Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] sqlgrey how to?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pgu
l33t
l33t


Joined: 30 Jul 2009
Posts: 718
Location: Oslo, Norway

PostPosted: Mon Feb 11, 2013 10:36 pm    Post subject: [SOLVED] sqlgrey how to? Reply with quote

I've used sendmail with grey milter support previously and recently tried to get postfix/sqlgrey working. I tried to follow this http://blog.philippheckel.com/2010/01/28/how-to-postfix-as-mail-relay-with-greylisting-support/ but with a PostgreSQL backend.

The problem is that nothing happens, e.g. I observe this in the log file and then not a single trace of sqlrey after that:


Code:
Feb 11 23:24:44 www sqlgrey: 2013/02/11-23:24:44 sqlgrey (type Net::Server::Multiplex) starting! pid(3662)
Feb 11 23:24:44 www sqlgrey: Resolved [localhost]:2501 to [::1]:2501, IPv6
Feb 11 23:24:44 www sqlgrey: Resolved [localhost]:2501 to [127.0.0.1]:2501, IPv4
Feb 11 23:24:44 www sqlgrey: Binding to TCP port 2501 on host ::1 with IPv6
Feb 11 23:24:44 www sqlgrey: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Feb 11 23:24:44 www sqlgrey: Setting gid to "122 122"
Feb 11 23:24:44 www sqlgrey: Setting uid to "101"


If I triy to run telnet to port 25 I do net get a
Code:
Recipient address rejected: Greylisted for 5 minutes
as shown.
So are there some more step by step guides for sqlgrey available?


Last edited by pgu on Wed Feb 13, 2013 10:51 am; edited 1 time in total
Back to top
View user's profile Send private message
hydrapolic
Tux's lil' helper
Tux's lil' helper


Joined: 07 Feb 2008
Posts: 126

PostPosted: Tue Feb 12, 2013 12:18 pm    Post subject: Reply with quote

I have very good experience with postgrey (http://postgrey.schweikert.ch) - it uses berkdb. I think PostgreSQL is an overkill for greylisting (but it depends on your needs). Postgrey worked fine even when my mailserver was bombed with 300.000 spams a day.
Back to top
View user's profile Send private message
pgu
l33t
l33t


Joined: 30 Jul 2009
Posts: 718
Location: Oslo, Norway

PostPosted: Tue Feb 12, 2013 1:06 pm    Post subject: Reply with quote

I'll check out the howto for postgrey, as I seem to remember reading that sqlgrey being a fork of postgrey. I agree that postgresql is somewhat overkill (at least for my usage), but I already have a working postgresql environment on the server. I've used the lookup function to check that postfix can access the database so the problem is probably not related to the db part. I think the part that I'm missing is the part that tells postfix to actually use sqlgrey.
Back to top
View user's profile Send private message
hydrapolic
Tux's lil' helper
Tux's lil' helper


Joined: 07 Feb 2008
Posts: 126

PostPosted: Tue Feb 12, 2013 3:01 pm    Post subject: Reply with quote

How did you integrate sqlgrey into postfix?
Back to top
View user's profile Send private message
pgu
l33t
l33t


Joined: 30 Jul 2009
Posts: 718
Location: Oslo, Norway

PostPosted: Tue Feb 12, 2013 3:59 pm    Post subject: Reply with quote

hydrapolic wrote:
How did you integrate sqlgrey into postfix?


Well, that's part of my problem. I've been using sendmail in the past and have switched to postfix recently. I thought that this was the statement which would cause postfix to communicate with sqlgrey:

Code:
smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_unlisted_recipient,
        check_policy_service inet:127.0.0.1:2501


But I might be wrong...
Back to top
View user's profile Send private message
hydrapolic
Tux's lil' helper
Tux's lil' helper


Joined: 07 Feb 2008
Posts: 126

PostPosted: Tue Feb 12, 2013 5:41 pm    Post subject: Reply with quote

I think you did a good choice switching to postfix :)

About your configuration - your postfix instance is configured to inspect the smtp communication and act the time, when the client types in "RCPT TO: <user@domain>".

- if the sender matched mynetworks, he's good to go (no greylisting) - if not, move to the next restriction
- you don't serve as an open-relay, so you refuse any domain, that you don't host (virtual or any other) - if the domain is fine, move to the next restriction
- you don't accept mail for users that don't exist and thus you don't became a source of backscatter - if the user is fine, move to the next restriction
- you inspect the policy service at localhost:2501 - if the greylisting said ok, we accept the mail
- there is an implicit permit after the last restriction

In the first post you mentioned you connected to localhost 25 and received that message - was that really 25 or 2501? How did you test postfix - did you test from localhost or from some other? How did you configure the 'mynetworks' parameter?

If you don't mind, show the output of 'postconf -n'.

Btw - postfix has a good documentation - this is for example about the policy service: http://www.postfix.org/SMTPD_POLICY_README.html
All of it: http://www.postfix.org/documentation.html
Back to top
View user's profile Send private message
pgu
l33t
l33t


Joined: 30 Jul 2009
Posts: 718
Location: Oslo, Norway

PostPosted: Wed Feb 13, 2013 7:59 am    Post subject: Reply with quote

I was testing with port 25 from the downstream host. I guess I should probably try postgrey as the documentation seem to be more complete. Thank you for your suggestions.
Back to top
View user's profile Send private message
pgu
l33t
l33t


Joined: 30 Jul 2009
Posts: 718
Location: Oslo, Norway

PostPosted: Wed Feb 13, 2013 10:50 am    Post subject: Reply with quote

I had a mistake in my main.cf file. I actually had a smtpd_recipient_restrictions statement further down in the file which would re-assign the value shown above. After I removed the second smtpd_recipient_restrictions it seem to be working fine with sqlgrey.
Back to top
View user's profile Send private message
pgu
l33t
l33t


Joined: 30 Jul 2009
Posts: 718
Location: Oslo, Norway

PostPosted: Wed Feb 13, 2013 10:53 am    Post subject: Reply with quote

I agree, the postfix documentation is excellent. I should have consulted it at an earlier stage, rather than googling error messages and option names....
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum