From b6c0f602b2797cdc8b1016433b1bd551d0ceb29c Mon Sep 17 00:00:00 2001 From: frank Date: Sun, 29 Jan 2012 11:45:05 +0100 Subject: [PATCH] committing changes in /etc after emerge run Package changes: +mail-filter/postgrey-1.34 --- .etckeeper | 7 + conf.d/postgrey | 55 +++++++ init.d/postgrey | 101 ++++++++++++ postfix/postgrey_whitelist_clients | 220 ++++++++++++++++++++++++++ postfix/postgrey_whitelist_recipients | 7 + 5 files changed, 390 insertions(+) create mode 100644 conf.d/postgrey create mode 100755 init.d/postgrey create mode 100644 postfix/postgrey_whitelist_clients create mode 100644 postfix/postgrey_whitelist_recipients diff --git a/.etckeeper b/.etckeeper index 1f68beb..a887618 100755 --- a/.etckeeper +++ b/.etckeeper @@ -144,6 +144,7 @@ maybe chmod 0644 './conf.d/ntpd' maybe chmod 0644 './conf.d/openvpn' maybe chmod 0644 './conf.d/pciparm' maybe chmod 0644 './conf.d/portmap' +maybe chmod 0640 './conf.d/postgrey' maybe chmod 0644 './conf.d/pydoc-2.7' maybe chmod 0644 './conf.d/pydoc-3.1' maybe chmod 0644 './conf.d/quota' @@ -580,6 +581,7 @@ maybe chmod 0755 './init.d/openvpn' maybe chmod 0755 './init.d/pciparm' maybe chmod 0755 './init.d/php-fpm' maybe chmod 0755 './init.d/portmap' +maybe chmod 0755 './init.d/postgrey' maybe chmod 0755 './init.d/procfs' maybe chmod 0755 './init.d/proftpd' maybe chmod 0755 './init.d/pwcheck' @@ -838,6 +840,11 @@ maybe chmod 0644 './portage/postsync.d/q-reinitialize' maybe chmod 0755 './portage/savedconfig' maybe chmod 0755 './portage/savedconfig/sys-apps' maybe chmod 0644 './portage/savedconfig/sys-apps/busybox-1.19.3-r1' +maybe chmod 0755 './postfix' +maybe chgrp postgrey './postfix/postgrey_whitelist_clients' +maybe chmod 0640 './postfix/postgrey_whitelist_clients' +maybe chgrp postgrey './postfix/postgrey_whitelist_recipients' +maybe chmod 0640 './postfix/postgrey_whitelist_recipients' maybe chmod 0755 './postgresql-9.1' maybe chmod 0644 './postgresql-9.1/.keep_dev-db_postgresql-base-9.1' maybe chmod 0644 './profile' diff --git a/conf.d/postgrey b/conf.d/postgrey new file mode 100644 index 0000000..7a6deb5 --- /dev/null +++ b/conf.d/postgrey @@ -0,0 +1,55 @@ +# Config file for /etc/init.d/postgrey + +# LISTEN TYPE +# Set to 'inet' if you want to use a TCP socket. +# Set to 'unix' if you want to use an UNIX socket. +POSTGREY_TYPE="inet" + +# HOST +# What IP should postgrey bind to? +# Leave unchanged unless you know what you are doing. +# (ignored if POSTGREY_TYPE is set to 'unix') +POSTGREY_HOST="127.0.0.1" + +# PORT +# What TCP port should postgrey listen on? +# (ignored if POSTGREY_TYPE is set to 'unix') +POSTGREY_PORT="10030" + +# SOCKET +# Unix socket to listen on, if POSTGREY_TYPE is set to 'unix'. +# Leave unchanged unless you know what you are doing. +# (ignored if POSTGREY_TYPE is set to 'inet') +POSTGREY_SOCKET="/var/spool/postfix/private/postgrey" + +# PID +# Postgrey pid file. +# Do not change, if you don't know what this is! +POSTGREY_PID="/var/run/postgrey.pid" + +# DELAY +# How long to delay mail that is greylisted in seconds. +POSTGREY_DELAY=300 + +# TEXT +# The response we'll send back with delayed