Fedora 9 And Sendmail

system information for this setup

  • sendmail-8.14.2-4.fc9.x86_64
  • Linux 2.6.24-19-xen #1 SMP x86_64 x86_64 x86_64 GNU/Linux
  • milter-greylist-4.0.1.tgz

setup with yum (incomplete results)

In the Fedora RPM, the default user is grmilter. Ownership and permissions are correctly set by yum install milter-greylist. These are the critical folders that result from installation:

/etc/mail/greylist.conf: user =“grmilter”
/etc/init.d/milter-greylist:    no user specified

/etc/init.d/milter-greylist    root.root    755
/usr/sbin/milter-greylist    root.root    755

/etc/mail/greylist.conf    root.grmilter    640

/var/lib/milter-greylist    grmilter.grmilter    751
/var/lib/milter-greylist/db/    root.grmilter    770
/var/lib/milter-greylist/db/greylist.db    (not created)

/var/lock/subsys/milter-greylist    root.root    644

/var/run/milter-greylist/    grmilter.root    700
/var/run/milter-greylist.pid    grmilter.grmilter    644
/var/run/milter-greylist/milter-greylist.sock    grmilter.grmilter    755

service milter-greylist start worked as advertised for me after yum was done—until I started trying to get it to use the dumpfile.

sock not found

yum on Fedora puts the sock in "/var/run/milter-greylist" instead of "/var/milter-greylist" as is typical of other installations. The README file provided by yum gives the correct version of how to configure sendmail.cf (/usr/share/doc/milter-greylist-4.1.1/README). The "not found" error message comes from using the suggested INPUT_MAIL_FILTER line in the online README or other generic installation instructions.

INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock')

If that is the line you used, then change /etc/mail/sendmail.mc and rebuild it.
INPUT_MAIL_FILTER(`greylist',`S=local:/var/run/milter-greylist/milter-greylist.sock')

The command to make a new sendmail.cf from sendmail.mc is:
make -C /etc/mail

Then sendmail has to be restarted for the changes to take effect.
service sendmail restart

The yum installer (understandably) doesn't mess with your sendmail.mc file. That's a job for the human installer.

ask milter-greylist to log activity

I uncommented these lines in greylist.conf:

stat "|logger -p local7.info" \
      "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh"

Two places to look for output from the logger:
  • /var/log/messages
  • /var/log/maillog

dumpfile problem (not resolved)

Error message on startup of milter-greylist:

cannot read dumpfile "/var/lib/milter-greylist/db/greylist.db"
starting with an empty greylist

I never figured out what was wrong with my installation. Others undoubtedly have.

installing milter-greylist from tarball

Requirements to build:

yum install flex
yum install bison

Because I had unpacked the tarball on my desktop to get at the README file, I used Filezilla to upload the files to /usr/src/milter-greylist-4.0.1. The alternative is to upload the tarball to /usr/src and unpack it there:

gunzip -c milter-greylist-4.0.1.tgz | tar -xvf -

Make configure executable and read the help material:
chmod 755 configure
./configure -help

Build the daemon with GeoIP support and put it on the list of things to be run on bootup.
./configure --with-libGeoIP
make
make install
chkconfig milter-greylist on

If you don't want GeoIP, just use "./configure".

modify /etc/init.d/milter-greylist

rc-redhat.sh.in comes in the tarball. I copied it to /etc/init.d/milter-greylist so that the daemon can be run as a service. The file then needs to be made executable.

chmod 755 milter-greylist

+++@USER@ and @BINDIR@ problem
The rc-redhat.sh.in that I copied to /etc/init.d/milter-greylist had two troublesome lines it
user="@USER@"
daemon --user=$user @BINDIR@/milter-greylist $OPTIONS

I changed these to:
user="mail"
daemon --user=$user /usr/local/bin/milter-greylist $OPTIONS

"mail" owns /var/spool/mqueue. That's why I chose "mail" as the user for milter-greylist. Sendmail's queue runner is smmsp. (smmsp stands for "sendmail mail submission program.")
# ps aux | grep sendmail

root … sendmail: accepting connections
smmsp … sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
[[/code]]

user="smmsp" should work, too, but I found that I then had to chmod 777 /var/spool/mqueue to get it up and running. If I'm not mistaken, that then gives sendmail conniptions about a world-writable folder. The yum installation clearly gets the grmilter user setup correctly from the get-go. It's magic!

socket problem

Unable to bind to port /var/milter-greylist/milter-greylist.sock: Address already in use
Unable to create listening socket on conn /var/milter-greylist/milter-greylist.sock

Solution: change ownership of the folder. (This problem was probably of my own making.)
1082  chown -R mail.mail /var/milter-greylist/milter-greylist

modify /etc/mail/greylist.conf

There are many things to look at in this file and in greylist2.conf. One line caused problems on my system.

