Postgrey

postgrey-privacy

This patch adds the capability to postgrey to store the IPs and emails in the greylisting database using a one-way SHA1 hash function, instead of in clear-text. This will defeat straight-forward attempts to retrieve mail user behaviours. The goal is to give the system administrator the means to implement their site-logging policies by allowing them easier control over the privacy behavior of what information postgrey gathers.

Data retention has become a hot legal topic for ISPs and other Online Service Providers (OSPs). There are many instances where it is preferable to keep less information on users than is collected by default on many systems. In the United States, there is currently no requirement to retain data on users of a server, but you may be required to provide all data on a user which you have retained. OSPs can protect themselves from legal hassles and added work by choosing what data they wish to retain.

Here are some related links:

getting postgrey-privacy installed

This patch has been integrated to upstream in version 1.24.

There are two ways to get this working on your system, the easiest is to install the debian package if you can.

installing the debian package

Postgrey >= 1.24, which has this patch merged, has entered Debian Sid and Etch. Depending on the Debian version you’re running and who you are trusting, you can choose one of the following solutions.

install Debian package

If you’re running Debian, just run the following:

# apt-get install postgrey

You may need to apply the patch found on intrigeri.boum.org/misc/postgrey-1.24-1... to get the thing to work.

There is a draft backport HOWTO on debian.ethz.ch/pub/debian-backports/uti....

applying the patch

If you wish to create your own version of postgrey with this patch, follow these instructions.

This patch has been tested against the following versions of postgrey:

  • version 1.21 and 1.23
  • Debian package postgrey-1.21-1, postgrey-1.23-2

To use this patch, obtain the source for postgrey and the latest postgrey-privacy patch. Uncompress the postgrey source and then apply the patch:

% tar -zxvf postgrey-1.23.tar.gz 
% cd postgrey-1.23
% patch -p1 < postgrey-1.23-privacy.diff

Then install postgrey as normal.

If you are patching a newer version of postgrey than 1.23, you will likely need to modify the patch.

how to use it

This patch adds the command-line option —privacy. This option will store the IPs and emails in the greylisting database using a one-way SHA1 hash function, instead of in clear-text. To use this option, modify your startup script to include it on boot.

credits

Thanks go to Lunar^ for the patch and the boum crew!