SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
jgreylist
Primary tabs
Decide which version you want to install - Perl or C. The C version is faster for busier servers
- Perl version
The jgreylist script needs to be installed where the SMTP run script can find it. Easiest place is the/var/qmail/bin
directory:cd /var/qmail/bin
wget http://qmail.jms1.net/scripts/jgreylistThe script should be owned by root, have the same group ID as the greylist user's group ID, and have permissions 0750. With these server install instructions, the group is
nofiles
.chmod 0750 jgreylist
chown root:nofiles jgreylistIf you do not want to block mail from servers with no reverse DNS, you'll need to change the
block_norev
variable to "0" in the/var/qmail/bin/jgreylist
:my $block_norev = 0 ;
- C Version
Download the C source code:cd /extra/src
wget http://qmail.jms1.net/scripts/jgreylist.cCompile it and then copy it into place:
gcc -o jgreylist jgreylist.c
mv jgreylist /var/qmail/bin/jgreylist
Greylist data directory
Create the directory to hold the greylist data. Since John's jgreylist script and SMTP run script is already configured for /var/qmail/jgreylist
, let's just use that:
cd /var/qmail
mkdir -m 0700 jgreylist
chown qmaild:nofiles jgreylist
Seeing as we are already using John Simpon's SMTP run script, it's a simple matter of uncommenting the greylist line:
vi /var/service/smtp/run
Uncomment:
#GREYLIST="jgreylist"
If you're using the C version of jgreylist, uncomment the JGREYLIST_???=#
lines right below GREYLIST="jgreylist"
. Those are the environment variables that the C version requires.
By default, John's SMTP run script rejects sender IPs that don't have reverse DNS. If you want to allow them to connection to your server, comment out the line:
#JGREYLIST_NOREV=1
Restart the SMTP service:
svc -t /service/smtp
And after a few seconds, confirm that it is running properly:
svstat /service/smtp
jgreylist-clean
In order to keep the size of our greylist from getting out of hand, we'll install John's jgreylist-clean script and run it periodically to clean up old IP addresses that haven't connected for some time (30 days).
The script will be installed where it is easily accessible - /usr/local/sbin
:
cd /usr/local/sbin
wget http://qmail.jms1.net/scripts/jgreylist-clean
chmod 0755 jgreylist-clean
We'll run it nightly, at 1:00 a.m. via cron:
- Systems with
/etc/cron.d
(i.e. RedHat, CentOS, etc.)cd /etc/cron.d
echo '0 1 * * * * root /usr/local/sbin/jgreylist-clean >/dev/null 2>&1' > jgreylist-clean
chmod 644 jgreylist-clean
touch /etc/crontab - Systems without
/etc/cron.d
(i.e. FreeBSD):
crontab -e
0 1 * * * * root /usr/local/sbin/jgreylist-clean >/dev/null 2>&1
- Log in to post comments
Credits
Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.