Starting Milter-Greylist: config error at line 10: syntax error

Line 10 in greylist.conf read dumpfile "/var/milter-greylist/greylist.db 755". I got rid of the 755. Someone may have meant it as the proper permissions for the file.
Because I configured the build "—with-libGeoIP", I had to add a line to /etc/mail/grelist.conf:
# The geoipdb statement is used to specify the location of GeoIP database
geoipdb "/usr/share/GeoIP/GeoIP.dat"

Give mail ownership of /var/milter-greylist and start the daemon.

chown -R mail.mail /var/milter-greylist
service sendmail stop
service milter-greylist start
service sendmail start

sample /etc/mail/greylist.conf

This file contains some additional material from greylist2.conf.

#
# Simple greylisting config file using the new features
# See greylist2.conf for a more detailed list of available options
#     http://milter-greylist.wikidot.com/greylist2-conf
# $Id: greylist.conf,v 1.42.2.1 2008/02/27 05:01:47 manu Exp $
#

pidfile "/var/run/milter-greylist.pid"
socket "/var/milter-greylist/milter-greylist.sock"
dumpfile "/var/milter-greylist/greylist.db"
# How often should we dump to the dumpfile (0: on each change, -1: never).
# default: 1
#dumpfreq 10m
dumpfreq 1
user "mail"

# Log milter-greylist activity to a file
#stat ">>/var/milter-greylist/greylist.log" \
#      "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh\n"
# Same, sent to syslog
stat "|logger -p local7.info" \
      "%T{%Y/%m/%d %T} %d [%i] %r -> %f %S (ACL %A) %Xc %Xe %Xm %Xh"

# Be verbose (or use -v flag)
#verbose

# Do not tell spammer how long they have to wait
quiet

# MX peering
#peer 192.0.2.17
#peer 192.0.2.18

# Your own network, which should not suffer greylisting
# list "my network" addr { 127.0.0.1/8 10.0.0.0/8 192.0.2.0/24 }
#    MXM:
list "my network" addr { 127.0.0.1/8 }

# This is a list of broken MTAs that break with greylisting. Derived from
# http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16
list "broken mta" addr {   \
    12.5.136.141/32    \ # Southwest Airlines (unique sender)
    12.5.136.142/32    \ # Southwest Airlines
    12.5.136.143/32    \ # Southwest Airlines
    12.5.136.144/32    \ # Southwest Airlines
    12.107.209.244/32  \ # kernel.org (unique sender)
    12.107.209.250/32  \ # sourceware.org (unique sender)
    63.82.37.110/32    \ # SLmail
    63.169.44.143/32   \ # Southwest Airlines
    63.169.44.144/32   \ # Southwest Airlines
    64.7.153.18/32     \ # sentex.ca (common pool)
    64.12.136.0/24     \ # AOL (common pool)
    64.12.137.0/24     \ # AOL
    64.12.138.0/24     \ # AOL
    64.124.204.39      \ # moveon.org (unique sender)
    64.125.132.254/32  \ # collab.net (unique sender)
    64.233.160.0/19    \ # Google
    66.94.237.16/28    \ # Yahoo Groups servers (common pool)
    66.94.237.32/28    \ # Yahoo Groups servers (common pool)
    66.94.237.48/30    \ # Yahoo Groups servers (common pool)
    66.100.210.82/32   \ # Groupwise?
    66.135.192.0/19    \ # Ebay
    66.162.216.166/32  \ # Groupwise?
    66.206.22.82/32    \ # Plexor
    66.206.22.83/32    \ # Plexor
    66.206.22.84/32    \ # Plexor
    66.206.22.85/32    \ # Plexor
    66.218.66.0/23     \ # Yahoo Groups servers (common pool)
    66.218.67.0/23     \ # Yahoo Groups servers (common pool)
    66.218.68.0/23     \ # Yahoo Groups servers (common pool)
    66.218.69.0/23     \ # Yahoo Groups servers (common pool)
    66.27.51.218/32    \ # ljbtc.com (Groupwise)
    66.102.0.0/20      \ # Google
    66.249.80.0/20     \ # Google
    72.14.192.0/18     \ # Google
    152.163.225.0/24   \ # AOL
    194.245.101.88/32  \ # Joker.com
    195.235.39.19/32   \ # Tid InfoMail Exchanger v2.20
    195.238.2.0/24     \ # skynet.be (wierd retry pattern, common pool)
    195.238.3.0/24     \ # skynet.be
    195.46.220.208/32  \ # mgn.net
    195.46.220.209/32  \ # mgn.net
    195.46.220.210/32  \ # mgn.net
    195.46.220.211/32  \ # mgn.net
    195.46.220.221/32  \ # mgn.net
    195.46.220.222/32  \ # mgn.net
    195.238.2.0/24     \ # skynet.be (wierd retry pattern)
    195.238.3.0/24     \ # skynet.be
    204.107.120.10/32  \ # Ameritrade (no retry)
    205.188.0.0/16     \ # AOL
    205.206.231.0/24   \ # SecurityFocus.com (unique sender)
    207.115.63.0/24    \ # Prodigy - retries continually
    207.171.168.0/24   \ # Amazon.com
    207.171.180.0/24   \ # Amazon.com
    207.171.187.0/24   \ # Amazon.com
    207.171.188.0/24   \ # Amazon.com
    207.171.190.0/24   \ # Amazon.com
    209.132.176.174/32 \ # sourceware.org mailing lists (unique sender)
    209.85.128.0/17    \ # Google
    211.29.132.0/24    \ # optusnet.com.au (wierd retry pattern)
    213.136.52.31/32   \ # Mysql.com (unique sender)
    216.33.244.0/24    \ # Ebay
    216.239.32.0/19    \ # Google
    217.158.50.178/32  \ # AXKit mailing list (unique sender)
}

