[OpenIndiana-discuss] Milter-Greylist for OpenIndiana+Postfix?
Jim Klimov
jimklimov at cos.ru
Mon Mar 4 01:14:59 UTC 2013
On 2013-03-03 22:12, Hans J. Albertsson wrote:
> Seems reasonable.
>
> BTW I did not understand what you had or hadn't included in that
> quote... :-)
>
> [quote]
> From my mails at that time:
All down from there ;)
> Also attached is a build fix for p0f - I've tried to get most of the
> features provided by milter-greylist this time (didn't try to add
> <<<<<<?????Explain??
> only drac and dkim), and the p0f daemon didn't want to build too.
> <<<<<<?????Explain??
The milter-greylist program grew to include many optional behaviors,
mostly implemented by other "third-party" open-source libraries and
daemons. Mostly these add to versatility of "checkable" conditions,
such as integrated DNS RBL lookups to request longer greylisting for
known "dial-up" sources than for other addresses. Others just expand
features - for example snippets of config (forced whitelist hosts or
recipients who opt-out of greylisting and prefer to have all emails
quickly) can be stored in LDAP; interaction via OpenLDAP API (feature
complete) or CURL (no easy failover).
There are also SPF checks to facilitate skipping of greylist for those
senders who bothered to publish their outgoing relays in DNS - and the
mail source matches.
One of such third-party pieces is a p0f passive-fingerprinting daemon
which guesses the remote host type so you can be more discriminative
by sender host's OS - i.e. a desktop Windows knocking directly onto
your mail server is likely a bot, greylist it longer. The p0f daemon
did not build cleanly under Solaris as well, so just in case I posted
fixes for its Build script and code as well.
My intention was to include all optional modules that we could think
might be useful to us, which left out DKIM and DRAC, at least for now
until we figure out their benefits... (Author of the latter lurks here
IIRC).
I still haven't gotten around to really testing this new build, because
we also wanted to migrate our milter-regex configuration into newer
milter-greylist capabilities - and it took time and was delayed.
("Ain't broke - don't fix it", under pressure of other quests)
HTH,
//Jim Klimov
More information about the OpenIndiana-discuss
mailing list