-
-
Notifications
You must be signed in to change notification settings - Fork 2
qmail greyd.8
qmail-greyd - greylisting daemon for IndiMail, qmail and netqmail
qmail-greyd [ -t timeout (days) ] [ -p port ] [ -h hash_size ] [ -v verbosity ] [ -g resend_window (hr) ] [ -m min_resend_time (min) ] [ -f free_interval (min) ] [ -s save_interval (min) ] [ -w whitelist_file [.cdb] ] ipaddr contextFile
qmail-greyd is a greylisting daemon responding to UDP query packets, typically sent by a using greylist(3) function in qmail-smtpd(8). The query packet consists of the sending IP address, the sender address and one or more recipient addresses. qmail-greyd borrows most of the logic from greydaemon written by John Levine and the greycheck() function written by Andrew Richards.
If the IP address was previously successful for a greylisting check, and was last queried within timeout_days, the check succeeds. Alternatively if one of the supplied triplets of IP address / sender / recipient have previously been seen within resend_window_hours, but at least min_resend_minutes ago, the check succeeds and future checks within resend_window_hours for the IP address will succeed. Otherwise the triplet(s) supplied are added to the greylisting database to check against future queries, and the check fails (meaning qmail-smtpd(8) will reject the message).
Emails that have an envelope sender of the null sender are considered a special case where qmail-greyd will expire the record immediately in order to avoid whitelisting it, once we allow the mail to go through. Mails from the null sender are (according to RFC 821) are to be used for special administrative mails like bounces only. Consequently, they are almost never used for more than one legitimate email. For that reason, there is no need to maintain them any longer once an email has been passed.
qmail-greyd maintains its database in memory, thus avoiding complicated schemes to manage greylisting data on disk, making it faster than disk-based approaches. Periodic backups of the database are made to contextFile on the disk, to enable qmail-greyd to start with existing greylisting data, in case of restart. To keep the in-memory search as efficient as possible, entries older than timeout_days are expired during every request. To keep the in-memory database as small as possible, records older than timeout_days are periodically removed. The default interval is 5 minutes and can be changed by specifiying the -f option. You can force removal of expired records by issuing SIGUSR2 signal to qmail-greyd. qmail-greyd also backups the in-memory database to contextFile on receipt of SIGTERM or SIGUSR1 signal. The contextFile and its containing directory should be writeable by the user with which qmail-greyd process runs. At start-up the file contextFile is read and all records older than timeout days are expired. qmail-greyd can maintain an internal hash table for fast IP address lookup using the hsearch(3) function.
A whitelist of IP ranges not subject to greylisting can be specified to qmail-greyd by the -w filename option. The range can be specified in CIDR format, wildcard or range notation. If a file with the name filename.cdb exists, qmail-greyd will use cdb(3) lookup in addition to the normal in-memory search in a table of whitelisted IPs. qmail-greyd re-reads the whitelist on receipt of signal SIGHUP.
Examples of whitelisted IPs
192.168.2.1/28
192.168.[3-4].45
192.168.2.*
qmail-greyd listens on IP address ipaddr, port 1999 for incoming UDP queries. 127.0.0.1 (the loopback address) is recommended for ipaddr if qmail-greyd is to serve queries on the same machine. You can specify :: for qmail-greyd to listen on wildcard IPV6 address. Specifiying * for ipaddr causes qmail-greyd to listen on all addresses.
qmail-greyd uses MSG_PEEK flag in recvfrom(2) to determine the length of the packet and then reads the entire packet in one operation.
-v verbosity
Set verbosity. 0 - minimal, 1 - moderate, 2 - maximum, 3 - include debug
messages
-h hash_size
specify the memory for creating a hash using hcreate(3)
-w filename
specify whitelist of IP ranges not subject to greylisting.
-t days
timeout for known IPs in days; defaults to 7.
-g hours
grey resend window, in hours; defaults to 12.
-m minutes
min resend accept time, in minutes; defaults to 5.
-f minutes
periodic interval, in minutes, after which entries older than timeout
days are expired; defaults to 5
-s minutes
save interval for context file, in minutes; defaults to 5
-p port
Alternate port to listen instead of the default 1999
Queries to qmail-greyd are UDP packets containing the IP address (as a string) preceded by I, the sender address preceded by F and the recipient address preceded by T. Each of these fields is separated by an ASCII 0 (null) character. Additional recipient addresses may be appended to this structure, each time preceded with T and with an ASCII 0 as separator. Finally the record is terminated by a ASCII 0 character.
Iip_address\0Freturn_path\0Trecipient1\0Trecipient2\0\0
qmail-smtpd(8), greylist(3), bogofilter(1), hcreate(3) hsearch(3) hdestroy(3) recvfrom(2).
REFERENCES The Next Step in the Spam Control War: Greylisting by Evan Harris http://projects.puremagic.com/greylisting/whitepaper.html Announce: greydaemon a new greylisting package for netqmail http://www.gossamer-threads.com/lists/qmail/users/136740
AUTHORS qmail-greyd is currenty being maintained by Manvendra Bhangui <mbhangui@gmail.com> and is part of the IndiMail package at http://www.indimail.org