milter_greylist

Table of Contents

1. Description
2. Setup - The basics of getting started with milter_greylist
   • What milter_greylist affects
   • Setup requirements
   • Beginning with milter_greylist
3. Usage - Configuration options and additional functionality
4. Limitations - OS compatibility, etc.
5. Development - Guide for contributing to the module

Description

Installs and configures milter-greylist - opensource solution to shrug one time spam off. Its source is at http://hcpnet.free.fr/milter-greylist and most verbose manual I found at http://milter-greylist.wikidot.com/

Setup

Add the following into your manifest include 'milter_greylist'

What milter_greylist affects OPTIONAL

This puppet module installs milter-greylist packages, configures /etc/mail/greylist.conf and enables milter-greylist service

Setup Requirements OPTIONAL

Epel repository needs to be installed for milter-greylist package

Beginning with milter_greylist

install module include into manifest run manifest

Usage

Just including milter_greylist runs milter-greylist with default settings to greylist everyone except @mynetworks

include milter_greylist

To add more IP subnets into mynetworks whitelist

include milter_greylist
class {'milter_greylist':
  mynetworks => '10.0.0.0/8 192.168.0.0/22 127.0.0.1/8',
}

It is advisable to set certain whitelisted IP addresses or countries to avoid getting into initial delay trouble

include milter_greylist
class {'milter_greylist':
  whlcountries => ['CA'],
  whlips => ['8.8.8.8', '8.8.4.4'],
}

By default milter-greylist is configured to listen to inet socket, if you have reasons to use unix socket instead try this

include milter_greylist
class {'milter_greylist':
  socket => '/var/run/milter-greylist/milter-greylist.sock',
}

If you have registered for a free MaxMind account and downloaded CSV file with ASN information you can greylist by ASN number

include milter_greylist
class {'milter_greylist':
  asncsvfile => '/usr/local/share/geoip/GeoLite2-ASN-Blocks-IPv4.csv',
  greyasns   => ['12220','15555','1333'],
}

Limitations

If your MTA is Postfix then unless you set smtpd_delay_open_until_valid_rcpt = no in Postfix's main.cf, you won;t get queue id logged

Development

In the Development section, tell other users the ground rules for contributing to your project and how they should submit their work.

Release Notes/Contributors/Etc. Optional

0.1 - Initial version with whitelist by country and by IPs

Reference

Table of Contents

Classes

• milter_greylist: Main class for milter-greylist module
• milter_greylist::config: Configure milter-greylist
• milter_greylist::package: Installs milter-greylist package
• milter_greylist::service: Ensure service is running

Defined types

• milter_greylist::mxpeersauto: Resource is used to provide a fragment for milter greylist file with a string "peer $ipaddress"

Functions

• milter_greylist::asn2subnets: Translates a list of ASNs into a list of subnets

Classes

milter_greylist

milter_greylist Main class for installation, configuration and enabling milter-greylist as a service milter-greylist itself is open source : http://hcpnet.free.fr/milter-greylist and helps a lot in dealing with spam

Controls whether to have service running at the moment Controls whether to have a service enabled at boot and at all times Controls where to have a package installed or not. Run milter-greylist(8) as a non root user Number of messages per default_ratewindow to allow by default. Defaults to 0, which disables any logic of a rate limit Specifier of a rate time window for default rate limit to act. Defaults to '1m'

Examples

Just including milter_greylist runs milter-greylist with default settings to greylist everyone except @mynetworks

include milter_greylist

To add more IP subnets into mynetworks whitelist

include milter_greylist
class {'milter_greylist':
  mynetworks => '10.0.0.0/8 192.168.0.0/22 127.0.0.1/8',
}

It is advisable to set certain whitelisted IP addresses or countries to avoid getting into initial delay trouble

include milter_greylist
class {'milter_greylist':
  whlcountries => ['CA'],
    whlips => ['8.8.8.8', '8.8.4.4'],
}

By default milter-greylist is configured to listen to inet socket, if you have reasons to use unix socket instead try this

include milter_greylist
class {'milter_greylist':
  socket => '/var/run/milter-greylist/milter-greylist.sock',
}

If you have registered for a free MaxMind account and downloaded CSV file with ASN information you can greylist by ASN number

include milter_greylist
class {'milter_greylist':
  asncsvfile => '/usr/local/share/geoip/GeoLite2-ASN-Blocks-IPv4.csv',
  greyasns   => ['12220','15555','1333'],
}

Parameters

The following parameters are available in the milter_greylist class.

