
not giving legit MTA's enough time to try again and you will have lots of inaccurate information.
+=over
+
=item * Ex usage:
zcat /var/log/maillog.0.gz | ./postgreyreport [options] > postgreyreport.log
@@ -664,10 +679,21 @@ not giving legit MTA's enough time to try again and you will have lots of inaccu
MX legituser@mac.com user6@recipient7.com
:============================================================================================
+=back
=head1 HISTORY
+B<1.14.3 20100321>
+
+=over 4
+
+ Some additions, Leonard den Ottolander <leonard.den.ottolander.nl>
+ New option: --tab Use tabs as separator in single line mode
+ New option: --show_time Show entry time in maillog in single line mode
+
+=back
+
B<1.14.2 20040715>
=over 4
diff --git a/postgrey b/postgrey
index f4d700a..0149bad 100755
--- a/postgrey
+++ b/postgrey
@@ -22,7 +22,7 @@ use POSIX qw(strftime setlocale LC_ALL);
use vars qw(@ISA);
@ISA = qw(Net::Server::Multiplex);
-my $VERSION = '1.32';
+my $VERSION = '1.33';
my $DEFAULT_DBDIR = '/var/spool/postfix/postgrey';
my $CONFIG_DIR = '/etc/postfix';
@@ -41,6 +41,7 @@ sub cidr_match($$$)
{
my ($net, $mask, $addr) = @_;
return undef unless defined $net and defined $mask and defined $addr;
+ return undef if ($addr =~ /:.*:/); # ignore IPv6 addresses
if($addr =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
$addr = ($1<<24)+($2<<16)+($3<<8)+$4;
}
@@ -479,9 +480,14 @@ sub smtpd_access_policy($$)
# add X-Greylist header
my $date = strftime("%a, %d %b %Y %T %Z", localtime);
- $self->mylog_action($attr, 'pass', 'triplet found', 'delay='.($now-$first));
- return 'PREPEND X-Greylist: delayed '.($now-$first).
- " seconds by postgrey-$VERSION at $self->{postgrey}{hostname}; $date";
+ my $delay = $now-$first;
+ $self->mylog_action($attr, 'pass', 'triplet found', 'delay='.($delay));
+ my $msg = $self->{postgrey}{x_greylist_header};
+ $msg =~ s/\%t/$delay/;
+ $msg =~ s/\%v/$VERSION/;
+ $msg =~ s/\%d/$date/;
+ $msg =~ s/\%h/$self->{postgrey}{hostname}/;
+ return 'PREPEND ' . $msg;
}
$self->mylog_action($attr, 'pass', 'triplet found');
@@ -505,7 +511,7 @@ sub main()
'whitelist-clients=s@', 'whitelist-recipients=s@',
'syslogfacility|syslog-facility|facility=s',
'retry-window=s', 'greylist-action=s', 'greylist-text=s', 'privacy',
- 'hostname=s', 'exim', 'listen-queue-size=i'
+ 'hostname=s', 'exim', 'listen-queue-size=i', 'x-greylist-header=s',
) or exit(1);
# note: lookup-by-subnet can be given for compatibility, but it is default
# so do not do nothing with it...
@@ -606,6 +612,7 @@ sub main()
privacy => defined $opt{'privacy'},
hostname => defined $opt{hostname} ? $opt{hostname} : hostname,
exim => defined $opt{'exim'},
+ x_greylist_header => $opt{'x-greylist-header'} || 'X-Greylist: delayed %t seconds by postgrey-%v at %h; %d',
},
}, 'postgrey';
@@ -805,6 +812,8 @@ B<postgrey> [I<options>...]
whitelisted (turned on by default with value 5)
specify N=0 to disable.
--listen-queue-size=N allow for N waiting connections to our socket
+ --x-greylist-header=TXT header when a mail was delayed by greylisting
+ default: X-Greylist: delayed <seconds> seconds by postgrey-<version> at <server>; <date>
Note that the --whitelist-x options can be specified multiple times,
and that per default /etc/postfix/postgrey_whitelist_clients.local is
@@ -842,6 +851,9 @@ Write an init script to start postgrey at boot and start it. Like this for examp
postgrey --inet=10023 -d
+F<contrib/postgrey.init> in the postgrey source distribution includes a
+LSB-compliant init script by Adrian von Bidder for the Debian system.
+
=item *
Put something like this in /etc/main.cf:
@@ -984,6 +996,36 @@ Mail-domain of the recipient (example.com).
=back
+=head2 Greylist Header
+
+When a message is greylisted, an additional header can be prepended to the
+header section of the mail:
+
+ X-Greylist: delayed %t seconds by postgrey-%v at %h; %d
+
+You can change the text with the B<--x-greylist-header> parameter. The
+following special variables will be replaced in the text:
+
+=over 4
+
+=item %t
+
+How many seconds the mail has been delayed due to greylisting.
+
+=item %v
+
+The version of postgrey.
+
+=item %d
+
+The date.
+
+=item %h
+
+The host.
+
+=back
+
=head2 Privacy
The --privacy option enable the use of a SHA1 hash function to store
diff --git a/postgrey_whitelist_clients b/postgrey_whitelist_clients
index ab8d49d..f4ecb0d 100644
--- a/postgrey_whitelist_clients
+++ b/postgrey_whitelist_clients
@@ -147,8 +147,8 @@ ibm.com
berlin.ptb.de
# registrarmail.net (unique sender names, reported by Simon Waters)
registrarmail.net
-# google.com (big pool, reported by Matthias Dyer)
-/^.*-out-.*\.google\.com$/
+# google.com (big pool, reported by Matthias Dyer, Martin Toft)
+google.com
# orange.fr (big pool, reported by Loc Le Loarer)
/^smtp\d+\.orange\.fr$/
# citigroup.com (slow retry, reported by Michael Monnerie)
@@ -192,3 +192,13 @@ saturn.mahidol.ac.th
ebay.com
# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso)
yahoo.com
+# 2008-11-07: facebook (no retry, reported by Tim Freeman)
+/^outmail\d+\.sctm\.tfbnw\.net$/
+# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert)
+server14.cyon.ch
+# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert)
+home.theory.tifr.res.in
+# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert)
+ms4-1.1blu.de
+# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys)
+/^viefep\d+-int\.chello\.at$/