git » chasquid » commit 67fe5b5

hooks: Add greylisting to the post-data hook

author Alberto Bertogli
2016-10-22 10:18:25 UTC
committer Alberto Bertogli
2016-10-26 21:25:12 UTC
parent 6640c09b9eccb6ead13705cbc8b826592a8bc510
hooks: Add greylisting to the post-data hook

While greylisting has severe drawbacks, it's reasonably common.
This patch extends the default hook for greylisting, using "greylistd".

Completing authentication or passing SPF will make it skip the greylist
check, to avoid some of the most common issues with it.
hooks/post-data +18 -1 
diff --git a/hooks/post-data b/hooks/post-data
index 6035253..b6a937c 100755
--- a/hooks/post-data
+++ b/hooks/post-data
@@ -3,6 +3,7 @@
 # This file is an example post-data hook that will run standard filtering
 # utilities if they are available.
 #
+#  - greylist (from greylistd) to do greylisting.
 #  - spamc (from Spamassassin) to filter spam.
 #  - clamdscan (from ClamAV) to filter virus.
 #
@@ -11,7 +12,23 @@
 
 set -e
 
-TF="$(mktemp --tmpdir "post-data-XXXXXXXXXX")"
+
+# Note greylistd needs you to add the user to the "greylist" group:
+#   usermod -a -G greylist mail
+if [ "$AUTH_AS" == "" ] && [ "$SPF_PASS" == "0" ] && \
+	command -v greylist >/dev/null && \
+	groups | grep -q greylist;
+then
+	REMOTE_IP=$(echo "$REMOTE_ADDR" | rev | cut -d : -f 2- | rev)
+	if ! greylist update "$REMOTE_IP" "$MAIL_FROM" 1>&2; then
+		echo "greylisted, please try again"
+		exit 75  # temporary error
+	fi
+	echo "X-Greylist: pass"
+fi
+
+
+TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
 trap 'rm "$TF"' EXIT
 
 # Save the message to the temporary file, so we can pass it on to the various