Hi,
I have a working installation of Postfix and Dovecot that works nicely. I've added SpamAssassin, which does a good job of flagging spam. Now I wanted to add greylisting to my server.
Here's what I did.
$ sudo yum install postgrey
Increase the greylisting delay.
# /etc/sysconfig/postgrey POSTGREY_OPTS="--delay=300"
Edit /etc/postfix/main.cf accordingly.
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, check_policy_service unix:/var/spool/postfix/postgrey/socket, reject
Start/restart services.
$ sudo systemctl enable postgrey $ sudo systemctl start postgrey $ sudo systemctl restart postfix
Now Postgrey seems to be running OK.
$ systemctl status postgrey ● postgrey.service - Postfix Greylisting Service Loaded: loaded (/usr/lib/systemd/system/postgrey.service; enabled; vendor preset: disabled) Active: active (running) since mer. 2019-06-19 09:39:04 CEST; 19min ago Docs: man:postgrey(8) Process: 5228 ExecStart=/usr/sbin/postgrey --unix=/var/spool/postfix/postgrey/socket --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --greylist-text=Greylisted for %%s seconds --daemonize $POSTGREY_OPTS (code=exited, status=0/SUCCESS) Process: 5225 ExecStartPre=/bin/rm -f /var/run/postgrey.pid (code=exited, status=0/SUCCESS) Main PID: 5229 (/usr/sbin/postg) CGroup: /system.slice/postgrey.service └─5229 /usr/sbin/postgrey --unix=/var/spool/postfix/postgrey/socket --pidfile=/var/run/p...
juin 19 09:39:03 sd-100246 systemd[1]: Starting Postfix Greylisting Service... juin 19 09:39:04 sd-100246 postgrey[5229]: Process Backgrounded juin 19 09:39:04 sd-100246 postgrey[5229]: 2019/06/19-09:39:04 postgrey (type Net::Server::Multi...29) juin 19 09:39:04 sd-100246 postgrey[5229]: Binding to UNIX socket file "/var/spool/postfix/postg...et" juin 19 09:39:04 sd-100246 postgrey[5229]: Setting gid to "238 238" juin 19 09:39:04 sd-100246 systemd[1]: Started Postfix Greylisting Service. juin 19 09:39:04 sd-100246 postgrey[5229]: Setting uid to "994"
The only problem is that there's no greylisting. I tried to send mails from various mail servers to this machine. Everything gets delivered immediately, and there's no greylisting action in /var/log/maillog.
Any suggestions?
Niki
On 2019-06-19 04:01, Nicolas Kovacs wrote:
Hi,
I have a working installation of Postfix and Dovecot that works nicely. I've added SpamAssassin, which does a good job of flagging spam. Now I wanted to add greylisting to my server.
Here's what I did.
$ sudo yum install postgrey
Increase the greylisting delay.
# /etc/sysconfig/postgrey POSTGREY_OPTS="--delay=300"
Edit /etc/postfix/main.cf accordingly.
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, check_policy_service unix:/var/spool/postfix/postgrey/socket, reject
Start/restart services.
$ sudo systemctl enable postgrey $ sudo systemctl start postgrey $ sudo systemctl restart postfix
Now Postgrey seems to be running OK.
$ systemctl status postgrey ● postgrey.service - Postfix Greylisting Service Loaded: loaded (/usr/lib/systemd/system/postgrey.service; enabled; vendor preset: disabled) Active: active (running) since mer. 2019-06-19 09:39:04 CEST; 19min ago Docs: man:postgrey(8) Process: 5228 ExecStart=/usr/sbin/postgrey --unix=/var/spool/postfix/postgrey/socket --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --greylist-text=Greylisted for %%s seconds --daemonize $POSTGREY_OPTS (code=exited, status=0/SUCCESS) Process: 5225 ExecStartPre=/bin/rm -f /var/run/postgrey.pid (code=exited, status=0/SUCCESS) Main PID: 5229 (/usr/sbin/postg) CGroup: /system.slice/postgrey.service └─5229 /usr/sbin/postgrey --unix=/var/spool/postfix/postgrey/socket --pidfile=/var/run/p...
