greylist: make netmasks configurable

Instead of hardcoding the netmask used for comparing greylistentries to
the current ip (24 for ipv4 and 64 for ipv6) - make them configurable in
pmg.conf

This should help with some cloud providers who send the same mail with
different ips from a large network - which all get greylisted separately.
In the worst case the sending cloud drops the mail, after it got defered
too often.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 7b9ca4803333252618f9a71b053a147b343115eb..093401aa8ca3fdf1e2c175c3cf958563b1eafedb 100755 (executable)
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -609,11 +609,25 @@ sub properties {
            type => 'boolean',
            default => 1,
        },
+       greylistmask4 => {
+           description => "Netmask to apply for greylisting IPv4 hosts",
+           type => 'integer',
+           minimum => 0,
+           maximum => 32,
+           default => 24,
+       },
        greylist6 => {
            description => "Use Greylisting for IPv6.",
            type => 'boolean',
            default => 0,
        },
+       greylistmask6 => {
+           description => "Netmask to apply for greylisting IPv6 hosts",
+           type => 'integer',
+           minimum => 0,
+           maximum => 128,
+           default => 64,
+       },
        helotests => {
            description => "Use SMTP HELO tests.",
            type => 'boolean',
@@ -671,7 +685,9 @@ sub options {
        max_smtpd_in => { optional => 1 },
        max_smtpd_out => { optional => 1 },
        greylist => { optional => 1 },
+       greylistmask4 => { optional => 1 },
        greylist6 => { optional => 1 },
+       greylistmask6 => { optional => 1 },
        helotests => { optional => 1 },
        tls => { optional => 1 },
        tlslog => { optional => 1 },

diff --git a/src/bin/pmgpolicy b/src/bin/pmgpolicy
index 810f81f41496985814debfaff5e07a5f36c1e1e7..fd78ced229be62ab760351fddb1d165ec4ab5700 100755 (executable)
--- a/src/bin/pmgpolicy
+++ b/src/bin/pmgpolicy
@@ -319,6 +319,8 @@ sub load_config {
     $self->{use_spf} = $pmg_cfg->get('mail', 'spf');
     $self->{use_greylist} = $pmg_cfg->get('mail', 'greylist');
     $self->{use_greylist6} = $pmg_cfg->get('mail', 'greylist6');
+    $self->{greylistmask4} = $pmg_cfg->get('mail', 'greylistmask4');
+    $self->{greylistmask6} = $pmg_cfg->get('mail', 'greylistmask6');
 
     if ($opt_testmode) {
        $self->{use_spf} = 1;
@@ -556,10 +558,10 @@ sub greylist_value {
     my $masklen;
     my $do_greylist = 0;
     if ($ip =~ m/$IPV4RE/) {
-       $masklen = 24;
+       $masklen = $self->{greylistmask4};
        $do_greylist = $self->{use_greylist};
     } elsif ($ip =~ m/$IPV6RE/) {
-       $masklen = 64;
+       $masklen = $self->{greylistmask6};
        $do_greylist = $self->{use_greylist6};
     } else {
        return 'dunno';