gross: sendmail milter compatible RBL check based greylisting solution.

2014-02-21 11:17:25 +00:00 · 2014-02-21 11:17:25 +00:00 · 36aa32d1c4
commit 36aa32d1c4
parent 1ee9bf0105
2 changed files with 274 additions and 0 deletions
--- a/gross/manifests/init.pp
+++ b/gross/manifests/init.pp
@ -0,0 +1,84 @@
+
+# Install and configure Grossd.
+#
+#   $protocol:
+#     Activates the server protocols grossd will support. Valid
+#     protocols are 'sjsms', 'postfix' and 'milter'.
+#
+#   $number_buffers:
+#     The number of filters used in the ring queue raising this value
+#     will cause an entry to stay in the servers' memory longer.
+#
+#   $rotate_interval:
+#     The number of seconds between filter rotation. Let
+#     N := 'number_buffers' and I := 'rotate_interval'. An entry will stay
+#     in the servers' memory for (N - 0.5) * I seconds in average.
+#
+#   $grey_delay:
+#     The time in seconds new triplets are kept on the greylist.
+#
+#   $block_treshold:
+#     The threshold after which grossd sends a permanent error to the
+#     client. Every check that considers client_ip as suspicious
+#     returns a value (check weight). When sum of these values gets
+#     equivalent or greater than 'block_threshold', grossd sends a
+#     STATUS_BLOCK response.
+#
+#   $dnsbl:
+#     Dns domain name of the dnsbl that 'dnsbl' check will
+#     query. There are no defaults, but below is a list of dnsbls you
+#     could be using you may assign different weights for the dnsbl's,
+#     default weight is 1.
+#     Syntax: dnsbl = [ 'bl.spamcop.net;2', 'dnsbl.sorbs.net' ]
+#
+#   $dnswl:
+#    Analogous to 'dnsbl'. Remember that dnswl is a *definitive*
+#    check, that is grossd waits for the check to complete before
+#    deciding how to respond. This may cause unwanted latency. Highly
+#    recommended if you use grossd as a traditional greylister.
+#
+#  $rpm:
+#    Location of RPM package.
+#
+class gross(
+  $protocol        = 'milter',
+  $number_buffers  = '8',
+  $rotate_interval = '3600',
+  $grey_delay      = '10',
+  $block_treshold  = '0',
+  $dnsbl           = [],
+  $dnswl           = [],
+  $rpm             =
+  'https://bitbucket.org/oherrala/gross/downloads/gross-1.0.2-1.el6.x86_64.rpm'
+){
+
+  package { 'gross':
+    ensure   => 'installed',
+    provider => 'rpm',
+    source   => $rpm,
+  }
+
+  service { 'gross':
+    ensure  => 'running',
+    enable  => true,
+    require => Package['gross'],
+  }
+
+  file { '/var/db/grossd/':
+    ensure => 'directory',
+    owner  => 'nobody',
+    group  => 'root',
+    mode   => '0750',
+    before => Service['gross'],
+  }
+
+  file { '/etc/grossd.conf':
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    content => template('gross/grossd.conf.erb'),
+    before  => Service['gross'],
+    notify  => Service['gross'],
+  }
+}