juin 19 09:39:03 sd-100246 systemd[1]: Starting Postfix Greylisting Service... juin 19 09:39:04 sd-100246 postgrey[5229]: Process Backgrounded juin 19 09:39:04 sd-100246 postgrey[5229]: 2019/06/19-09:39:04 postgrey (type Net::Server::Multi...29) juin 19 09:39:04 sd-100246 postgrey[5229]: Binding to UNIX socket file "/var/spool/postfix/postg...et" juin 19 09:39:04 sd-100246 postgrey[5229]: Setting gid to "238 238" juin 19 09:39:04 sd-100246 systemd[1]: Started Postfix Greylisting Service. juin 19 09:39:04 sd-100246 postgrey[5229]: Setting uid to "994"
The only problem is that there's no greylisting. I tried to send mails from various mail servers to this machine. Everything gets delivered immediately, and there's no greylisting action in /var/log/maillog.
Did you include this line:
postgrey unix - n n - - /var/spool/postfix/postgrey/socket
in your /etc/postix/master.cf file?
Le 19/06/2019 à 16:38, Mike Burger a écrit :
Did you include this line:
postgrey unix - n n - - /var/spool/postfix/postgrey/socket
in your /etc/postix/master.cf file?
No, but I tried to follow your suggestion, and still no luck.
On 19/06/2019 09:01, Nicolas Kovacs wrote:
Hi,
I have a working installation of Postfix and Dovecot that works nicely. I've added SpamAssassin, which does a good job of flagging spam. Now I wanted to add greylisting to my server.
Here's what I did.
$ sudo yum install postgrey
Increase the greylisting delay.
# /etc/sysconfig/postgrey POSTGREY_OPTS="--delay=300"
Edit /etc/postfix/main.cf accordingly.
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, check_policy_service unix:/var/spool/postfix/postgrey/socket, reject
Start/restart services.
$ sudo systemctl enable postgrey $ sudo systemctl start postgrey $ sudo systemctl restart postfix
Now Postgrey seems to be running OK.
$ systemctl status postgrey ● postgrey.service - Postfix Greylisting Service Loaded: loaded (/usr/lib/systemd/system/postgrey.service; enabled; vendor preset: disabled) Active: active (running) since mer. 2019-06-19 09:39:04 CEST; 19min ago Docs: man:postgrey(8) Process: 5228 ExecStart=/usr/sbin/postgrey --unix=/var/spool/postfix/postgrey/socket --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --greylist-text=Greylisted for %%s seconds --daemonize $POSTGREY_OPTS (code=exited, status=0/SUCCESS) Process: 5225 ExecStartPre=/bin/rm -f /var/run/postgrey.pid (code=exited, status=0/SUCCESS) Main PID: 5229 (/usr/sbin/postg) CGroup: /system.slice/postgrey.service └─5229 /usr/sbin/postgrey --unix=/var/spool/postfix/postgrey/socket --pidfile=/var/run/p...
juin 19 09:39:03 sd-100246 systemd[1]: Starting Postfix Greylisting Service... juin 19 09:39:04 sd-100246 postgrey[5229]: Process Backgrounded juin 19 09:39:04 sd-100246 postgrey[5229]: 2019/06/19-09:39:04 postgrey (type Net::Server::Multi...29) juin 19 09:39:04 sd-100246 postgrey[5229]: Binding to UNIX socket file "/var/spool/postfix/postg...et" juin 19 09:39:04 sd-100246 postgrey[5229]: Setting gid to "238 238" juin 19 09:39:04 sd-100246 systemd[1]: Started Postfix Greylisting Service. juin 19 09:39:04 sd-100246 postgrey[5229]: Setting uid to "994"
The only problem is that there's no greylisting. I tried to send mails from various mail servers to this machine. Everything gets delivered immediately, and there's no greylisting action in /var/log/maillog.
