Selective greylisting

mail
postfix

#1

Hello, I would like to activate the greylist but selectively and only in special conditions using the regular expressions on the IP address:

/etc/postfix/client_check.pcre:

/(\-.+){4}$/ check_greylist
/(\..+){4}$/ check_greylist
/(^|[0-9.x_-])(abo|br(e|oa)dband|cabel|(hk)?cablep?|catv|cbl|cidr|d?client2?|cust(omer)?s ? | dhcp | dial? (in | up)? | d [iu] p | [aSX]? DSLD? | dyn (a (dsl | mic)?)? | home | in-addr | modem (cable)? | (a)? pool | ppp | ptr | rev | static | Board | YahooBB [0-9] {12} | c [[: alnum:]] {6} (\. [az] {3})? \ .virtua | [1-9] Cust [0-9] + | AC [AZ] [0-9A-F] {5} \. ipt | pcp [0-9] {6} pcs | S0106 [[: alnum:]] {12} \. [az] {2}) [0-9.x _-] / check_greylist
    
/^ Unknown $ / check_greylist

modify the file /etc/postfix/main.cf as follows:

smtpd_restriction_classes = check_greylist
check_greylist = check_policy_service inet:127.0.0.1:10023

Additionally the entry check_policy_service inet:127.0.0.1:10023 in smtpd_recipient_restrictions =  will be replaced by check_client_access regexp:/etc/postfix/check_client_greylist:

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_invalid_hostname
[...]
  check_client_access regexp:/etc/postfix/check_client_greylist

how to apply this conf to ucs 4.2?

regargs.


#2

You can disable the greylisting with:

ucr set mail/postfix/greylisting=no

and then add a line to smtpd_recipient_restrictions:

ucr set "mail/postfix/smtpd/restrictions/recipient/60=check_client_access regexp:/etc/postfix/check_client_greylist"

Greetings
Daniel Tröder


#3

No, I would like to activate the rules only when the regexes match so I need to define the

smtpd_restriction_classes = check_greylist
check_greylist = check_policy_service inet:127.0.0.1:10023

and then

ucr set "mail/postfix/smtpd/restrictions/recipient/60=check_client_access regexp:/etc/postfix/check_client_greylist

I looked at the templates file but did not find anything about the class definition


#4

Those are currently not supported :frowning:
Please open a feature request at https://forge.univention.org