-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
69 lines (42 loc) · 2.34 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
PostgreyLDAP - an LDAP Backed Postfix policy server for greylisting
====================================================================
Based heavily on Postgrey, version 2.0alpha1.
See also Postgrey's homepage:
http://postgrey.schweikert.ch/
INSTALL
Quick Start
- Extend your LDAP schema to include the required attributes and object classes.
See ldap/README for details
- Configure an LDAP account for PostgreyLDAP, and (ideally) create an OU for
postgreyldap to use, which the PostgreyLDAP account has access to.
- Configure postgreyldap from the provided example config.dist file
- Have postgreyldap start as a system service.
- Possibly migrate file-based whitelists into LDAP.
- You may verify configuration and whitelist settings by running:
$ postgreyldap --config postgreyldap.conf --dumpwhitelist --dumpconfig
Why?
Greylisting is a given, but I have multiple redundant front end mail servers.
I'd like their greylist database to be shared, and I currently know of no shared
greylisting systems. Google diddn't turn up anything. I suppose that Postgrey
itself can listen on the network (so, in turn, can PostgreyLDAP), but this
introduces a single point of failure.
Using Postfix, and OpenSuSE, virtually all of the "dynamic" configuration of my
mail servers is stored in LDAP. LDAP is shared, and distributed, and can handle
failures, while continuing to have write access to LDAP. As of OpenLDAP version
2.4 multi-master replication is supported, and easy to configure.
I'm sure that I could get e.g. MySQL to do this, but I'm not running it at all
on my MX servers, and I'm sure there are others out there with the desire for
shared greylisting and who have, or could easily configure, a robust LDAP
infrastructure.
Why not BerkeleyDB (as per Postgrey <2.0), or SQLITE?
They aren't distributed.
So why not NFS?
I don't want to - can't - rely on a single NFS server for greylisting to work.
Why not MySQL or PostgreSQL?
- My front end routers/MX servers are not currently running either, however they
are running distributed/shared LDAP.
Why LDAP?
I have multiple mail servers. OpenSuSE (YaST), Postfix, and OpenLDAP make it
very easy to use LDAP as the backend for dynamic mail configuration already,
which I'm using. OpenSuSE and OpenLDAP make it very easy to configure
distributed, replicated, LDAP services.