From dae8f5ab2b961adceb0ced59fd2d9e7c30c4cddb Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Thu, 9 Dec 2004 21:20:35 +0000 Subject: [PATCH] provide consolidated whitelists --- postgrey/postgrey.patch | 19 ++++++ postgrey/postgrey.spec | 9 ++- postgrey/rc.postgrey | 5 +- postgrey/whitelist.clients | 124 ++++++++++++++++++++++++++++++++++ postgrey/whitelist.recipients | 14 ++++ 5 files changed, 168 insertions(+), 3 deletions(-) create mode 100644 postgrey/postgrey.patch create mode 100644 postgrey/whitelist.clients create mode 100644 postgrey/whitelist.recipients diff --git a/postgrey/postgrey.patch b/postgrey/postgrey.patch new file mode 100644 index 0000000000..5099640157 --- /dev/null +++ b/postgrey/postgrey.patch @@ -0,0 +1,19 @@ +Index: postgrey +--- postgrey.orig 2004-09-08 22:25:50 +0200 ++++ postgrey 2004-12-08 16:35:48 +0100 +@@ -32,6 +32,7 @@ + if(open(CLIENTS, $f)) { + while() { + s/^\s+//; s/\s+$//; next if $_ eq '' or /^#/; ++ s/\s+#.*$//; + if(/^\/(\S+)\/$/) { + # regular expression + push @whitelist_clients, qr{$1}i; +@@ -68,6 +69,7 @@ + if(open(RECIPIENTS, $f)) { + while() { + s/^\s+//; s/\s+$//; next if $_ eq '' or /^#/; ++ s/\s+#.*$//; + my ($user, $domain) = split(/\@/, $_, 2); + if(/^\/(\S+)\/$/) { + # regular expression diff --git a/postgrey/postgrey.spec b/postgrey/postgrey.spec index b65e2509b2..8caaa1aa9c 100644 --- a/postgrey/postgrey.spec +++ b/postgrey/postgrey.spec @@ -34,11 +34,14 @@ Class: PLUS Group: Mail License: GPL Version: 1.16 -Release: 20041208 +Release: 20041209 # list of sources Source0: http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-%{version}.tar.gz Source1: rc.postgrey +Source2: whitelist.clients +Source3: whitelist.recipients +Patch0: postgrey.patch # build information Prefix: %{l_prefix} @@ -68,6 +71,7 @@ AutoReqProv: no %prep %setup -q + %patch -p0 %build # build manual page @@ -99,7 +103,8 @@ AutoReqProv: no # install configuration files %{l_shtool} install -c -m 644 \ - postgrey_whitelist_clients postgrey_whitelist_recipients \ + %{SOURCE whitelist.clients} \ + %{SOURCE whitelist.recipients} \ $RPM_BUILD_ROOT%{l_prefix}/etc/postgrey/ # install run-command script diff --git a/postgrey/rc.postgrey b/postgrey/rc.postgrey index 1baf8c595f..bd39970870 100644 --- a/postgrey/rc.postgrey +++ b/postgrey/rc.postgrey @@ -17,7 +17,8 @@ postgrey_log_complevel="9" %common - postgrey_logfile="@l_prefix@/var/postgrey/postgrey.log" + postgrey_wlclnt="@l_prefix@/etc/postgrey/whitelist.clients" + postgrey_wlrcpt="@l_prefix@/etc/postgrey/whitelist.recipients" postgrey_pidfile="@l_prefix@/var/postgrey/postgrey.pid" postgrey_socket="@l_prefix@/var/postgrey/postgrey.socket" postgrey_dbdir="@l_prefix@/var/postgrey" @@ -46,6 +47,8 @@ --delay="$postgrey_delay" \ --max-age="$postgrey_maxage" \ --retry-window="$postgrey_retrywin" \ + --whitelist-clients="$postgrey_wlclnt" \ + --whitelist-recipients="$postgrey_wlrcpt" \ --greylist-action="$postgrey_action" \ --greylist-text="$postgrey_text" diff --git a/postgrey/whitelist.clients b/postgrey/whitelist.clients new file mode 100644 index 0000000000..8bcda706aa --- /dev/null +++ b/postgrey/whitelist.clients @@ -0,0 +1,124 @@ +## +## whitelist.clients -- postgrey(8) whitelist for mail clients +## +## Valid reasons for inclusion of peers on this list are: +## +## 1. They have a pool of round-robin outbound mail servers that spans more +## than one /24 netblock. +## 2. They