Installing Milter-Greylist with GeoIP to control the spam

[Henrique Dias]

The Milter-Greylist is a milter to sendmail written in C that implements the greylist filtering system, as proposed by Evan Harris.
The page of project have a full explanation who the Greylisting work.

1 System requirements

- Sendmail that supports the milter interface
- Berkeley DB Library
- GeoIP C Library

2 Installing

To install milter-greylist, we need download the most recent stable release from ftp://ftp.espci.fr/pub/milter-greylist/

Code:

$ wget ftp://ftp.espci.fr/pub/milter-greylist/milter-greylist-3.1.8.tgz

But, first install the GeoIP C Library. Follow the instructions to install from this page.

If your system not have Berkeley DB library, please install.

Now, unpack and compile.

Code:

$ tar xvfz milter-greylist-3.1.8.tgz
$ cd milter-greylist-3.1.8

Check the documantation and the optional packages

Code:

$ more README
$ ./configure --help

Code:

$ ./configure --with-libGeoIP
$ make
$ sudo make install

3 Configuring

Edit the greylist.conf and take a look.

Code:

$ sudo nano -w /etc/mail/greylist.conf

Code:

pidfile "/var/run/milter-greylist.pid"
socket "/var/run/milter-greylist.sock"
dumpfile "/var/milter-greylist/greylist.db"
user "smmsp"

# Be verbose (or use -v flag)
#verbose

# Do not tell spammer how long they have to wait
quiet

# The geoipdb statement is used to specify the location of GeoIP database
geoipdb "/usr/share/GeoIP/GeoIP.dat"

# Your own network, which should not suffer greylisting
list "my network" addr { \
        127.0.0.1/8 \
        10.0.0.0/8 \
        192.0.2.0/24 \
}

list "yellow countries" geoip { \
        "BR" "CR" "DE" "FI" \
        "FR" "GB" "HU" "IL" \
}

list "red countries" geoip { \
        "CN" "HK" "KR" "RU" "TR" "TW" "UA" \
}

# And here is the access list
acl whitelist list "my network"

# Followed by an operator and a recipient count, this is used to select
# the amount of recipients
acl blacklist rcptcount >= 25 msg "No more than 25 recipients, please"

acl greylist list "yellow countries" delay 15m autowhite 3d
acl greylist list "red countries" delay 30m autowhite 3d

# During office hours from 9:00 to 18:00 from monday to friday (like crontab)
acl greylist time "* 9-18 * * 1-5" delay 5m autowhite 7d

acl greylist default delay 10m autowhite 7d

Test if the configuration is ok

Code:

$ sudo /usr/local/bin/milter-greylist -c

Start the milter

Code:

$ sudo /usr/local/bin/milter-greylist

Edit the /etc/mail/sendmail.mc file and add the lines below.

Code:

define(`_FFR_MILTER','1')dnl
dnl
dnl Greylist
dnl
INPUT_MAIL_FILTER(`greylist',`S=local:/var/run/milter-greylist.sock, F=T, T=S:4m;R:4m')dnl
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')dnl
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')dnl
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')dnl
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')dnl
dnl

Rebuild the sendmail.cf file

Code:

$ sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Restart the sendmail

Code:

$ sudo /etc/init.d/sendmail restart

Finally check the logs to verify if everything is fine.

Code:

$ sudo tail -f /var/log/mail.log

4 Links

http://projects.puremagic.com/greylisting/
http://hcpnet.free.fr/milter-greylist/
http://www.maxmind.com/download/geoip/api/c/

[falko]

Thanks a lot! Maybe you can contribute this to the main site ( http://www.howtoforge.com/add_howto ) so that I can publish it on the front page? If you don't have the time, I can do it for you. Just let me know.