Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 27th June 2006, 00:12
erk erk is offline
Member
 
Join Date: Oct 2005
Location: Göteborg, Sweden
Posts: 41
Thanks: 0
Thanked 4 Times in 3 Posts
Default Killing that spam with greylisting using Postfix and Postgrey

Ever heard of greylisting?

Greylisting is a powerful way of reducing spam to your mailserver. Greylisting in short means that when someone wants to deliver a mail to your mailserver it will simply reply "Please come back later". That is something all RFC compliant mailservers do and when they do come back the mail is accepted. Most spammers and spam software are not compliant and not patient enough to try again. You will be surprised to see how effective this is. Anyway, follow the links below to really learn about it. There are as always pros and cons so do your homework before you put it on a production server.

Greylisting.org
Greylisting on Wikipedia

There are several implementations of greylisting and it can be done with most any server. I will show you how to do it on a Debian Sarge with Postfix running as MTA with Postgrey.

Install Postgrey

I assume you have a working Postfix installation. Requirements for postgrey are:
- Perl >= 5.6.0
- Net::Server (Perl Module)
- IO::Multiplex (Perl Module)
- BerkeleyDB (Perl Module)
- Berkeley DB >= 4.1 (Library)

First we install the postgrey package with :
Code:
apt-get install postgrey
This will install the postgrey server on your machine. Now we might want to change some settings. The most annoying thing with greylisting is that it impose a delay on the delivery of mails. I find the 5 minute delay that is default to be a little too long so I set it to 1 minute. If you wish you can change this by editing /etc/default/postgrey. Change the default :
Code:
POSTGREY_OPTS="--inet=127.0.0.1:60000"
to
Code:
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60"
However I would suggest changing the defaults only after you have verified that everything works as expected.

Now start the postgrey policyserver with :
Code:
/etc/init.d/postgrey start
The Postgrey policy service should now be up and running on port 60000. Let's configure Postfix to use Postgrey.

Configure Postfix

The Postfix configuration files are located in /etc/postfix. Edit /etc/postfix/main.cf and add check_policy_service inet:127.0.0.1:60000 to the smtpd_recipient_restrictions.
It should look something like this :
Code:
smtpd_recipient_restrictions = permit_sasl_authenticated,
                       permit_mynetworks,
                       reject_unauth_destination,
                       check_policy_service inet:127.0.0.1:60000
Now all we have to do is to reload the Postfix configuration with :
Code:
postfix reload
Simple and nice. Sit back and enjoy the absence of spam

//Erk

PS. This is really not a ISPC specific HowTo but I thought I would post it here first.

Last edited by erk; 27th June 2006 at 00:19.
Reply With Quote
The Following 2 Users Say Thank You to erk For This Useful Post:
SneakyWho_am_i (18th June 2008), Telesat (7th September 2007)
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 16:51.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.