mail. +POSTGREY_TEXT="Greylisted for %s seconds" + +# Additional Postgrey options +# +# -v, --verbose increase verbosity level +# --max-age=N delete entries older than N days since the last time +# that they have been seen (default: 30) +# --retry-window=N allow only N days for the first retrial (default: 2) +# append 'h' if you want to specify it in hours +# --greylist-action=A if greylisted, return A to Postfix (default: DEFER_IF_PERMIT) +# --lookup-by-subnet strip the last 8 bits from IP addresses (default) +# --lookup-by-host do not strip the last 8 bits from IP addresses +# --whitelist-clients=FILE default: /etc/postfix/postgrey_whitelist_clients +# --whitelist-recipients=FILE default: /etc/postfix/postgrey_whitelist_recipients +# +# Note that the --whitelist-x options can be specified multiple times, and that +# per default /etc/postfix/postgrey_whitelist_clients.local is also read, so +# that you can put there local entries. +# +POSTGREY_OPTS="" diff --git a/init.d/postgrey b/init.d/postgrey new file mode 100755 index 0000000..7920eb4 --- /dev/null +++ b/init.d/postgrey @@ -0,0 +1,101 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-filter/postgrey/files/postgrey.rc.new,v 1.11 2011/11/30 08:40:51 eras Exp $ + +conf="/etc/conf.d/postgrey" + +extra_started_commands="reload" + +depend() { + need net + before postfix + provide postfix_greylist +} + +conf_error() { + eerror "You need to setup ${conf} first" + return 1 +} + +checkconfig() { +if [ -z "${POSTGREY_TYPE}" ] + then + einfo "You need to choose the server type you want" + einfo "by setting the POSTGREY_TYPE variable in ${conf}." + else + if [ "x${POSTGREY_TYPE}" = "xinet" ] + then + if [ -z "${POSTGREY_PORT}" ] || [ -z "${POSTGREY_HOST}" ] + then + einfo "The following entries are missing in ${conf}:" + [ -z "${POSTGREY_HOST}" ] && einfo " - POSTGREY_HOST" + [ -z "${POSTGREY_PORT}" ] && einfo " - POSTGREY_PORT" + conf_error + fi + POSTGREY_ADDR="${POSTGREY_TYPE}=${POSTGREY_HOST}:${POSTGREY_PORT}" + else + if [ -z "${POSTGREY_SOCKET}" ] + then + einfo "The following entries are missing in ${conf}:" + [ -z "${POSTGREY_SOCKET}" ] && einfo " - POSTGREY_SOCKET" + conf_error + fi + POSTGREY_ADDR="${POSTGREY_TYPE}=${POSTGREY_SOCKET}" + fi +fi + + if [ -z "${POSTGREY_PID}" ] + then + einfo "The following entries are missing in ${conf}:" + [ -z "${POSTGREY_PID}" ] && einfo " - POSTGREY_PID" + conf_error + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting Postgrey" + + # HACK -- start a subshell and corrects perms on the socket... + ( if [ "x${POSTGREY_TYPE}" = "xunix" ]; then + rm -f ${POSTGREY_SOCKET}; + while ! test -S ${POSTGREY_SOCKET}; do sleep 1; done; + chmod a+rw,a-x ${POSTGREY_SOCKET}; fi ) & + + if [ -z ${POSTGREY_DELAY} ] ; then + POSTGREY_DELAY_ARG="" + else + POSTGREY_DELAY_ARG="--delay=${POSTGREY_DELAY}" + fi + + if [ -z "${POSTGREY_TEXT}" ] ; then + POSTGREY_TEXT_ARG="" + else + POSTGREY_TEXT_ARG="--greylist-text=${POSTGREY_TEXT}" + fi + + start-stop-daemon --start --quiet --background \ + --pidfile=${POSTGREY_PID} \ + --name postgrey \ + --exec /usr/sbin/postgrey -- \ + --${POSTGREY_ADDR} \ + --daemonize \ + --pidfile=${POSTGREY_PID} \ + ${POSTGREY_DELAY_ARG} \ + ${POSTGREY_OPTS} \ + "${POSTGREY_TEXT_ARG}" + eend ${?