The Sysadmin’s Daily Grind: Policyd

TURNED DOWN!

Article from Issue 68/2006
Author(s):

The Postfix Policyd plugin fights spam using techniques such as greylisting, source detection, volume measurements, blacklisting, and HELO rotation detection.

Charly Kühnast is a Unix System Manager at the data-center in Moers, near Germany’s famous River Rhine. His tasks include ensuring firewall security and availability and taking care of the DMZ (demilitarized zone). I’ve added many bits and bobs to my tried and trusted Postfix in the course of the years – Spamassassin and virus filters, for example. The latest member in the exclusive club of Postfix add-ons is Policyd. The Policyd tool does not use the content_filter mechanism to integrate with Postfix, in contrast to many other external tools. Instead, Policyd prefers the check_policy_service, which is available in Postfix 2.2 or newer. This gives me the ability to slot Policyd into my existing ruleset at a location that makes sense. I don’t need to send spam that has been rejected for other reasons to the policy daemon. The current release of the Policyd C program is version 1.73. You can download Policyd from [1], and installing the daemon is easy. After unpacking, just enter gmake build gmake install in the policyd directory. MySQL is also required. Policyd gives you a SQL script that automatically creates the required tables. To finish off, you need to create a cron job:

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column

    At the Niederrhein University future admins implement spam defense mechanisms by attracting the attention of the Viagra Mafia. The results are pertinacious blacklists and expert knowledge of methods for combating the menace.

  • Bot_Attack

    While going about his normal duties, Linux Magazine author Charly Kühnast was hit with a mean attack. Charly’s separate anti-spam server, which sits in front of his mail server, saved him from the mail storm.

  • Charly’s Column: SendmailAnalyzer

    During the ongoing battle against spam, admins should inspect their troop’s battle lines from time to time. If you don’t relish the thought of counting the dinnerware, you can use the services of a logfile inspector like SendmailAnalyzer, which works surprisingly well with Postfix and the like.

  • Charly's Column

    Worms, mail bombs, and users who send multiple megabyte Powerpoint files across the wire give Postfix administrators plenty of reasons to view their charges with a critical eye from time to time.

  • Charly's Column

    On a trip to Berlin, Charly discovers that the nmap port scanner has a new cousin who enjoys spying on phones – smap scans networks for VoIP devices.

comments powered by Disqus