nutmeg's blog

As greylistd does not seem to be developed anymore and I wanted to have --auto-whitelist-clients I have switched to postgrey.

I am using postgrey-integration into exim4 written by Guy Antony Halse with some minor changes to minimize the differences to my greylistd setup. - I greylist on /27 instead of /24 networks and will immediately reject invalid recipients instead of greylisting them.

postgrey runs with --unix=/var/run/postgrey/socket --retry-window=4 --lookup-by-host --auto-whitelist-clients=10 --exim.

Update 2006-10-22: As found in Bug #380257 postgrey wants the querying server to pass a postfix instance parameter. This parameter identifies a single mail i.e. for one message with multiple receipients the instance identifier will stay the same. I am generating this one in exim's mail ACL.

  [ in mail ACL:]
  # instance parameter for postfix policy daemons, unique for every mail,
  # i.e. incremented for mail from, but unchanged for rcpt to.
  warn set acl_m2 = $pid.$tod_epoch.$sender_host_port
  [...]
  [ in rcpt ACL:]
  defer
    log_message = greylisted host $sender_host_address
    !senders = : postmaster@*
    domains = +local_domains : +relay_to_domains
    !hosts = /etc/exim4/no-greylist-hosts
    !authenticated = *
    verify = recipient/callout=20s,use_sender,defer_ok
    set acl_m3 = request=smtpd_access_policy\n\
                 protocol_state=RCPT\n\
                 protocol_name=${uc:$received_protocol}\n\
		 instance=${acl_m2}\n\
                 helo_name=${sender_helo_name}\n\
                 client_address=${substr_-3:${mask:$sender_host_address/27}}\n\
                 client_name=${sender_host_name}\n\
                 sender=${sender_address}\n\
                 recipient=$local_part@$domain\n\n
    set acl_m3 = ${sg{\
                     ${readsocket{/var/run/postgrey/socket}{$acl_m3}\
                           {5s}{}{action=DUNNO}}\
                     }{action=}{}}
    message = ${sg{$acl_m3}{^\\w+\\s*}{}}
    condition = ${if eq{${uc:${substr{0}{5}{$acl_m3}}}}{DEFER}{true}{false}}

  # add "greylisted by ..seconds" header to mail which has successfully
  # passed the greylisting.
  warn
    !senders = : postmaster@*
    domains = +local_domains : +relay_to_domains
    !hosts = /etc/exim4/no-greylist-hosts
    !authenticated = *
    message = ${sg{$acl_m3}{^\\w+\\s*}{}}
    condition = ${if eq{${uc:${substr_0_7:$acl_m3}}}{PREPEND}{true}{false}}

I have set some activity to finally get rid of archaic gnutls versions from sid by signalizing my intention to NMU some bugs and asking for the first binary NMUs.

I got stuck at lock-keys-applet. I have got a nice binary package and diff that fixes the bug as far as I can tell. However I am not running Gnome on sid and have not been able to find a tester on IRC either. I would appreciate feedback per mail, TIA.

Update: I have received some feedback on lock-keys-applet: Some positive user feedback ("Yes, it works.") and OTOH a pretty strange answer from the maintainer, which can be summed up as "Please do not NMU the package.".