-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME
102 lines (71 loc) · 4.4 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
greyd - greylisting & blacklisting daemon
================================================
![C/C++ CI](https://github.com/mikey-austin/greyd/workflows/C/C++%20CI/badge.svg)
![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/mikeyaustin/greyd)
Project Website
---------------
Check out the project website (http://greyd.org) for more information and documentation.
Overview
--------
**greyd** is derived from OpenBSD's **spamd** spam deferral daemon and supporting programs.
As **spamd** is tightly integrated with the PF firewall, there are no production-ready
ports available for the GNU/Linux world. In addition to providing equivalent features
to **spamd**, **greyd** aims to:
- Be firewall agnostic, and provide a generic interface for pluggable modules,
to allow operation with *any* suitable firewall (eg iptables/ipset/netfilter, FreeBSD's
IPFW, etc.). Currently **greyd** can transparently make use of **PF** and **Netfilter**
with the appropriate drivers.
- Provide a generic database interface for pluggable modules to work with a variety
of different databases (eg Berkeley DB, SQLite, MySQL, Postgres, etc.).
- Be portable and run on many different systems.
- Have all of the programs in the **greyd** suite be driven by flexible configuration files,
in addition to supporting the same command line switches as **spamd** & friends.
- Have a clean & modularized internal structure, to facilitate unit & regression testing
(there are currently > 750 tests).
- Be able to import the same blacklists & whitelists that **spamd** can import.
- Be able to sync seemlessly with native **spamd**.
Docker
------
Both centos7 and alpine based images are automatically built and available via the
[greyd dockerhub](https://hub.docker.com/repository/docker/mikeyaustin/greyd).
Note, the centos7 image is built from the latest greyd release, where the alpine
image is built from the latest commit on master.
You can run greyd with something like:
$ docker run -P -p8025:8025 --cap-add=NET_ADMIN mikeyaustin/greyd:alpine
Platforms
---------
Greyd runs on **GNU/Linux**, **OpenBSD**, **NetBSD**, **FreeBSD** & **DragonFly BSD**, and they can all sync to each other.
The greyd suite
-----------------
**greyd** provides analogous versions of each of the **spamd** programs, namely:
* **greyd** - the main spam deferral daemon
* **greydb** - greylisting/greytrapping database management
* **greyd-setup** - blacklist & whitelist population
* **greylogd** - connection tracking & whitelist updating
Development Status
------------------
**greyd** is fully functional and is under active development. All of the features from **spamd**
have been implemented, including synchronization support. Additional features not found in **spamd** have also been implemented, such as **SPF** trapping & optional whitelisting, sync support via greydb and fast blacklist lookup via an internal radix trie.
**greyd** is now fully sync compatible with **spamd**, which would allow, for example, an administrator to add a **greyd** instance into a cluster of existing **spamd** instances.
The following database drivers have been implemented:
* **Berkeley DB** (4.x onwards), which makes full use of transactions.
* **Berkeley DB SQL** (5.x onwards).
* **SQLite 3**
* **MySQL**
* **PostgreSQL**
For GNU/Linux, a firewall driver has been implemented for the netfilter ecosystem. This driver makes use of:
* **libipset** for IP set management
* **libnetfilter-log** for the tracking and auto-whitelisting of connections
* **libnetfilter-conntrack** (version >= 1.0.4) for the DNAT original destination lookups
For the BSDs, a **PF** firewall driver has been implemented.
Before the first proper release, there is still the following to be done:
* <del>autotools build configuration</del>
* <del>man pages & documentation (install guides, user guides, etc.)</del>
* <del>sample init scripts for some RHEL-like systems (and Debian)</del>
* more testing in the wild on different setups
Licensing
---------
All of the source is licensed under the OpenBSD license, with the exception of the netfilter
firewall driver. As this driver links with the libnetfilter userland libraries, it must be licensed
under the GPL (as is my understanding!). This does not conflict with the rest of the code base as all **greyd** drivers are/can be
compiled as shared objects, to be dynamically linked at runtime.