NAME

greyfix —

A greylisting policy daemon for Postfix

SYNOPSIS

greyfix [-Vvd] [-h home_directory] [-g delay_period] [-b bloc_idle_period] [-p pass_period] [-r reject_action] [-G greylist_action] [-/ prefix_size] [-6 prefix_size] [--dump-triplets] [--help]

DESCRIPTION

greyfix is a efficient greylisting policy daemon for Postfix.

The options are:

-V, --version: Show version information.
-v, --verbose: Verbose logging.
-d, --debug: Debug logging.
--help: Show usage information.
--dump-triplets: Dump the triplets database to stdout. Mostly for debugging purposes.
-b seconds, --bloc-max-idle seconds: How many seconds of life are given to a record that is created from a new mail (ip, from, to) triplet. Note that the window created by this setting for passing mails is reduced by the amount set for --greylist-delay. Also see --pass-max-idle. Defaults to 18000.
-g seconds, --greylist-delay seconds: How many seconds we will block inbound mail that is from a previously unknown (ip, from, to) triplet. If it is set to zero, incoming mail association will be learned, but no deliveries will be tempfailed. Use a setting of zero with caution, as it will learn spammers as well as legitimate senders. Defaults to 3480.
-h home_directory, --home home_directory: Location of the Berkeley DB environment home location. Defaults to /var/db/greyfix.
-p seconds, --pass-max-idle seconds: How long to give to a record we are updating from an allowed (passed) email.
The default is 3110400, which should be enough to handle messages that may only be sent once a month, or on things like the first monday of the month (which sometimes means 5 weeks). Plus, we add a day for a delivery buffer.
-r action, --reject-action action: The reject action directive that will be used. See access(5) for valid actions. The placeholder %d expand to the number of seconds, %p to the empty string if %d expands to 1 or “s” otherwise, %s to a single space, and %% to “%”.
The default is “DEFER_IF_PERMIT Greylisted by greyfix 0.4.0, try again in %d second%p. See http://www.kim-minh.com/pub/greyfix/ for more information.”
-G action, --greylisted-action action: The action that will be used the first time a triplet passes greylisting. Same expansion as for --reject-action.
The default is “PREPEND X-Greyfix: Greylisted by greyfix 0.4.0 for %d second%p. See http://www.kim-minh.com/pub/greyfix/ for more information.”
-/ prefix_size, --network-prefix prefix_size: Only consider the first prefix_size bits of an IPv4 address. Defaults to 32, i.e., the whole address is significant.
-6 prefix_size, --network6-prefix prefix_size: Only consider the first prefix_size bits of an IPv6 address. Defaults to 128, i.e., the whole address is significant.

USAGE

Edit Postfix's master configuration file, /usr/local/etc/postfix/master.cf, and add the following:

greyfix    unix  -       n       n       -       -       spawn
  user=nobody argv=/usr/local/sbin/greyfix -/ 24 -6 56

Edit Postfix's main configuration file, /etc/postfix/main.cf, and add the following:

smtpd_recipient_restrictions =
  permit_mynetworks,
  reject_unauth_destination,
  check_policy_service unix:private/greyfix

If there is already an smtpd_recipient_restrictions configuration line, you should edit it rather than add a new one. The important part for Greyfix is that you should add check_policy_service unix:private/greyfix to it. Finally, have Postfix reload its configuration with postfix reload.

NOTES

Logs

Greyfix logs to syslog(3) with the LOG_MAIL facility. As such, the log messages should appear along Postfix's.

ALSO SEE

access(5)

AUTHORS

greyfix was written by Kim Minh Kaplan ⟨http://www.kim-minh.com/⟩.