service_ensure

Data type: String

Default value: 'running'

service_enable

Data type: Boolean

Default value: true

package_ensure

Data type: String

Default value: 'present'

geoipcountryfile

Data type: String

Specifies the location of GeoIP database

Default value: '/usr/local/share/GeoIP/GeoIP.dat'

socketpath

Data type: String

Specifies the socket used to communicate with MTA

Default value: 'inet:3333@127.0.0.1'

dumpfile

Data type: String

Absolute path to greylisting db

Default value: '/var/lib/milter-greylist/db/greylist.db'

mxpeers

Data type: Array[String]

Provides a list for synchronization of the greylist among multiple MX

Default value: []

mxpeers_tag

Data type: Optional[String]

Allows for automated population of mxpeers list. Makes sense to use if you have enabled puppetdb.

Default value: undef

whlcountries

Data type: Array[String]

Provides a list of country codes you wish to exclude from a greylist

Default value: ['US','CA']

whlips

Data type: Array[String]

Provides a list of IP addresses/subnets you wish to exclude from a greylist

Default value: []

greyips

Data type: Array[String]

Provides a list of IP addresses/subnets you wish to force into a greylist

Default value: []

greyasns

Data type: Array[String]

Provides a list of ASNs you wish to exclude from a greylist

Default value: []

asncsvfile

Data type: String

If present - path to CSV file with ASN information from MaxMind

Default value: ''

mynetworks

Data type: String

Your own network, which should not suffer greylisting. It is a string.

Default value: '127.0.0.1/8 10.0.0.0/8'

greylistdelay

Data type: String

Sets how much time milter-greylist(8) will want the client to wait between the first attempt and the time the message is accepted

Default value: '1h'

autowhiteperiod

Data type: String

Sets the auto-whitelisting duration

Default value: '3d'

subnetmatchv4

Data type: String

Subnet matching feature

Default value: '/24'

spfwhitelist

Data type: Boolean

Whitelist clients if they are SPF-compliant

Default value: false

user

Data type: String

Default value: 'grmilter'

default_ratelimit

Data type: Integer

Default value: 0

default_ratewindow

Data type: String

Default value: '1m'

milter_greylist::config

Configure milter-greylist

Parameters

The following parameters are available in the milter_greylist::config class.

geoipcountryfile

Data type: String

socketpath

Data type: String

dumpfile

Data type: String

mxpeers

Data type: Array[String]

whlcountries

Data type: Array[String]

whlips

Data type: Array[String]

greyips

Data type: Array[String]

greyasns

Data type: Array[String]

asncsvfile

Data type: String

mynetworks

Data type: String

greylistdelay

Data type: String

autowhiteperiod

Data type: String

subnetmatchv4

Data type: String

spfwhitelist

Data type: Boolean

user

Data type: String

default_ratelimit

Data type: Integer

Default value: 0

default_ratewindow

Data type: String

Default value: '1m'

mxpeers_tag

Data type: Optional[String]

Default value: undef

milter_greylist::package

Installs milter-greylist package

Parameters

The following parameters are available in the milter_greylist::package class.

package_ensure

Data type: String

milter_greylist::service

Ensure service is running

Parameters

The following parameters are available in the milter_greylist::service class.

service_ensure

Data type: String

service_enable

Data type: Boolean

Defined types

milter_greylist::mxpeersauto

Resource is used to provide a fragment for milter greylist file with a string "peer $ipaddress"

Examples

milter_greylist::mxpeersauto { '15.15.15.15': }

Parameters

The following parameters are available in the milter_greylist::mxpeersauto defined type.

ipaddress

Data type: Stdlib::IP::Address

Default value: $name

Functions

milter_greylist::asn2subnets

Type: Ruby 4.x API

Translates a list of ASNs into a list of subnets

Examples

milter_greylist::asn2subnets(['12200','36248']) => ["146.177.20.0/23", "166.86.4.0/22", "208.95.156.0/22"]

milter_greylist::asn2subnets(Array $asns, String $asnfile)

Translates a list of ASNs into a list of subnets

Returns: Array Returns a list of subnets

Examples

milter_greylist::asn2subnets(['12200','36248']) => ["146.177.20.0/23", "166.86.4.0/22", "208.95.156.0/22"]

asns

Data type: Array

List of ASNs

asnfile

Data type: String

path to asn csv file

Changelog

All notable changes to this project will be documented in this file.

Release 0.1.0

Features

Bugfixes

Known Issues