Currently there are 24 entries in this BLOG.
Greylisting is an effective way to reduce the amount of SPAM sent by non-standard sources, such as scripts. I relies on the fact that a real SMTP sender will respond to a temporary rejection with a later retry.
Postgrey is service that implements greylisting. It is easily integrated into Postfix confgurations.
To this end Postgrey will build triples of
| CLIENT | The source IP of the sending server |
| SENDER | The sender's email address |
| RECIPIENT | The recipient's email address |
If a triple was not previously seen, the mail is temporarily rejected. When the sending server retries a delivery after a configurable minimum delay (default 300s) the mail is accepted and the triple is marked as a valid combination, so that the next email with the same triple will be accepted without any delays. After a certain time (default 35 days) unused triples will expire.
Postgrey allows for exceptions by specifying allowed sending servers and allowed recipients.
It does not allow exceptions for the sender's email address though. Some services use multiple sending servers, so the retry might come from a different server. This then does not match the previous triple and results in another temporary rejection. These cases can only be handled by defining exceptions for the sender's email address, which Postgrey does not implement. See Enhancement Request: Sender Whitelist (#56) which is unlikely to be implemented.
One solution would be to filter by sender address before passing the email to Postgrey.
A typical Postfix configuration using Postgrey will contain something like the following in master.cf:
smtp inet n - y - - smtpd
-o { smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service inet:127.0.0.1:10023 }
...
Here the check_policy_service directive passes the message to the Postgrey service listening on 127.0.0.1:10023, which then decides on temporary rejection or immediate acceptance.
Since the smtpd_recipient_restrictions options are evaluated in order until the first match is found, inserting a filter right before the check_policy_service directive will do the trick. This filter could look like this: check_sender_access hash:/etc/postfix/nogreylist-senders, which requires an access table similar to:
# The following sender email address patterns will be used to exclude # emails from these senders from being subjected to greylisting by # postgrey. # # Beware that email sender addresses are easily forged. So use this # judiciously. # # NOTE 1: This affects all recipient addresses on this server, so # don't be too permissive. # NOTE 2: Please only use the ACCEPT ACTION OK because any other action # is not appropriate semantically in this file. # https://www.postfix.org/access.5.html#accept_actions # REJECT actions are technically possible but their use should # be separated from the goal of bypassing greylisting, thus # inappropriate here. # # For syntax see: # https://www.postfix.org/access.5.html # # Always run `postmap /etc/postfix/nogreylist-senders` after making changes. # Allow emails from senders in the domain example.com to bypass greylisting example.com OK # # EOF. #
Thus the entry in master.cf will now look like this:
smtp inet n - y - - smtpd
-o { smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_sender_access hash:/etc/postfix/nogreylist-senders check_policy_service inet:127.0.0.1:10023 }
...
This method has been successfully tested on OpenBSD 7.9 running Postfix 3.11.3 and Postgrey 1.37.
Not surprising for those who follow the OpenBSD mailing lists, and somewhat late but still within the normal release schedule, on 2026.05.19 OpenBSD 7.9 was released. This is the 60th release of OpenBSD.
As usual the Upgrade instructions work fine and the first impression is good.
Apple has released an urgent security update for iOS 26.3.1 and other OSes. See About the security content of Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2.
Unfortunately it does not show up in Settings → General → Software Update! And I saw no notification about it either.
Users apparently need to find the Settings → Privacy & Security → Background Security Improvements setting and manually install the update (requiring a reboot in this case). And note that the Automatically Install setting is turned ON on my device. Apparently that doesn't do anything though. (The update was released on March 17, 2026 and I checked on March 20. So for 3 days the automatic update did not happen.)
So I predict that only a few users will actually find and install the important security fix.
Nice going Apple!
Update: On one Apple iPad running iPadOS 26.3.1 the security update appears to have installed automatically. So that seems to sometimes work? Still, from a user interface perspective it makes no sense to split of the UI for installing background security updates from the normal Software Update UI.
Update #2: On March 24, 2026, only a week later, iOS/iPadOS/macOS 26.4 where released. Thus for this specific case the issue is effectively moot. However the point of the security update was to get a fix for an issue out to the devices as soon as possible. And hiding the mechanism for installing such fixes is counterproductive.
On small systems, or on VMs with small virtual boot disks, the automatic partitioning will sometimes lead to a /usr partition that is too limited in size. During normal operations this will probably not hurt anything but sysupgrade(8) may complain that there is not enough free space on /usr.
Not surprising for those who follow the OpenBSD mailing lists, on 2025.10.22 OpenBSD 7.8 was released.
As usual the Upgrade instructions work fine and the first impression is good.
I own an old iPad 2 from 2011. It still works, though the battery doesn’t last very long anymore and of course the last available OS for this device is iOS 9.3.5 from 2016. Yes, iOS because iPadOS came later.
I use it occasionally to play some (old) games. And to conserve battery and avoid annoying ads and potential security issues I keep it in airplane mode all the time.
Every few weeks a dialog appears, asking me to verify my Apple ID. (This often causes a crash of the running application. Annoying but otherwise harmless.) I click Cancel and go on using the iPad.
Today something different happened: Without any warning I got a black screen with the Apple logo. This looked like a reboot of the OS to me, though I’m not 100% sure1). When it came back up, it required that I activate the iPad in a fullscreen modal dialog! There didn’t seem to be any way around that.
So I turned off airplane mode, entered my Apple ID credentials and pressed continue a few times until the normal home screen was shown. Then I turned airplane mode on again and everything was normal.
Minor security update to DokuWiki 2024-05-14a "Librarian" has been released (Changelog, Download). No issues so far.
Minor update to DokuWiki 2024-05-14 "Librarian" has been released (Changelog, Download). There are only some minor glitches so far.
And there are still some PHP 8.4 related problems in Plugins remaining as well.
Mostly trouble free update (Changelog, Download). There are only some minor glitches so far.
And there are some PHP 8.4 related problems in Plugins remaining as well.