Read Me

********************************************************************************
*   POSTFIX-POLICYD-BLACKLIST-PUBLISHER
*   Date:   $Tuesday, October 05 2010
*   Author: Thomas Amm <tsamm@sourceforge.net>
*   GPG/PGP: (url) 	http://www.ax11.de/misc/publickey.asc
*   More, Blog:		http://www.ax11.de
********************************************************************************

What is it?

Greylisting is a now well-probed and effective way to lock out spam from at the
root of evil: the target MX' incoming smtp port. By RFC the sender of any
message that could not be delivered (p.e. bounced by the recieving MX) must be
informed by a failure notice. This means as the postmaster of the bouncing or
greylisting host you actually don't have to care, supposed your MTA is rejecting
mails sending a decent status message to the server which tried to send the
bounced mail. Unfortunately
- you can't rely on that and
- you might want to have an "official" list of the few black sheeps that really
get kicked by you or any automatism as spamtraps or tresholds for your clients'
peace of mind and possible legal responsibilities.
So that's what PPBP does: it publishes -in real time- any entity that actually
is banned from delivering mail. So any clients considered they might be missing
incoming mail -or who ever has access to PPRPs root directory- may look up and
see themselves.


Installation/Usage:

Extract and copy anything into the root (or any other) directory of your web
server; either with the "postfix-policyd-blacklister" directory (HTTP-path will
appear as "http://YOURSITE.COM/postfix-policyd/blister.php") or directly
(optionally using an existing "include"-directory or $_PHP_INCLUDE_PATH). On any
sane apache or apache2 installation this path will be protected from direct
access (i.e. stealing passwords from raw PHP-files) by default. Database access
for the postfix-policyd-user should by default be limited to localhost
anyway - so this script should not cause any security issues. Nevertheless you
might want to restrict access to the blacklist to your MX's users. Best way to
implement this is to use your web servers native ACL feature. (i.e. directive
allow, deny if you are running apache).
If you re-check security by trying to peek at
http://YOURSITE/postfix-policyd-blacklister/include/blister.inc.php
(or whatever your path is) and you don't see any plaintext passwords, you're on
the safe side.  

Edit include/blister.inc.php and fill in the MySQL-password for postfix-policyd.
On most Linux systems you will find it in /etc/postfix-policyd.conf. You might
want to create a second password with read-only-access and use this one for the
blacklisting script after the first run, if you're really concerned.





 GNU GENERAL PUBLIC LICENSE


 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; either version 2
 of the License, or any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.