[pmg-devel] [PATCH pmg-api v2 4/5] greylist: make netmasks configurable

Stoiko Ivanov s.ivanov at proxmox.com
Mon Apr 20 13:22:42 CEST 2020 

Instead of hardcoding the netmask used for comparing greylistentries to
the current ip (24 for ipv4 and 64 for ipv6) - make them configurable in
pmg.conf

This should help with some cloud providers who send the same mail with
different ips from a large network - which all get greylisted separately.
In the worst case the sending cloud drops the mail, after it got defered
too often.

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 src/PMG/Config.pm | 16 ++++++++++++++++
 src/bin/pmgpolicy |  6 ++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 7b9ca48..093401a 100755
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -609,11 +609,25 @@ sub properties {
 	    type => 'boolean',
 	    default => 1,
 	},
+	greylistmask4 => {
+	    description => "Netmask to apply for greylisting IPv4 hosts",
+	    type => 'integer',
+	    minimum => 0,
+	    maximum => 32,
+	    default => 24,
+	},
 	greylist6 => {
 	    description => "Use Greylisting for IPv6.",
 	    type => 'boolean',
 	    default => 0,
 	},
+	greylistmask6 => {
+	    description => "Netmask to apply for greylisting IPv6 hosts",
+	    type => 'integer',
+	    minimum => 0,
+	    maximum => 128,
+	    default => 64,
+	},
 	helotests => {
 	    description => "Use SMTP HELO tests.",
 	    type => 'boolean',
@@ -671,7 +685,9 @@ sub options {
 	max_smtpd_in => { optional => 1 },
 	max_smtpd_out => { optional => 1 },
 	greylist => { optional => 1 },
+	greylistmask4 => { optional => 1 },
 	greylist6 => { optional => 1 },
+	greylistmask6 => { optional => 1 },
 	helotests => { optional => 1 },
 	tls => { optional => 1 },
 	tlslog => { optional => 1 },
diff --git a/src/bin/pmgpolicy b/src/bin/pmgpolicy
index 810f81f..fd78ced 100755
--- a/src/bin/pmgpolicy
+++ b/src/bin/pmgpolicy
@@ -319,6 +319,8 @@ sub load_config {
     $self->{use_spf} = $pmg_cfg->get('mail', 'spf');
     $self->{use_greylist} = $pmg_cfg->get('mail', 'greylist');
     $self->{use_greylist6} = $pmg_cfg->get('mail', 'greylist6');
+    $self->{greylistmask4} = $pmg_cfg->get('mail', 'greylistmask4');
+    $self->{greylistmask6} = $pmg_cfg->get('mail', 'greylistmask6');
 
     if ($opt_testmode) {
 	$self->{use_spf} = 1;
@@ -556,10 +558,10 @@ sub greylist_value {
     my $masklen;
     my $do_greylist = 0;
     if ($ip =~ m/$IPV4RE/) {
-	$masklen = 24;
+	$masklen = $self->{greylistmask4};
 	$do_greylist = $self->{use_greylist};
     } elsif ($ip =~ m/$IPV6RE/) {
-	$masklen = 64;
+	$masklen = $self->{greylistmask6};
 	$do_greylist = $self->{use_greylist6};
     } else {
 	return 'dunno';
-- 
2.20.1

More information about the pmg-devel mailing list