greylisting superserver xinetd

[assistenz...@gmail.com]

Hi, i installed and used greyfix as a standalone service without problems, and it worked like a charm for a while, now has come the time to add a new MX server with same weight for balancing reasons.
On your site there are instructions/tips about installing it as an inetd service but as of 2015 i learned that inetd has been deprecated and replaced with xinetd.

Fooling around and looking on the web, i did this:

1)
add to /etc/services

# Local services
greyfix         50804/tcp       # Postfix greylisting daemon

as you said

2)
create a /etc/xinet.d/greyfix file containing:


service greyfix
{
        disable         = no
        id              = greyfix-stream
        socket_type     = stream
        protocol        = tcp
        user            = nobody
        wait            = no
        server          = /usr/local/sbin/greyfix
        server_args     = --greylist-delay 60  -/ 24
        port            = 50804
}

and restarted xinetd

3) check
# netstat -nat | grep 50804
tcp        0      0 0.0.0.0:50804           0.0.0.0:*               LISTEN

4)
in postfix master.cf

#greyfix    unix  -        n       n       -        -       spawn
#   user=nobody  argv=/usr/local/sbin/greyfix   --greylist-delay 60  -/ 24

i commented the standalone entry

5)
in main.cf i added:

smtpd_recipient_restrictions = [...mystuff...], grey_policy
grey_policy = check_policy_service inet:myserver.domain.it:50804

restarted postfix all seems working

May 22 15:37:54 mailgw02 postfix/smtpd[11404]: NOQUEUE: reject: RCPT from xx.xxx.xxx.74: 450 4.7.1 <te...@domain.it>: Recipient address rejected: Greylisted by greyfix 0.3.9, try again in 60 seconds.  See http://www.kim-minh.com/pub/greyfix/ for more information.; from=<alex_a...@gmail.com> to=<te...@domain.it> proto=ESMTP helo=<domain.it>

May 22 15:42:44 mailgw02 postfix/cleanup[11788]: 88BD121551: hold: header Received: from domain.it (xx.xxx.xxx.74)??by mailgw02.domain.it (Postfix) with ESMTP id 88BD121551??for <te...@domain.it>; Fri, 22 May 2015 15:42:24 +0200 (CEST) from xx.xxx.xxx.74]; from=<alex_a...@gmail.com> to=<te...@domain.it> proto=ESMTP helo=<domain.it>
May 22 15:42:44 mailgw02 postfix/cleanup[11788]: 88BD121551: message-id=<beed3ahgaeSu@alex_account@gmail.com>
May 22 15:42:51 mailgw02 postfix/smtp[11799]: 88BD121551: to=<te...@domain.it>, relay=relaydomain[yy.yy.yyy.yy4]:25, delay=27, delays=26/0.01/0.06/0.45, dsn=2.0.0, status=sent (250 OK id=1YvnDy-0006pm-1p)
May 22 15:42:51 mailgw02 postfix/qmgr[11376]: 88BD121551: removed

repeat 4) and 5) on each MX postfix and fix dns

Enjoy :)

[Kim Minh Kaplan]

assistenz...@gmail.com writes:

> Hi, i installed and used greyfix as a standalone service without problems, and
> it worked like a charm for a while, now has come the time to add a new MX
> server with same weight for balancing reasons.
> On your site there are instructions/tips about installing it as an inetd
> service but as of 2015 i learned that inetd has been deprecated and replaced
> with xinetd.
>
> Fooling around and looking on the web, i did this:

[…]

> create a /etc/xinet.d/greyfix file containing:
>
> service greyfix
> {
> disable = no
> id = greyfix-stream
> socket_type = stream
> protocol = tcp
> user = nobody
> wait = no
> server = /usr/local/sbin/greyfix
> server_args = --greylist-delay 60 -/ 24
> port = 50804
> }

This is great to know. Do not forget to firewall the port: Greyfix is
not meant to be public facing. I think xinetd comes with rate limiting
builtin; make sure it does not interfer with Postfix-Greyfix
communication.

Can you get back to us when you have some experience with your settings?
I'll write down instructions on Greyfix's page for xinetd according to
your report. What kind of email traffic do you handle, thousands a day?
Millions?
--
Kim Minh