} +} + +stop() { + ebegin "Stopping Postgrey" + start-stop-daemon --stop --quiet --pidfile ${POSTGREY_PID} + eend ${?} +} + +reload() { + ebegin "Reloading Postgrey" + start-stop-daemon --stop --signal HUP --oknodo --pidfile ${POSTGREY_PID} + eend $? +} diff --git a/postfix/postgrey_whitelist_clients b/postfix/postgrey_whitelist_clients new file mode 100644 index 0000000..9dbe6bd --- /dev/null +++ b/postfix/postgrey_whitelist_clients @@ -0,0 +1,220 @@ +# postgrey whitelist for mail client hostnames +# -------------------------------------------- +# put this file in /etc/postfix or specify its path +# with --whitelist-clients=xxx +# +# postgrey version: 1.34, build date: 2011-05-04 + +# greylisting.org: Southwest Airlines (unique sender, no retry) +southwest.com +# greylisting.org: isp.belgacom.be (wierd retry pattern) +isp.belgacom.be +# greylisting.org: Ameritrade (no retry) +ameritradeinfo.com +# greylisting.org: Amazon.com (unique sender with letters) +amazon.com +# 2004-05-20: Linux kernel mailing-list (unique sender with letters) +vger.kernel.org +# 2004-06-02: karger.ch, no retry +karger.ch +# 2004-06-02: lilys.ch, (slow: 4 hours) +server-x001.hostpoint.ch +# 2004-06-09: roche.com (no retry) +gw.bas.roche.com +# 2004-06-09: newsletter (no retry) +mail.hhlaw.com +# 2004-06-09: no retry (reported by Ralph Hildebrandt) +prd051.appliedbiosystems.com +# 2004-06-17: swissre.com (no retry) +swissre.com +# 2004-06-17: dowjones.com newsletter (unique sender with letters) +returns.dowjones.com +# 2004-06-18: switch.ch (works but personnel is confused by the error) +domin.switch.ch +# 2004-06-23: accor-hotels.com (slow: 6 hours) +accor-hotels.com +# 2004-06-29: rr.com (no retry, reported by Duncan Hill) +/^ms-smtp.*\.rr\.com$/ +# 2004-06-29: cox.net (no retry, reported by Duncan Hill) +/^lake.*mta.*\.cox\.net$/ +# 2004-06-29: motorola.com (no retry) +mot.com +# 2004-07-01: nic.fr (address verification, reported by Arnaud Launay) +nic.fr +# 2004-07-01: verizon.net (address verification, reported by Bill Moran and Eric, adapted by Adam C. Mathews) +/^s[cv]\d+pub\.verizon\.net$/ +# 2004-07-02: cs.columbia.edu (no retry) +cs.columbia.edu +# 2004-07-02: papersinvited.com (no retry) +66.216.126.174 +# 2004-07-02: telekom.de (slow: 6 hours) +/^mail\d+\.telekom\.de$/ +# 2004-07-04: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup) +/^smtp\d+\.tiscali\.dk$/ +# 2004-07-04: freshmeat.net (address verification) +freshmeat.net +# 2004-07-11: zd-swx.com (unique sender with letters, reported by Bill Landry) +zd-swx.com +# 2004-07-11: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry) +lockergnome.wc09.net +# 2004-07-19: mxlogic.net (no retry, reported by Eric) +p01m168.mxlogic.net +p02m169.mxlogic.net +# 2004-09-08: intel.com (pool on different subnets) +/^fmr\d+\.intel\.com$/ +# 2004-09-17: cox-internet.com (no retry, reported by Rod Roark) +/^fe\d+\.cox-internet\.com$/ +# 2004-10-11: logismata.ch (no retry) +logismata.ch +# 2004-11-25: brief.cw.reum.de (no