gld-ng Code
Status: Beta
Brought to you by:
patrickvw
Menu
▾
▴
Tree [5c3b65] master / History
gld-ng maintainer
Read Me
24 March 2011
What is gld-ng ?
gld stands for GreyList Daemon.
gld is a standalone policy delegation server for postfix that implements
the greylist algorithm as defined at http://www.greylisting.org
gld-ng is a fork of the original project. It includes support for IPv6 and
uses the PostgreSQL database, mainly because Postgres has a series of neat
features to hande IP addresses, which are not present in MySQL or SQLite.
It also includes a user maintained whitelist database for both IPv4 and IPv6
addresses, expressed in CIDR ranges which is necessary with the typical server
farms used by big email hosters these days.
There is also a table where you can define recipient addresses wich are not
greylisted. Typical uses for those are spam traps for example.
We kept the original idea of allowing "light greylisting", which means that
whole subnets can be allowed in if one of the hosts on that subnet passes
grelisting. In order to support IPv6, the code was rewritten. Right now,
the values for subnets are defined as /24 for IPv4 and /64 for IPv6. A later
enhancement should make those values confugurable.
As a consequence, we are dropping support for MySQL for above-mentioned reason.
The relevant code will be removed. Although it is still present in some files,
do not use it.
What are the requirements ?
gld-ng needs the following software:
- a postfix 2.1 or higher server
- a PostgreSQL server
How to build gld-ng ?
This should be easy, just run ./configure and then make and wait ...
Of course you need to have include files and libraries for pgsql support.
If the compilation fails with pgsql related errors, try to run
./configure --with-pgsql=DIR .
How to install gld-ng ?
Just run make install
The install copy only 2 files into your system.
The files are installed as follow:
/etc/gld.conf.sample : the sample config file
/usr/local/bin/gld : the gld executable file
Afterward, edit /etc/gld.conf.sample file and modify it to suit your needs.
Then rename it to gld.conf .
Please, PLEASE read the README-SECURITY file before choosing your options.
Then, create the tables whitelist and greylist on your pgsql server
I have provided the script tables.sql that helps you to do this task.
Then start gld and see if it run or if an error message is displayed
If you are here, you are done, now just configure postfix to use
your brand new greylist server .
To configure postfix just add the following line:
check_policy_service inet:127.0.0.1:2525
to the end of your smtpd_recipient_restrictions statement of your main.cf file.
You don't have to edit or modify your master.cf file .
How to start gld-ng ?
just run gld without any parameters. or use the provided init script.
On Linux, copy the file to /etc/init.d and then type "service gld start"
How to stop gld-ng ?
Just kill the process with the TERM signal
(SIGTERM is the default signal sent by the kill command)
or type "service gld stop" on Linux
How to reload the configuration of the server ?
Just send the HUP signal to the server
ie: kill -HUP <pid> or killall -HUP gld
How to know the version of gld ?
Just try: gld -v
What happens if the pgsql server goes down ?
Depending on the configuration of gld, the server can refuse to answer
or send a 'dunno' response, which will likely accept the mails.
Please read gld.conf for more informations.
What happens if gld goes down ?
Well, gld *MUST* be running while postfix is running.
make sure you start gld before you start postfix .
If gld should die (this has never occured here)
postfix will not be able to connect to the policy server
and will return a '450 server configuration' .
Thus, you won't be able to receive any greylisted mail .....
What kind of replies does this server send to postfix ?
gld-ng sends only 2 replies to postfix.
if the email is to be greylisted, then gld-ng replies: action=defer_if_permit MESSAGE
otherwise gld replies: action=PREPEND header whitelisted by gld-pg
This will add a header to the e-mail, allowing it to pass greylisting.
I want to greylist only some emails and only some domains, How do I do ?
postfix has a cool feature for that named policy maps.
Let say you want to greylist only the email grey@foo.bar and the whole
domain bar.com here follows how to set up postfix for that.
First, define a policy map named greylist_policy in main.cf
to do this just add the following lines in main.cf :
smtpd_restriction_classes = greylist_policy
greylist_policy = check_policy_service inet:127.0.0.1:2525
Then in the end of smtpd_recipient_restrictions
add the following line: check_recipient_access hash:/etc/postfix/A_FILE_OF_YOUR_CHOICE
instead of the standard line: check_policy_service inet:127.0.0.1:2525
Finally create a text file named /etc/postfix/A_FILE_OF_YOUR_CHOICE
which contains domain and emails to be greylisted
the format is:
email greylist_policy
domain greylist_policy
thus in our example, the file would contain
grey@foo.bar greylist_policy
bar.com greylist_policy
Finally make this text file a hash database with the command: postmap /etc/postfix/A_FILE_OF_YOUR_CHOICE
and you are done ! .
Where do I report bugs,suggestions,insults ?
The original gld was written by Salim.
However, this fork is maintained by Patrick Vande Walle, who can be reached at
patrick+gld@vande-walle.eu
Sourceforge provides an interface to report bugs, patches, etc. This is the
preferred way. If that fails for you, you can e-mail the address above.
But please, include the version of gld you use and the OS you are running.
Note from the original author:
I want to thanks all people who mailed me with suggestions, patches
and especially the following guys:
- Lefteris Tsintjelis for his help and support for testing 1.6.
- Dietmar Braun for his idea of the training mode.
- Wayne Smith for his support and suggestions.
- Santiago Vila for maintaining the Debian package.
- Blaz Zupan for maintaining the FreeBSD port.
- Volker Tanger for the nice howto.
- Brian Truelsen for his help and suggestions on MXGREY.
- Wietse Venema for postfix.
Notes from the fork maintainer:
I want to thank Salim Gasmi <http://www.gasmi.net/> who is the original author of gld