have software that considers a 4xx temporary mail failure to be +## a permanent bounce. +## 3. Their mail servers retry delivery for 4xx failures continually with +## no delay. +## 4. Their mail servers either don't retry at all, or have a very long +## retry delay (more than 5 hours). +## 5. The mail servers use a unique sender address for each delivery +## attempt, even for the same piece of mail (also known as VERP). +## 6. The mail servers host high volume mailing lists with a general appeal +## that try to track bounces by using a unique sender address for each +## mail (also known as VERP). +## +## Generally, submissions of servers that do not meet at least one +## of the above criteria should not be accepted for inclusion into +## this list. This includes servers that handle Greylisting ok, but +## that you consider "legitimate", and don't want their mail delayed. +## Since "legitimate" is a subjective distinction, it is believed that +## those types of whitelist entries are better left for individual +## administrators to decide. +## + +# +# Standard Local List +# (localhost and RFC 1918 addresses: 127.0.0.1/32, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) +# +localhost +/^127\.0\.0\.1$/ +/^10\.\d+\.\d+\.\d+$/ +/^172\.(1[6-9]|2[0-9]|3[01])\.\d+\.\d+$/ +/^192\.168\.\d+\.\d+$/ + +# +# Standard Global List +# +southwest.com # postgrey: Southwest Airlines (unique sender, no retry) +scd.yahoo.com # postgrey: Yahoo Groups servers (no retry) +isp.belgacom.be # postgrey: isp.belgacom.be (wierd retry pattern) +ameritradeinfo.com # postgrey: Ameritrade (no retry) +amazon.com # postgrey: Amazon.com (unique sender with letters) +vger.kernel.org # postgrey: Linux kernel mailing-list (unique sender with letters) +karger.ch # postgrey: karger.ch, no retry +server-x001.hostpoint.ch # postgrey: lilys.ch, (slow: 4 hours) +gw.bas.roche.com # postgrey: roche.com (no retry) +mail.hhlaw.com # postgrey: newsletter (no retry) +prd051.appliedbiosystems.com # postgrey: no retry (reported by Ralph Hildebrandt) +swissre.com # postgrey: swissre.com (no retry) +returns.dowjones.com # postgrey: dowjones.com newsletter (unique sender with letters) +domin.switch.ch # postgrey: switch.ch (works but personnel is confused by the error) +accor-hotels.com # postgrey: accor-hotels.com (slow: 6 hours) +/^ms-smtp.*\.rr\.com$/ # postgrey: rr.com (no retry, reported by Duncan Hill) +/^lake.*mta.*\.cox\.net$/ # postgrey: cox.net (no retry, reported by Duncan Hill) +mot.com # postgrey: motorola.com (no retry) +nic.fr # postgrey: nic.fr (address verification, reported by Arnaud Launay) +/^sc\d+pub\.verizon\.net$/ # postgrey: verizon.net (address verification, reported by Bill Moran and Eric) +cs.columbia.edu # postgrey: cs.columbia.edu (no retry) +66.216.126.174 # postgrey: papersinvited.com (no retry) +/^mail\d+\.telekom\.de$/ # postgrey: telekom.de (slow: 6 hours) +/^smtp\d+\.tiscali\.dk$/ # postgrey: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup) +freshmeat.net # postgrey: freshmeat.net (address verification) +zd-swx.com # postgrey: zd-swx.com (unique sender with letters, reported by Bill Landry) +lockergnome.wc09.net # postgrey: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry) +p01m168.mxlogic.net # postgrey: mxlogic.net (no retry, reported by Eric) +p02m169.mxlogic.net # postgrey: mxlogic.net (no retry, reported by Eric) +/^fmr\d+\.intel\.com$/ # postgrey: