Hi Erik, I have patched the current qmail-toaster 1.03-1.3.5 with greylisting. I am now temporary deploying it. Explanation below.
All files are in https://marvin.md.com.my/~yeak/greylisting/ Few notes: 1. I only used Bill Shubb patch 20060717. 2. The patch did not work straight away. So I go thru the patch and fix the hunk that failed. 3. Specifically for qmail-smtpd.c, the second last hunk was to add envelope_scanner(). But qmail-toaster has chkuser, which takes over the recipient check. I resolve it myself to put that before chkuser. (I think chkuser should be the one that one-day, incorporate the greylisting). 4. The patch come with qmail-envelope-scanner program. This program need MySQL. So the build require mysql-devel. Also required is openssl-devel (used by mysql). 5. The patch hard coded /usr/lib/libmysqlclient.a. But my OS is CentOS 64-bit. I have to modify the patch just to cater for my platform. Someone out there can fix this to make it easy to compile on all platforms. May be add an option to compile with Greylisting support or without. May be can dynamic load mysqlclient.so rather than static. The result file qmail-envelope-scanner is BIG compared to all other binaries in /var/qmail/bin. 6. I have modified qmail-toaster.spec file to include this patch. 7. I didn't increase the release number. Just added "mdqt" as my changes. How I temporary deploy? Just rebuild the src rpm as usual. Extract out the qmail-envelope-scanner and qmail-smtpd. Copy them to /var/qmail/bin and use symbolic link to map them. Here is the guide. 1. Rebuild and extract the binary. # rpmbuild --with cnt4064 --rebuild qmail-toaster-1.03-1.3.5mdqt.src.rpm # cd /usr/src/redhat/RPMS/x86_64 # mkdir tmp; cd tmp # rpm2cpio ../qmail-pop3d-toaster-1.03-1.3.5mdqt.x86_64.rpm | cpio -id 2. Move over required files. # cd var/qmail/bin # mv qmail-smtpd /var/qmail/bin/qmail-smtpd.greylisting # mv qmail-envelope-scanner /var/qmail/bin/qmail-envelope-scanner 3. Prepare your MySQL. See dbdef.sql. 4. If you need to change password or set parameters, do it in tcp.smtpd file. Mine is this (all in one line) :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_WRONGRCPTLIMIT="10", DKVERIFY="DEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan", BLOCK_EXPIRE="5",RECORD_EXPIRE="500",RECORD_EXPIRE_GOOD="36",LOCAL_SCAN_DEBUG="0" Note that greylisting check is disabled when the RELAYCLIENT="" is defined. Also, if qmail-envelope-scanner is missing from /var/qmail/bin/ directory, greylisting is also happily disabled. Other parameters are documented in the patch. Pasted here for reference. MYSQLHOST (default: "localhost") MYSQLUSER (default: "milter") MYSQLPASS (default: "milter") MYSQLDB (default: "relaydelay") BLOCK_EXPIRE (default: 55 /* minutes until email is accepted */) RECORD_EXPIRE (default: 500 /* minutes until record expires */) RECORD_EXPIRE_GOOD (default: 36) LOCAL_SCAN_DEBUG (default: 0, set to 1 to enable debugging to stderr) 5. Stop smtp, switch over with greylisting, and start again. # cd /var/qmail/bin # svc -d /var/qmail/supervise/smtp # mv qmail-smtpd qmail-smtpd.orig # ln -sf qmail-smtpd.greylisting qmail-smtpd # svc -u /var/qmail/supervise/smtp 6. Check your mysql. Use phpmyadmin is the best and easiest way. Read the dbdef.sql to learn how to do whitelist of IP, Sender and Recipient. 7. In case you want to stop greylisting... it is as simple as "mv qmail-envelope-scanner qmail-envelope-scanner.OFF". Just rename it. 8. Install greylisting-delete-expired.sh into /etc/cron.hourly. This will clear and purge the old records, as claimed. Hope this help. Thanks. -- Yeak Nai Siew [ Your Open Source Partner ] System Consultant My Directory Sdn Bhd (487437-D) #34-03 Menara Dion, 27 Jalan Sultan Ismail 50250 Kuala Lumpur, Malaysia tel +603 20704278 fax +603 20704281 http://www.md.com.my LINUX SUPPORT | ENTERPRISE EMAIL | OPEN SOURCE TECHNOLOGY --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
