Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] Greylisting wiki small correction and ev. addition
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1073

PostPosted: Mon Nov 11, 2019 9:34 pm    Post subject: [solved] Greylisting wiki small correction and ev. addition Reply with quote

Setting up greylisting, I found out, that postgrey is listening to 10030 by default. This can be corrected by setting POSTGREY_PORT="10023" in /etc/conf.d/postgrey

While googling I also became aware of selective greylisting on this (german) site.
One criticism of greylisting is the delayed delivery of messages. Even if e-mail is not a "real-time medium", users expect e-mails to arrive as "immediately" as possible. One solution is "selective greylisting". Selective greylisting means that not every delivery attempt is checked by greylisting, but only those that look "suspicious" (servers without names, dial-up addresses, web servers, etc.). This is done by the "SMTP restriction classes" in postfix.

All it took was creating a file check_client_greylist in /etc/postfix with:
Code:
# regex to check clients which seem to be dynamic
# only those will be greylisted
#
# regex type, no postmap needed

/^unknown$/                                   check_greylist
/([0-9]{1,3}[.-]){3,4}[^0-9.]+/               check_greylist
/^(dhcp|dialup|ppp|adsl|host|static|www|server|client)[^.]*[0-9]/     check_greylist
/^[^.]*[0-9]{5}/

Then adding
Code:
smtpd_restriction_classes = check_greylist
check_greylist = check_policy_service inet:127.0.0.1:10023
in /etc/postfix/main.cf

Finally one has to replace check_policy_service inet:127.0.0.1:10023 in smtpd_recipient_restrictions with:
check_client_access regexp:/etc/postfix/check_client_greylist

I thought, I should report here, as I dont have an account to modify wiki for the port number and maybe selective greylisting is also worth to be added?


Last edited by Elleni on Fri Nov 29, 2019 12:10 am; edited 4 times in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 45376
Location: 56N 3W

PostPosted: Mon Nov 11, 2019 9:36 pm    Post subject: Reply with quote

Elleni,

Its never too soon to create a wiki account.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1073

PostPosted: Mon Nov 11, 2019 9:40 pm    Post subject: Reply with quote

Hi Neddy,

I can, though I dont feel experienced enough to make modifications in official gentoo wiki thats why I did not consider creating an account there :)
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 45376
Location: 56N 3W

PostPosted: Mon Nov 11, 2019 9:54 pm    Post subject: Reply with quote

Elleni,

The wiki is in two parts. A controlled part that users cannot edit and a 'public' part that any logged in user can edit.

In the controlled part, feedback, suggestions and patches go to the talk pages.
In the 'public' part, your changes go live immediately. If that's scary, comment on the talk page instead.
Then all the information is in one place for readers.

A wiki account will give you your own user space where others cannot edit your work in progress.
They can leave comments on the talk pages.

There is also a sandbox where you can practice in complete safety.
Well, its safe for the rest of the wiki. :)
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
GDH-gentoo
Apprentice
Apprentice


Joined: 20 Jul 2019
Posts: 264
Location: South America

PostPosted: Mon Nov 11, 2019 9:56 pm    Post subject: Reply with quote

Elleni wrote:
I can, though I dont feel experienced enough to make modifications in official gentoo wiki thats why I did not consider creating an account there :)
Decent writing skills should be enough :) Also, it's a wiki, someone else can come later to make further improvements. People in the best position to correct, update or expand software articles are those who actually use the software.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1073

PostPosted: Mon Nov 11, 2019 10:09 pm    Post subject: Reply with quote

ok, done :wink:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum