Lion Server has brought a number of changes over Snow Leopard and earlier versions of Mac OS X server. While many of these are welcome improvements, there are some issues that can be very annoying.
A prime example is in the Mail service. Whenever a GUI tool is used to manage a Mail setting, postfix's greylisting is turned on, whether or not it's desired. This can cause some real headaches with greylisting preventing mail from flowing through the server properly.
One way to avoid this issue is to stay away from the GUI management tools, but that's far from a real solution. What this article will show you is how to leverage launchd and bash scripting to keep grey listing turned off.
Greylisting is enabled in the smtpd_recipient_restrictions directive of postfix's main.cf . What this solution will do is periodically check the value of that directive against a specified correct value, and update it as appropriate.
First, determine what you want the value of smtpd_recipient_restrictions to be. It might look something like...
Now, we get to the script. This will check the value of the smtpd_recipient_restrictions directive and compare it to the correct value. If it's been changed, it sets it to the correct value, and if it's OK, it does nothing further.
#!/bin/bash
restrictions_preferred="permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.tiopan.com, reject_rhsbl_sender bl.spamcop.net, reject_rhsbl_sender zen.spamhaus.org, permit";
restrictions_current_full="`postconf smtpd_recipient_restrictions`";
restrictions_current=${restrictions_current_full:31};
if test "$restrictions_preferred" = "$restrictions_current"
then
echo "Postfix smtpd restrictions are set correctly."
exit 0;
else
echo "Postfix smtpd restrictions are NOT set correctly."
serveradmin settings mail:postfix:smtpd_recipient_restrictions = "$restrictions_preferred";
exit 0;
fi
By using the serveradmin command to edit the configuration, postfix will automatically reload its configuration, eliminating the need to take an extra step there.
Save this script in a location like /usr/local/bin/disable_greylisting.sh with permissions mode 755.
Now we'll use launchd to set the script to run the script periodically to make sure
(Credit to Jason Discount at http://www.practiceofcode.com/post/15543512691/disable-greylisting-under-lion-server for inspiring this solution)