Home > Server Admin > IPv6 support for jgreylist

IPv6 support for jgreylist

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

jgreylist Changes

jgreylist is a program provided by John Simpson to allow greylisting in qmail. John provides two versions, one written in Perl, and one written in C. I chose to only patch the C version.

jgreylist works by using the unix timestamps of empty files to track when individual IP address or class C blocks last visited your qmail server. John does a great job of explaining how this works on his jgreylist page. You should understand how his program, especially the C version, works and is configured before continuing.

Normally, the IP addresses are stored in a directory such as /var/qmail/jgreylist. Each byte of the IP address is stored in a directory so that the IP address 127.0.0.1 would be stored in /var/qmail/jgreylist/127/000/000/001. To reduce the number of files needed, by default jgreylist actually only stores the first 3 bytes, so 127.0.0.1 would actually be stored in /var/qmail/jgreylist/127/000/000. Which behavior jgreylist uses depends on the value of the JGREYLIST_BY_IP environment variable.

My patch changes the directory structure slightly. All IPv4 addresses are stored inside an ip4 directory. IPv6 addresses are stored in an ip6 directory.

IPv6 addresses are stored in directories for each byte in the address. Unlike IPv4 addresses, each byte is represented in hex rather than decimal. When JGREYLIST_BY_IP is a non-zero value, the entire address is stored. Otherwise only the first 64 bits of the address is stored. For example, the IPv6 2001:470:1f0f:350::1 address would be stored in: /var/qmail/jgreylist/ip6/20/01/04/70/1f/0f/03/50.

Download jgreylist with IPv6 support

John distributes his jgreylist program using a single C file that you compile on your system. I needed to pull in some additional files for the IPv6 stuff so I’ve repackaged John’s file with a Makefile and other dependencies. This modified jgreylist must be run using an IPv6 patched tcpserver or sslserver.

You can download the package here: jgreylist-0.8-ipv6.tar.gz.

Compiling and installing is easy:

$ wget http://www.bltweb.net/qmail/jgreylist-0.8-ipv6.tar.gz
$ tar -xzf jgreylist-0.8-ipv6.tar.gz
$ cd jgreylist-0.8-ipv6
$ make
$ sudo make install

After installing, you should follow John’s instructions on configuring and running.

The jgreylist-clean perl script is included in the tar file above. It required no changes.

Summary

If you have any comments, corrections or questions, feel free to post them below. Remember Gentoo users can apply all of my qmail patches automatically by using the ebuilds in my gentoo-overlay. jgreylist is built in to the qmail-jms1 ebuild, just use the jgreylist USE flag.

Once you've patched jgreylist you should move on to patching qmail-jms1 or IPv6 support.

Server Admin ,

  1. No comments yet.
  1. No trackbacks yet.