retry, reported by Manuel Oetiker) +brief.cw.reum.de +# 2004-12-03: ingeno.ch (no retry) +qmail.ingeno.ch +# 2004-12-06: rein.ch (no retry) +mail1.thurweb.ch +# 2005-01-26: tu-ilmenau.de (no retry) +piggy.rz.tu-ilmenau.de +# 2005-04-06: polymed.ch (no retry) +mail.polymed.ch +# 2005-06-08: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg) +rz.hu-berlin.de +# 2005-06-17: gmail.com (big pool, reported by Beat Mueller) +proxy.gmail.com +# 2005-06-23: cacert.org (address verification, reported by Martin Lohmeier) +cacert.org +# 2005-07-27: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino) +polytech.univ-mrs.fr +# 2005-08-05: gnu.org (address verification, reported by Martin Lohmeier) +gnu.org +# 2005-08-17: ciphirelabs.com (needs fast responses, reported by Sven Mueller) +cs.ciphire.net +# 2005-11-11: lufthansa (no retry, reported by Peter Bieringer) +/^gateway\d+\.np4\.de$/ +# 2005-11-23: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz) +/^mail-in-\d+\.arcor-online\.net$/ +# 2005-12-29: netsolmail.com (no retry, reported by Gareth Greenaway) +netsolmail.com +# mail.likopris.si (no retry, reported by Vito Robar) +193.77.153.67 +# jcsw.nato.int (several servers, no retry, reported by Vito Robar) +195.235.39 +# tesla.vtszg.hr (no retry, reported by Vito Robar) +tesla.vtszg.hr +# mailgw*.iai.co.il (pool of several servers, reported by Vito Robar) +/^mailgw.*\.iai\.co\.il$/ +# gw.stud-serv-mb.si (no retry, reported by Vito Robar) +gw.stud-serv-mb.si +# mail.commandtech.com (no retry, reported by Vito Robar) +216.238.112.99 +# duropack.co.at (no retry, reported by Vito Robar) +193.81.20.195 +# mail.esimit-tech.si (no retry, reported by Vito Robar) +193.77.126.208 +# mail.resotel.be (ocasionally no retry, reported by Vito Robar) +80.200.249.216 +# mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar) +mail2.alliancefr.be +# webserver.turboinstitut.si (no retry, reported by Vito Robar) +webserver.turboinstitut.si +# mil.be (pool of different servers, reported by Vito Robar) +193.191.218.141 +193.191.218.142 +193.191.218.143 +194.7.234.141 +194.7.234.142 +194.7.234.143 +# mail*.usafisnews.org (no retry, reported by Vito Robar) +/^mail\d+\.usafisnews\.org$/ +# odk.fdv.uni-lj.si (no retry, reported by Vito Robar) +/^odk.fdv.uni-lj.si$/ +# rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar) +rak-gentoo-1.nameserver.de +# dars.si (ocasionally no retry, reported by Vito Robar) +mx.dars.si +# cosis.si (no retry, reported by Vito Robar) +213.143.66.210 +# mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar) +/^mta[12].siol.net$/ +# pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar) +/^pim-\d+-\d+\.quickinspirationsmail\.com$/ +# flymonarch (no retry, reported by Marko Djukic) +flymonarch.com +# wxs.nl (no retry, reported by Johannes Fehr) +/^p?smtp.