# List of users that want greylisting
list "grey users" rcpt {  \
    user1@example.com \
    user2@example.com \
    user3@example.com \
}

# Give this a try if you enabled DNSRBL
#dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
#dnsrbl "SBL" sbl-xbl.spamhaus.org 127.0.0.2
#dnsrbl "CBL" sbl-xbl.spamhaus.org 127.0.0.4
#dnsrbl "NJABL" sbl-xbl.spamhaus.org 127.0.0.5
#dnsrbl "PBL" zen.spamhaus.org 127.0.0.10/31
#dnsrbl "TQM3-DHCP" dhcp.tqmcube.com 127.0.0.2
#dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16

# Here is an example of user preference pulled from a LDAP directory
# (requires building --with-libcurl). If the milterGreylistStatus 
# attribute is set to TRUE, then $usrRBL will be usable later in the
# ACL and will carry the values of the usrRBL attribute.
# urlcheck "userpref" \
# "ldap://localhost/dc=example,dc=net?milterGreylistStatus,usrRBL?one?mail=%r" \
# 30 getprop clear fork

# And here is the access list
racl whitelist list "my network"
racl whitelist list "broken mta"
#racl whitelist dnsrbl "MTAWL"
#racl blacklist urlcheck "userpref" $usrRBL "CBL" dnsrbl "CBL" \
#               msg "Sender IP caught in CBL blacklist"
#racl blacklist $usrRBL "SBL" dnsrbl "BBL" \
#               msg "Sender IP caught in SBL blacklist"
#racl blacklist $usrRBL "NJABL" dnsrbl "NJABL" \
#               msg "Sender IP caught in NJABL blacklist"
#racl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d
racl greylist list "grey users" delay 30m autowhite 3d
#  As found in the distribution:
#racl whitelist default
#
# "racl whitelist default" provides some useful evidence that
# milter-greylist is working (with some of the options below).
# Test messages will come through with X-Greylist headers.
# Then it's time to get serious.
# MXM: start greylist for everybody not exempted already
racl greylist default delay 10m autowhite 3d

# Example of content filtering for fighting image SPAM
#dacl blacklist body /src[:blank:]*=(3D)?[:blank:]*["']?[:blank:]*cid:/ \
#     msg "Sorry, We do not accept images embedded in HTML"

##########################################################################
#  
# Added by MXM--to see whether milter-greylist is working
#

# This option tells milter-greylist when it should
# add an X-Greylist header. Default is all, which
# causes a header to always be added. Other possible
# values are none, delays and nodelays
report all

# This option attempts to make milter-greylist more
# friendly with sender callback systems. When the
# message is from <>, it will be temporarily
# rejected at the DATA stage instead of the RCPT
# stage of the SMTP transaction. In the case of a
# multi recipient DSN, whitelisted recipient will
# not be honoured.
delayedreject

# Uncomment if you want auto-whitelist to work for
# the IP rather than for the (IP, sender, receiver)
# tuple.
#lazyaw

# This option disables the conversion of the time specified in the
# integer format to humanly readable format in the comment of each
# line in the dumpfile.
# Time needed in order to dump large dumpfiles (several milion 
# entries/few 100's of MB) can be significantly improved.
dump_no_time_translation

# This option causes greylist entries that expire to be logged via
# syslog.  This allows you to collect the IP addresses and sender
# names and use them for blacklisting, SPAM scoring, etc.
logexpired

