hooks: Add greylisting to the post-data hook

While greylisting has severe drawbacks, it's reasonably common. This patch extends the default hook for greylisting, using "greylistd". Completing authentication or passing SPF will make it skip the greylist check, to avoid some of the most common issues with it.
2025-12-18 14:47:03 +00:00 · 2016-10-22 11:18:25 +01:00
parent 6640c09b9e
commit 67fe5b50a5
1 changed files with 18 additions and 1 deletions
--- a/hooks/post-data
+++ b/hooks/post-data
@@ -3,6 +3,7 @@
 # This file is an example post-data hook that will run standard filtering
 # utilities if they are available.
 #
+#  - greylist (from greylistd) to do greylisting.
 #  - spamc (from Spamassassin) to filter spam.
 #  - clamdscan (from ClamAV) to filter virus.
 #
@@ -11,7 +12,23 @@

 set -e

-TF="$(mktemp --tmpdir "post-data-XXXXXXXXXX")"
+
+# Note greylistd needs you to add the user to the "greylist" group:
+#   usermod -a -G greylist mail
+if [ "$AUTH_AS" == "" ] && [ "$SPF_PASS" == "0" ] && \
+	command -v greylist >/dev/null && \
+	groups | grep -q greylist;
+then
+	REMOTE_IP=$(echo "$REMOTE_ADDR" | rev | cut -d : -f 2- | rev)
+	if ! greylist update "$REMOTE_IP" "$MAIL_FROM" 1>&2; then
+		echo "greylisted, please try again"
+		exit 75  # temporary error
+	fi
+	echo "X-Greylist: pass"
+fi
+
+
+TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
 trap 'rm "$TF"' EXIT

 # Save the message to the temporary file, so we can pass it on to the various