intel.com (pool on different subnets) +12.5.136.141 # greylisting.org: Southwest Airlines (unique sender, no retry) +12.5.136.142 # greylisting.org: Southwest Airlines (unique sender, no retry) +12.107.209.244 # greylisting.org: kernel.org mailing lists (high traffic, unique sender per mail) +12.107.209.250 # greylisting.org: sourceware.org mailing lists (high traffic, unique sender per mail) +63.82.37.110 # greylisting.org: SLmail +64.7.153.18 # greylisting.org: sentex.ca (common pool) +64.12.137 # greylisting.org: AOL (common pool) - http://postmaster.aol.com/servers/imo.html +64.12.138 # greylisting.org: AOL (common pool) +64.124.204.39 # greylisting.org: moveon.org (unique sender per attempt) +64.125.132.254 # greylisting.org: collab.net (unique sender per attempt) +66.100.210.82 # greylisting.org: Groupwise? +66.135.209 # greylisting.org: Ebay (for time critical alerts) +66.135.197 # greylisting.org: Ebay (common pool) +66.162.216.166 # greylisting.org: Groupwise? +66.206.22.82 # greylisting.org: PLEXOR +66.206.22.83 # greylisting.org: PLEXOR +66.206.22.84 # greylisting.org: PLEXOR +66.206.22.85 # greylisting.org: PLEXOR +66.218.66 # greylisting.org: Yahoo Groups servers (common pool, no retry) +66.218.67 # greylisting.org: Yahoo Groups servers (common pool, no retry) +66.218.69 # greylisting.org: Yahoo Groups servers (common pool, no retry) +66.27.51.218 # greylisting.org: ljbtc.com (Groupwise) +152.163.225 # greylisting.org: AOL (common pool) +194.245.101.88 # greylisting.org: Joker.com (email forwarding server) +195.235.39.19 # greylisting.org: Tid InfoMail Exchanger v2.20 +195.238.2.105 # greylisting.org: skynet.be (wierd retry pattern) +195.238.2.124 # greylisting.org: skynet.be (common pool) +195.238.3.12 # greylisting.org: skynet.be (common pool) +195.238.3.13 # greylisting.org: skynet.be (common pool) +204.107.120.10 # greylisting.org: Ameritrade (no retry) +205.188.139.136 # greylisting.org: AOL (common pool) +205.188.139.137 # greylisting.org: AOL (common pool) +205.188.144.207 # greylisting.org: AOL (common pool) +205.188.144.208 # greylisting.org: AOL (common pool) +205.188.156.66 # greylisting.org: AOL (common pool) +205.188.157 # greylisting.org: AOL (common pool) +205.188.159.7 # greylisting.org: AOL (common pool) +205.206.231 # greylisting.org: SecurityFocus.com (unique sender per attempt) +205.211.164.50 # greylisting.org: sentex.ca (common pool) +207.115.63 # greylisting.org: Prodigy (broken software that retries continually with no delay) +207.171.168 # greylisting.org: Amazon.com (common pool) +207.171.180 # greylisting.org: Amazon.com (common pool) +207.171.187 # greylisting.org: Amazon.com (common pool) +207.171.188 # greylisting.org: Amazon.com (common pool) +207.171.190 # greylisting.org: Amazon.com (common pool) +211.29.132 # greylisting.org: optusnet.com.au (wierd retry pattern and more than 48hrs) +213.136.52.31 # greylisting.org: Mysql.com (unique sender) +217.158.50.178 # greylisting.org: AXKit mailing list (unique sender per attempt) + +# +# Custom Local List +# + diff --git a/postgrey/whitelist.recipients b/postgrey/whitelist.recipients new file mode 100644 index 0000000000..4eab23f99c --- /dev/null +++ b/postgrey/whitelist.recipients @@ -0,0 +1,14 @@ +## +## whitelist.recipients -- postgrey(8) whitelist for mail recipients +## + +# +# Standard Global List +# +postmaster@ +abuse@ + +# +# Custom Local List +# +