Mail::MtPolicyd::Plugin::Greylist - This plugin implements a greylisting mechanism with an auto whitelist.
This plugin implements a greylisting mechanism with an auto whitelist.
If a client connects it will return an defer and create a greylisting "ticket" for the combination of the address of the sender, the senders address and the recipient address. The ticket will be stored in memcached and will contain the time when the client was seen for the first time. The ticket will expire after the max_retry_wait timeout.
The client will be defered until the min_retry_wait timeout has been reached. Only in the time between the min_retry_wait and max_retry_wait the request will pass the greylisting test.
When the auto-whitelist is enabled (default) a record for every client which passes the greylisting test will be stored in the autowl_table. The table is based on the combination of the sender domain and client_address. If a client passed the test at least autowl_threshold (default 3) times the greylisting test will be skipped. Additional an last_seen timestamp is stored in the record and records which are older then the autowl_expire_days will expire.
Please note the greylisting is done on a triplet based on the
client_address + sender + recipient
The auto-white list is based on the
client_address + sender_domain
- (uc_)enabled (default: on)
Enable/disable this check.
- score (default: empty)
Apply an score to this message if it _passed_ the greylisting test. In most cases you want to assign a negative score. (eg. -10)
- mode (default: passive)
The default is to return no action if the client passed the greylisting test and continue.
You can set this 'accept' or 'dunno' if you want skip further checks.
- defer_message (default: defer greylisting is active)
This action is returned to the MTA if a message is defered.
If a client retries too fast the time left till min_retry_wait is reach will be appended to the string.
- min_retry_wait (default: 300 (5m))
A client will have to wait at least for this timeout. (in seconds)
- max_retry_wait (default: 7200 (2h))
A client must retry to deliver the message before this timeout. (in seconds)
- use_autowl (default: 1)
Could be used to disable the use of the auto-whitelist.
- autowl_threshold (default: 3)
How often a client/sender_domain pair must pass the check before it is whitelisted.
- autowl_expire_days (default: 60)
After how many days an auto-whitelist entry will expire if no client with this client/sender pair is seen.
- autowl_table (default: autowl)
The name of the table to use.
The database handle specified in the global configuration will be used. (see man mtpolicyd)
- query_autowl, create_ticket (default: 1)
This options could be used to disable the creation of a new ticket or to query the autowl.
This can be used to catch early retries at the begin of your configuration before more expensive checks are processed.
<Plugin greylist> module = "Greylist" score = -5 mode = "passive" create_ticket = 0 query_autowl = 0 </Plugin> # ... a lot of RBL checks, etc... <Plugin ScoreGreylist> module = "ScoreAction" threshold = 5 <Plugin greylist> module = "Greylist" score = -5 mode = "passive" </Plugin> </Plugin>
This will prevent early retries from running thru all checks.
Markus Benning <email@example.com>
This software is Copyright (c) 2014 by Markus Benning <firstname.lastname@example.org>.
This is free software, licensed under:
The GNU General Public License, Version 2, June 1991