Any suggestions?
Niki
Try following the Postgrey guide on the Wiki:
https://wiki.centos.org/HowTos/postgrey#head-314ceecc5ece27e0f0a4bf1abcd8ee9...
Works for me (allowing for the switch to systemd)
Le 19/06/2019 à 22:05, Phil Perry a écrit :
Try following the Postgrey guide on the Wiki:
https://wiki.centos.org/HowTos/postgrey#head-314ceecc5ece27e0f0a4bf1abcd8ee9...
Works for me (allowing for the switch to systemd)
I've followed this document, and still no joy.
Niki
Am 20.06.2019 um 09:39 schrieb Nicolas Kovacs:
Le 19/06/2019 à 22:05, Phil Perry a écrit :
Try following the Postgrey guide on the Wiki:
https://wiki.centos.org/HowTos/postgrey#head-314ceecc5ece27e0f0a4bf1abcd8ee9...
Works for me (allowing for the switch to systemd)
I've followed this document, and still no joy.
Niki
What is being logged when a message passes your MTA inbound? The answer to your issue is within the maillog.
Alexander
Le 20/06/2019 à 11:28, Alexander Dalloz a écrit :
What is being logged when a message passes your MTA inbound? The answer to your issue is within the maillog.
According to maillog, the message is delivered instantly, exactly like on a normal configuration without Postgrey.
Am 20.06.2019 um 11:35 schrieb Nicolas Kovacs:
Le 20/06/2019 à 11:28, Alexander Dalloz a écrit :
What is being logged when a message passes your MTA inbound? The answer to your issue is within the maillog.
According to maillog, the message is delivered instantly, exactly like on a normal configuration without Postgrey.
Let me get my question more precise: do you see postgrey acting in your maillog? if not you have not configured postfix properly.
Alexander
On 20/06/2019 10:35, Nicolas Kovacs wrote:
Le 20/06/2019 à 11:28, Alexander Dalloz a écrit :
What is being logged when a message passes your MTA inbound? The answer to your issue is within the maillog.
According to maillog, the message is delivered instantly, exactly like on a normal configuration without Postgrey.
Only have experience of Fedora, but your case should be similar. When Postgrey is installed, there's a whole stack of whitelisted sites in /etc/postfix/postgrey_whitelist_clients, you should clear these, restart Postgrey and check logs with
cat /var/log/maillog | grep postgrey
Hope this helps
On 20/06/2019 08:39, Nicolas Kovacs wrote:
Le 19/06/2019 à 22:05, Phil Perry a écrit :
Try following the Postgrey guide on the Wiki:
https://wiki.centos.org/HowTos/postgrey#head-314ceecc5ece27e0f0a4bf1abcd8ee9...
Works for me (allowing for the switch to systemd)
I've followed this document, and still no joy.
Niki
So you fixed the following from your original post as per the Postfix guide?
# /etc/sysconfig/postgrey - POSTGREY_OPTS="--delay=300" + POSTGREY_OPTS="--unix=/var/spool/postfix/postgrey/socket --delay=300"
Edit /etc/postfix/main.cf accordingly.
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, - check_policy_service unix:/var/spool/postfix/postgrey/socket, + check_policy_service unix:postgrey/socket, reject
Also, by placing permit_auth_destination before your check_policy_service entry, you are allowing all mail that is addressed to $mydestination, $virtual_alias_domains or $relay_domains to pass so pretty much everything is being accepted at that point if it's valid mail for your server. That would explain why nothing ever reaches the postgrey service, as you've already explicitly allowed it beforehand.
See the Wiki guide on Postfix restrictions for a more normal construction of smtpd_recipient_restrictions:
https://wiki.centos.org/HowTos/postfix_restrictions
Phil
-
Alexander Dalloz -
Danny Horne -
Mike Burger -
Nicolas Kovacs -
Phil Perry