*\.wxs\.nl$/ +# ibm.com (big pool, reported by Casey Peel) +ibm.com +# messagelabs.com (big pool, reported by John Tobin) +/^mail\d+\.messagelabs\.com$/ +# ptb.de (slow, reported by Joachim Schoenberg) +berlin.ptb.de +# registrarmail.net (unique sender names, reported by Simon Waters) +registrarmail.net +# google.com (big pool, reported by Matthias Dyer, Martin Toft) +google.com +# orange.fr (big pool, reported by Loïc Le Loarer) +/^smtp\d+\.orange\.fr$/ +# citigroup.com (slow retry, reported by Michael Monnerie) +/^smtp\d+.citigroup.com$/ +# cruisingclub.ch (no retry) +mail.ccs-cruising.ch +# digg.com (no retry, Debian #406774) +diggstage01.digg.com +# liberal.ca (retries only during 270 seconds, Debian #406774) +smtp.liberal.ca +# pi.ws (pool + long retry, Debian #409851) +/^mail[12]\.pi\.ws$/ +# rambler.ru (big pool, reported by Michael Monnerie) +rambler.ru +# free.fr (big pool, reported by Denis Sacchet) +/^smtp[0-9]+-g[0-9]+\.free\.fr$/ +/^postfix[0-9]+-g[0-9]+\.free\.fr$/ +# thehartford.com (pool + long retry, reported by Jacob Leifman) +/^netmail\d+\.thehartford\.com$/ +# abb.com (only one retry, reported by Roman Plessl) +/^nse\d+\.abb\.com$/ +# 2007-07-27: sourceforge.net (sender verification) +lists.sourceforge.net +# 2007-08-06: polytec.de (no retry, reported by Patrick McLean) +polytec.de +# 2007-09-06: qualiflow.com (no retry, reported by Alex Beckert) +/^mail\d+\.msg\.oleane\.net$/ +# 2007-09-07: nrl.navy.mil (no retry, reported by Axel Beckert) +nrl.navy.mil +# 2007-10-18: aliplast.com (long retry, reported by Johannes Feigl) +mail.aliplast.com +# 2007-10-18: inode.at (long retry, reported by Johannes Feigl) +/^mx\d+\..*\.inode\.at$/ +# 2008-02-01: bol.com (no retry, reported by Frank Breedijk) +/^.*?.server.arvato-systems.de$/ +# 2008-06-05: registeredsite.com (no retry, reported by Fred Kilbourn) +/^(?:mail|fallback-mx)\d+.atl.registeredsite.com$/ +# 2008-07-17: mahidol.ac.th (no retry, reported by Alex Beckert) +saturn.mahidol.ac.th +# 2008-07-18: ebay.com (big pool, reported by Peter Samuelson) +ebay.com +# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso) +yahoo.com +# 2008-11-07: facebook (no retry, reported by Tim Freeman) +/^outmail\d+\.sctm\.tfbnw\.net$/ +# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert) +server14.cyon.ch +# 2009-08-19: 126.com (big pool) +/^m\d+-\d+\.126\.com$/ +# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert) +home.theory.tifr.res.in +# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert) +ms4-1.1blu.de +# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys) +/^viefep\d+-int\.chello\.at$/ +# 2010-05-31: nic.nu (long retry, reported by Ivan Sie) +mx.nic.nu +# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran) +bigfish.com +frontbridge.com +microsoft.com +# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman) +postini.com +# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner) +/^mx.*\.evanzo-server\.de$/ +# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie) +upcmail.net diff --git a/postfix/postgrey_whitelist_recipients b/postfix/postgrey_whitelist_recipients new file mode 100644 index 0000000..68e4c80 --- /dev/null +++ b/postfix/postgrey_whitelist_recipients @@ -0,0 +1,7 @@ +# postgrey whitelist for mail recipients +# -------------------------------------- +# put this file in /etc/postfix or specify its path +# with --whitelist-recipients=xxx + +postmaster@ +abuse@ -- 2.39.5