Copyright 2007 by Kim Minh Kaplan

Greyfix is the greylisting policy daemon for Postfix written by
Kim Minh Kaplan.  Greylisting is an anti spam technique that Evan
Harris describes at <URL:http://projects.puremagic.com/greylisting/>.
Postfix is a popular mail transport agent developped by Wietse Zweitze
Venema and available at <http://www.postfix.org/>.  Greyfix uses
Postfix policy mechanism to enable greylisting with Postfix.

* FEATURES

    - Low and tunable resource usage and high efficiency.  The program
      is written in C and uses Berkeley DB to track mailers.  By itself it
      allocates memory only for a single request and the Berkeley DB library
      can be configured to use very few RAM.
    - Integrates with Postfix's master daemon.  Postfix will shutdown
      greyfix when it is not used completely freeing its runtime
      resources.
    - No administrative burden.  Everything happens "automagically".
      Well...  Currently this is not completely true, records are not
      yet expired.
    - No need for a database server.  Uses Berkeley DB.

* REQUIREMENTS

    - Postfix
    - Berkeley DB

* QUICKSTART

Greyfix uses GNU's build system.  To install the greyfix daemon just
type the following commands:

    $ gzip -cd greyfix-0.3.1.tar.gz | tar xf -
    $ cd greyfix-0.3.1
    $ ./configure
    $ make
    $ su -c 'make install'

Edit Postfix's master configuration file, /etc/postfix/master.cf, and
add the following:

greyfix    unix  -       n       n       -       -       spawn
  user=nobody argv=/usr/local/sbin/greyfix

Edit Postfix's main configuration file, /etc/postfix/main.cf and add
the following:

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/greyfix

If there is already a smtpd_recipient_restrictions configuration line
you should edit it rather than add a new one.  The important part for
greyfix is that you should add "check_policy_service
unix:private/greyfix" to it.

Finally have postfix reload its configuration with "postfix reload"

* NOTES

You can configure the delay before which a new (IP, sender, recipient)
is permitted to send emails by changing the #define DELAY_MAIL_SECS in
greyfix.c.  There are a couple more tunings which are described in the
code.

Greyfix accepts the command line argument "-v" for verbose, "-d" for
debug and "-h <db_home>" to specify the location of the Berkeley DB
environment home location (the default is autoconf's
$localstatedir/greyfix).

Greyfix uses syslog with facility LOG_MAIL.  As such the log messages
should appear along postfix's.

You should use some whitelisting of some sort for some servers.  A
good starting base is whitelist distributed with postgrey (I'm
planning on including it in Greyfix distribution).  You'd use it like
this:

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

* TODO

   - Real documentation
   - Automatic removal of expired triplets
   - Configurable delay length
   - Configurable delay message
   - Statistic collection
   - Auto whitelisting of mail relays that pass greylisting repeatedly
   - Whitelist by /24 to allow for mail relay pools.
   - Use Milter protocol?