#
# Something not in the distribution greylist.conf
#
# The geoipdb statement is used to specify the location of GeoIP database
geoipdb "/usr/share/GeoIP/GeoIP.dat"

sample /etc/init.d/milter-greylist

#!/bin/sh
# $Id: rc-redhat.sh.in,v 1.7 2006/08/20 05:20:51 manu Exp $
#  init file for milter-greylist
#    modified by MXM for Fedora 9 installation
#    MXM: save as /etc/init.d/milter-greylist
#            chown to user mail or smmsp or ...
#            chmod 755 to allow it to be run
# chkconfig: - 79 21
# description: Milter Greylist Daemon
#
# processname: @BINDIR@/milter-greylist
# config: /etc/mail/greylist.conf
# pidfile: /var/milter-greylist/milter-greylist.pid

# source function library
. /etc/init.d/functions

pidfile="/var/milter-greylist/milter-greylist.pid"
socket="/var/milter-greylist/milter-greylist.sock"
#  original read:
#user="@USER@"
#  If you start with /usr/src/rc-redhat.sh,
#  the line will read user="root"
#  MXM--this works for my setup:
user="mail"

OPTIONS="-P $pidfile -p $socket"
if [ -f /etc/sysconfig/milter-greylist ]
then
    . /etc/sysconfig/milter-greylist
fi
RETVAL=0
prog="Milter-Greylist"
#
# original file read:
#   daemon --user=$user @BINDIR@/milter-greylist $OPTIONS
# If you use /usr/src/rc-redhat.sh, the correct /usr/local/bin
# will already be filled in.
# 
# MXM: changed @BINDIR@ to /usr/local/bin
#
start() {
        echo -n $"Starting $prog: "
        if [ $UID -ne 0 ]; then
                RETVAL=1
                failure
        else
                daemon --user=$user /usr/local/bin/milter-greylist $OPTIONS
                RETVAL=$?
                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter-greylist
        [ $RETVAL -eq 0 ] && success || failure
        fi;
        echo 
        return $RETVAL
}

stop() {
        echo -n $"Stopping $prog: "
        if [ $UID -ne 0 ]; then
                RETVAL=1
                failure
        else
                killproc @BINDIR@/milter-greylist
                RETVAL=$?
                [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter-greylist
        [ $RETVAL -eq 0 ] && success || failure
        fi;
        echo
        return $RETVAL
}

restart(){
    stop
    start
}

condrestart(){
    [ -e /var/lock/subsys/milter-greylist ] && restart
    return 0
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    restart
        ;;
  condrestart)
    condrestart
    ;;
  status)
        status milter-greylist
    RETVAL=$?
        ;;
  *)
    echo $"Usage: $0 {start|stop|status|restart|condrestart}"
    RETVAL=1
esac

exit $RETVAL

sample /etc/init.d/milter-greylist from the Fedora yum installation.

This version leaves the user undefined. The yum RPM uses "grmilter"
as the user.

#!/bin/sh
# $Id: rc-redhat.sh.in,v 1.7 2006/08/20 05:20:51 manu Exp $
#  init file for milter-greylist
#
# chkconfig: - 79 21
# description: Milter Greylist Daemon
#
# processname: /usr/sbin/milter-greylist
# config: /etc/mail/greylist.conf
# pidfile: /var/run/milter-greylist.pid

# source function library
. /etc/init.d/functions

pidfile="/var/run/milter-greylist.pid"
OPTIONS="-P $pidfile"
if [ -f /etc/sysconfig/milter-greylist ]
then
    . /etc/sysconfig/milter-greylist
fi
RETVAL=0
prog="Milter-Greylist"

start() {
        echo -n $"Starting $prog: "
        if [ $UID -ne 0 ]; then
                RETVAL=1
                failure
        else
                daemon /usr/sbin/milter-greylist $OPTIONS
                RETVAL=$?
                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter-greylist
                [ $RETVAL -eq 0 ] && success || failure
        fi;
        echo
        return $RETVAL
}

stop() {
        echo -n $"Stopping $prog: "
        if [ $UID -ne 0 ]; then
                RETVAL=1
                failure
        else
                killproc /usr/sbin/milter-greylist
                RETVAL=$?
                [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter-greylist
                [ $RETVAL -eq 0 ] && success || failure
        fi;
        echo
        return $RETVAL
}

restart(){
        stop
        start
}

condrestart(){
    [ -e /var/lock/subsys/milter-greylist ] && restart
    return 0
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        restart
        ;;
  condrestart)
        condrestart
        ;;
  status)
        status milter-greylist
        RETVAL=$?
        ;;
  *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart}"
        RETVAL=1
esac

exit $RETVAL
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License