1sqlgrey(1)            User Contributed Perl Documentation           sqlgrey(1)
2
3
4

NAME

6       sqlgrey - Postfix Greylisting Policy Server
7

SYNOPSIS

9       sqlgrey [options...]
10
11        -h, --help                 display this help and exit
12            --man                  display man page
13            --version              output version information and exit
14        -d, --daemonize            run in the background
15        -k, --kill                 kill a running sqlgrey
16                                   (identified by 'pidfile' content)
17        -f, --configfile=FILE      read config from FILE
18                                   (default /etc/sqlgrey/sqlgrey.conf)
19                                   expecting config_param=value lines,
20                                   - spaces are ignored,
21                                   - '#' is used for comments
22
23       See the default config file at /etc/sqlgrey/sqlgrey.conf for runtime
24       parameters.  If you got sqlgrey from sources, read the HOWTO file in
25       the compressed archive.  If it came prepackaged, look into the documen‐
26       tation tree for this file: /usr/share/doc/sqlgrey-<version>/ on most
27       Linux distributions for example.
28

DESCRIPTION

30       Sqlgrey is a Postfix policy server implementing greylisting.
31
32       When a request for delivery of a mail is received by Postfix via SMTP,
33       the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" is built. If it is the
34       first time that this triplet is seen, or if the triplet was first seen
35       less than reconnect-delay minutes (1 is the default), then the mail
36       gets rejected with a temporary error. Hopefully spammers or viruses
37       will not try again later, as it is however required per RFC.
38
39       In order to alleviate the reconnect delay, sqlgrey uses a 2-level auto-
40       white-list (AWL) system:
41
42       ·   As soon as a "CLIENT IP" / "SENDER" is accepted, it is added to an
43           AWL. The couple expires when it isn't seen for more than awl-age
44           days (60 is the default).
45
46       ·   If group-domain-level "SENDER"s (2 is the default) from the same
47           domain or more use the same "CLIENT IP", another AWL is used based
48           on a "CLIENT IP" / "DOMAIN" couple.  This couple expires after awl-
49           age days too. This AWL is meant to be used on high throughput sites
50           in order to :
51
52           ·   minimize the amount of data stored in database,
53
54           ·   minimize the amount of processing required to find an entry in
55               the AWL.
56
57           ·   don't impose any further mail delay when a "CLIENT IP" /
58               "DOMAIN" couple is known.
59
60           It can be disabled by setting group-domain-level to 0.
61
62       General idea:
63
64       When a SMTP client has been accepted once, if the IP isn't dynamic,
65       greylisting the IP again is only a waste of time when it sends another
66       e-mail. As we already know that this IP runs an RFC-compliant MTA (at
67       least the 4xx error code handling) and will get the new e-mail through
68       anyway.
69
70       In the case of mail relays, these AWLs works very well as the same
71       senders and mail domains are constantly coming through the same IP
72       addresses -> the e-mails are quickly accepted on the first try.  In the
73       case of individual SMTP servers, this works well if the IP is fixed
74       too.  When using a floating IP address, the AWLs are defeated, but it
75       should be the least common case by far.
76
77       Why do we put the domain in the AWL and not the IP only ? If we did
78       only store IP addresses, polluting the AWL would be far too easy. It
79       would only take one correctly configured MTA sending one e-mail from
80       one IP one single time to put it in a whitelist used whatever future
81       mails from this IP look like.
82
83       With this AWL system, one single mail can only allow whitelisting of
84       mails from a single sender from the same IP...
85

INSTALLATION

87       ·   Create a "sqlgrey" user. This will be the user the daemon runs as.
88
89       ·   When using a full-fledge SGBD (MySQL and PostgreSQL, not SQLite),
90           create a 'sqlgrey' db user and a 'sqlgrey' database. Grant access
91           to the newly created database to sqlgrey.
92
93       ·   Use the packaged init script to start sqlgrey at boot and start it
94           manually.
95

CONFIGURATION

97       General
98
99       ·   Start by adding check_policy_service after reject_unauth_destina‐
100           tion in /etc/postfix/main.cf :
101
102            smtpd_recipient_restrictions =
103                          ...
104                          reject_unauth_destination
105                          check_policy_service inet:127.0.0.1:2501
106
107       ·   Be aware that some servers do not behave correctly and do not
108           resend mails (as required by the standard) or use unique return
109           addresses.  This is the reason why you should maintain whitelists
110           for them.
111
112           SQLgrey comes with a comprehensive whitelisting system. It can even
113           be configured to fetch up-to-date whitelists from a repository. See
114           the HOWTO for the details.
115
116       Disabling greylisting for some users
117
118       If you want to disable greylisting for some users you can configure
119       Postfix like this:
120
121       /etc/postfix/sqlgrey_recipient_access:
122         i_like_spam@ee.ethz.ch                OK
123
124       Then you'll add a check_recipient_access in main.cf before the
125       check_policy_service :
126        smtpd_recipient_restrictions =
127              ...
128              reject_unauth_destination
129              check_client_access    hash:/etc/postfix/sqlgrey_client_access
130              check_recipient_access hash:/etc/postfix/sqlgrey_recipi‐
131       ent_access
132              check_policy_service inet:127.0.0.1:10023
133

SEE ALSO

135       See <http://www.greylisting.org/> for a description of what greylisting
136       is and <http://www.postfix.org/SMTPD_POLICY_README.html> for a descrip‐
137       tion of how Postfix policy servers work.
138
140       Copyright (c) 2004 by Lionel Bouton.
141

LICENSE

143       This program is free software; you can redistribute it and/or modify it
144       under the terms of the GNU General Public License as published by the
145       Free Software Foundation; either version 2 of the License, or (at your
146       option) any later version.
147
148       This program is distributed in the hope that it will be useful, but
149       WITHOUT ANY WARRANTY; without even the implied warranty of MER‐
150       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
151       Public License for more details.
152
153       You should have received a copy of the GNU General Public License along
154       with this program; if not, write to the Free Software Foundation, Inc.,
155       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
156

AUTHOR

158       Lionel Bouton <lionel-dev@bouton.name>
159
160
161
162perl v5.8.8                       2007-03-13                        sqlgrey(1)
Impressum